# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 27.09.2021 13:45:47.357 Process: id = "1" image_name = "2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" page_root = "0x4a135000" os_pid = "0x13a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x640" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 126 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 127 start_va = 0x400000 end_va = 0x4dbfff monitored = 1 entry_point = 0x4bf602 region_type = mapped_file name = "2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe") Region: id = 128 start_va = 0x778f0000 end_va = 0x77a6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ffb28afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ffb28cc1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb28cc1000" filename = "" Region: id = 271 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 272 start_va = 0x657b0000 end_va = 0x65829fff monitored = 0 entry_point = 0x657c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 273 start_va = 0x65840000 end_va = 0x6588ffff monitored = 0 entry_point = 0x65858180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 274 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 275 start_va = 0x65830000 end_va = 0x65837fff monitored = 0 entry_point = 0x658317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 276 start_va = 0x4e0000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 277 start_va = 0x6cbd0000 end_va = 0x6cc28fff monitored = 1 entry_point = 0x6cbe0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 278 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x75e80000 end_va = 0x75ffdfff monitored = 0 entry_point = 0x75f31b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 280 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 281 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 282 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 283 start_va = 0x4e0000 end_va = 0x59dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 285 start_va = 0x74570000 end_va = 0x74601fff monitored = 0 entry_point = 0x745b0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 286 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 287 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 288 start_va = 0x77820000 end_va = 0x7789afff monitored = 0 entry_point = 0x7783e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 289 start_va = 0x75680000 end_va = 0x7573dfff monitored = 0 entry_point = 0x756b5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 290 start_va = 0x5a0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 291 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 292 start_va = 0x75740000 end_va = 0x75783fff monitored = 0 entry_point = 0x75759d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 293 start_va = 0x74b50000 end_va = 0x74bfcfff monitored = 0 entry_point = 0x74b64f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 294 start_va = 0x74620000 end_va = 0x7463dfff monitored = 0 entry_point = 0x7462b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 295 start_va = 0x74610000 end_va = 0x74619fff monitored = 0 entry_point = 0x74612a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 296 start_va = 0x74730000 end_va = 0x74787fff monitored = 0 entry_point = 0x747725c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 297 start_va = 0x840000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 298 start_va = 0x6cb50000 end_va = 0x6cbc8fff monitored = 1 entry_point = 0x6cb5f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 299 start_va = 0x75790000 end_va = 0x757d4fff monitored = 0 entry_point = 0x757ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 300 start_va = 0x754b0000 end_va = 0x7566cfff monitored = 0 entry_point = 0x75592a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 301 start_va = 0x758f0000 end_va = 0x75a3efff monitored = 0 entry_point = 0x759a6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 302 start_va = 0x74790000 end_va = 0x748d6fff monitored = 0 entry_point = 0x747a1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 303 start_va = 0x5e0000 end_va = 0x609fff monitored = 0 entry_point = 0x5e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 304 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 305 start_va = 0x75e50000 end_va = 0x75e7afff monitored = 0 entry_point = 0x75e55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 306 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 307 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 308 start_va = 0x840000 end_va = 0x917fff monitored = 1 entry_point = 0x8ff602 region_type = mapped_file name = "2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe") Region: id = 309 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 310 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 311 start_va = 0xc50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 312 start_va = 0x757e0000 end_va = 0x757ebfff monitored = 0 entry_point = 0x757e3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 313 start_va = 0x70130000 end_va = 0x70137fff monitored = 0 entry_point = 0x701317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 314 start_va = 0x6b2a0000 end_va = 0x6b950fff monitored = 1 entry_point = 0x6b2b5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 315 start_va = 0x6bde0000 end_va = 0x6bed4fff monitored = 0 entry_point = 0x6be34160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 316 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 317 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 318 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 319 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 320 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 321 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 322 start_va = 0x840000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 323 start_va = 0x850000 end_va = 0x850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 324 start_va = 0x860000 end_va = 0x860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 325 start_va = 0x2050000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 326 start_va = 0x870000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 327 start_va = 0x8a0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 328 start_va = 0x2110000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 329 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 330 start_va = 0x890000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 331 start_va = 0x2210000 end_va = 0x420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 332 start_va = 0x2050000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 333 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 334 start_va = 0x8e0000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 335 start_va = 0x4210000 end_va = 0x430ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 336 start_va = 0x4310000 end_va = 0x4646fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 337 start_va = 0x6a070000 end_va = 0x6b297fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 338 start_va = 0x75160000 end_va = 0x7524afff monitored = 0 entry_point = 0x7519d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 339 start_va = 0x4650000 end_va = 0x46e0fff monitored = 0 entry_point = 0x4688cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 340 start_va = 0x706d0000 end_va = 0x70744fff monitored = 0 entry_point = 0x70709a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 341 start_va = 0x4650000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 342 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 343 start_va = 0x6c1a0000 end_va = 0x6cb4bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 344 start_va = 0x69950000 end_va = 0x6a061fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 345 start_va = 0x60f20000 end_va = 0x612f3fff monitored = 1 entry_point = 0x612b21a2 region_type = mapped_file name = "system.data.entity.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Data.Entity\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.Entity.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.data.entity\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.entity.dll") Region: id = 346 start_va = 0x4650000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 347 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 348 start_va = 0x4730000 end_va = 0x4b03fff monitored = 1 entry_point = 0x4ac21a2 region_type = mapped_file name = "system.data.entity.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Data.Entity\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.Entity.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.data.entity\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.entity.dll") Region: id = 349 start_va = 0x880000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 350 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 351 start_va = 0x6c120000 end_va = 0x6c19dfff monitored = 1 entry_point = 0x6c121140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 352 start_va = 0x76150000 end_va = 0x761e1fff monitored = 0 entry_point = 0x76188cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 353 start_va = 0x4670000 end_va = 0x467ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 354 start_va = 0x6bf90000 end_va = 0x6c11cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 355 start_va = 0x68cf0000 end_va = 0x69948fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 356 start_va = 0x4680000 end_va = 0x468ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004680000" filename = "" Region: id = 357 start_va = 0x4690000 end_va = 0x4690fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004690000" filename = "" Region: id = 358 start_va = 0x4690000 end_va = 0x4691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004690000" filename = "" Region: id = 359 start_va = 0x4b10000 end_va = 0x4b9efff monitored = 0 entry_point = 0x4b1dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 360 start_va = 0x6bef0000 end_va = 0x6bf81fff monitored = 0 entry_point = 0x6befdd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 361 start_va = 0x4b10000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 362 start_va = 0x46a0000 end_va = 0x46a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046a0000" filename = "" Region: id = 363 start_va = 0x4b10000 end_va = 0x4bcbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b10000" filename = "" Region: id = 364 start_va = 0x4bf0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 365 start_va = 0x46a0000 end_va = 0x46a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046a0000" filename = "" Region: id = 366 start_va = 0x46b0000 end_va = 0x46b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 367 start_va = 0x4c00000 end_va = 0x4e0afff monitored = 0 entry_point = 0x4cab0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 368 start_va = 0x6f000000 end_va = 0x6f20efff monitored = 0 entry_point = 0x6f0ab0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 369 start_va = 0x46c0000 end_va = 0x46c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 370 start_va = 0x46d0000 end_va = 0x46d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046d0000" filename = "" Region: id = 371 start_va = 0x4c00000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 372 start_va = 0x701d0000 end_va = 0x701ecfff monitored = 0 entry_point = 0x701d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 373 start_va = 0x46c0000 end_va = 0x46cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 374 start_va = 0x46e0000 end_va = 0x46effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 375 start_va = 0x46e0000 end_va = 0x46effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 376 start_va = 0x46f0000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 377 start_va = 0x4700000 end_va = 0x470ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 378 start_va = 0x4710000 end_va = 0x471ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004710000" filename = "" Region: id = 379 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 380 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 381 start_va = 0x4c00000 end_va = 0x4c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 382 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 383 start_va = 0x4c10000 end_va = 0x4c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 384 start_va = 0x4c20000 end_va = 0x4c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c20000" filename = "" Region: id = 385 start_va = 0x4c30000 end_va = 0x4c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 386 start_va = 0x4c40000 end_va = 0x4c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 387 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 388 start_va = 0x4c60000 end_va = 0x4c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c60000" filename = "" Region: id = 389 start_va = 0x4c70000 end_va = 0x4c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c70000" filename = "" Region: id = 390 start_va = 0x4c80000 end_va = 0x4c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 391 start_va = 0x6bc70000 end_va = 0x6bddafff monitored = 0 entry_point = 0x6bcde360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 392 start_va = 0x46e0000 end_va = 0x470ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 393 start_va = 0x4c00000 end_va = 0x4c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 394 start_va = 0x4c40000 end_va = 0x4d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 395 start_va = 0x6d460000 end_va = 0x6d650fff monitored = 0 entry_point = 0x6d543cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 396 start_va = 0x76030000 end_va = 0x7614efff monitored = 0 entry_point = 0x76075980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 397 start_va = 0x4d70000 end_va = 0x4db8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 398 start_va = 0x46e0000 end_va = 0x46e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 399 start_va = 0x4700000 end_va = 0x470ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 400 start_va = 0x4dc0000 end_va = 0x5dbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 401 start_va = 0x46f0000 end_va = 0x46f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 402 start_va = 0x5dc0000 end_va = 0x5ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dc0000" filename = "" Region: id = 403 start_va = 0x5ec0000 end_va = 0x5fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 404 start_va = 0x5fc0000 end_va = 0x64b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005fc0000" filename = "" Region: id = 405 start_va = 0x64c0000 end_va = 0x657cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 406 start_va = 0x6580000 end_va = 0x697ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006580000" filename = "" Region: id = 407 start_va = 0x6980000 end_va = 0x79bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 408 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 409 start_va = 0x79c0000 end_va = 0x7a5bfff monitored = 1 entry_point = 0x7a4e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 410 start_va = 0x4710000 end_va = 0x4716fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004710000" filename = "" Region: id = 411 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 412 start_va = 0x7a60000 end_va = 0x7a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a60000" filename = "" Region: id = 413 start_va = 0x7aa0000 end_va = 0x7b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007aa0000" filename = "" Region: id = 414 start_va = 0x7ba0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ba0000" filename = "" Region: id = 415 start_va = 0x7be0000 end_va = 0x7cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007be0000" filename = "" Region: id = 416 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 417 start_va = 0x7ce0000 end_va = 0x7d41fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 418 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 419 start_va = 0x7d50000 end_va = 0x7dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d50000" filename = "" Region: id = 420 start_va = 0x6baf0000 end_va = 0x6bc62fff monitored = 0 entry_point = 0x6bb9d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 421 start_va = 0x7dd0000 end_va = 0x7e38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007dd0000" filename = "" Region: id = 422 start_va = 0x7e40000 end_va = 0x7e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e40000" filename = "" Region: id = 423 start_va = 0x7e40000 end_va = 0x7e4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e40000" filename = "" Region: id = 424 start_va = 0x7e50000 end_va = 0x7e5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e50000" filename = "" Region: id = 425 start_va = 0x7e60000 end_va = 0x7e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e60000" filename = "" Region: id = 426 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 427 start_va = 0x7e70000 end_va = 0x7ed7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e70000" filename = "" Region: id = 428 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 429 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 430 start_va = 0x7ee0000 end_va = 0x7eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ee0000" filename = "" Region: id = 431 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 432 start_va = 0x7ee0000 end_va = 0x7eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ee0000" filename = "" Region: id = 433 start_va = 0x7ef0000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ef0000" filename = "" Region: id = 434 start_va = 0x7f00000 end_va = 0x7f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 435 start_va = 0x7f10000 end_va = 0x7f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f10000" filename = "" Region: id = 436 start_va = 0x7f20000 end_va = 0x7f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f20000" filename = "" Region: id = 437 start_va = 0x7f30000 end_va = 0x7f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f30000" filename = "" Region: id = 438 start_va = 0x7f40000 end_va = 0x7f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f40000" filename = "" Region: id = 439 start_va = 0x7f50000 end_va = 0x7f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f50000" filename = "" Region: id = 440 start_va = 0x7f60000 end_va = 0x7f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f60000" filename = "" Region: id = 441 start_va = 0x7f70000 end_va = 0x7f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f70000" filename = "" Region: id = 442 start_va = 0x7f80000 end_va = 0x7f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f80000" filename = "" Region: id = 443 start_va = 0x7f90000 end_va = 0x7f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f90000" filename = "" Region: id = 444 start_va = 0x7fa0000 end_va = 0x7faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fa0000" filename = "" Region: id = 445 start_va = 0x7ee0000 end_va = 0x7fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ee0000" filename = "" Region: id = 446 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 447 start_va = 0x7fe0000 end_va = 0x7feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fe0000" filename = "" Region: id = 448 start_va = 0x7ff0000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ff0000" filename = "" Region: id = 449 start_va = 0x8000000 end_va = 0x800ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 450 start_va = 0x8010000 end_va = 0x801ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008010000" filename = "" Region: id = 451 start_va = 0x8020000 end_va = 0x802ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008020000" filename = "" Region: id = 452 start_va = 0x8030000 end_va = 0x803ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008030000" filename = "" Region: id = 453 start_va = 0x8040000 end_va = 0x804ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008040000" filename = "" Region: id = 454 start_va = 0x8050000 end_va = 0x805ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008050000" filename = "" Region: id = 455 start_va = 0x8060000 end_va = 0x806ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008060000" filename = "" Region: id = 456 start_va = 0x8070000 end_va = 0x807ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008070000" filename = "" Region: id = 457 start_va = 0x8080000 end_va = 0x808ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008080000" filename = "" Region: id = 458 start_va = 0x8090000 end_va = 0x809ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008090000" filename = "" Region: id = 459 start_va = 0x80a0000 end_va = 0x80affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080a0000" filename = "" Region: id = 460 start_va = 0x80b0000 end_va = 0x80bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080b0000" filename = "" Region: id = 461 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 462 start_va = 0x7fe0000 end_va = 0x801cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007fe0000" filename = "" Region: id = 463 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 464 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 465 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 466 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 467 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 468 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 469 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 470 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 471 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 472 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 473 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 474 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 475 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 476 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 477 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 478 start_va = 0x8020000 end_va = 0x802ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008020000" filename = "" Region: id = 479 start_va = 0x8030000 end_va = 0x803ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008030000" filename = "" Region: id = 480 start_va = 0x8040000 end_va = 0x804ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008040000" filename = "" Region: id = 481 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 512 start_va = 0x8020000 end_va = 0x805ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008020000" filename = "" Region: id = 513 start_va = 0x80c0000 end_va = 0x81bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080c0000" filename = "" Region: id = 538 start_va = 0x7dd0000 end_va = 0x7e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007dd0000" filename = "" Region: id = 539 start_va = 0x81c0000 end_va = 0x82bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000081c0000" filename = "" Thread: id = 1 os_tid = 0x1244 [0112.756] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0113.621] RoInitialize () returned 0x1 [0113.621] RoUninitialize () returned 0x0 [0120.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0120.801] IsAppThemed () returned 0x1 [0120.807] CoTaskMemAlloc (cb=0xf0) returned 0x699db0 [0120.808] CreateActCtxA (pActCtx=0x19f414) returned 0x699fa4 [0121.063] CoTaskMemFree (pv=0x699db0) [0121.081] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1dc [0121.081] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1dd [0121.109] GetSystemMetrics (nIndex=75) returned 1 [0121.115] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0121.917] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6bef0000 [0121.990] AdjustWindowRectEx (in: lpRect=0x19f474, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19f474) returned 1 [0121.994] GetCurrentProcess () returned 0xffffffff [0121.995] GetCurrentThread () returned 0xfffffffe [0121.995] GetCurrentProcess () returned 0xffffffff [0121.995] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f38c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f38c*=0x268) returned 1 [0121.998] GetCurrentThreadId () returned 0x1244 [0122.031] GetCurrentActCtx (in: lphActCtx=0x19f2ec | out: lphActCtx=0x19f2ec*=0x0) returned 1 [0122.032] ActivateActCtx (in: hActCtx=0x699fa4, lpCookie=0x19f2fc | out: hActCtx=0x699fa4, lpCookie=0x19f2fc) returned 1 [0122.032] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0123.260] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6f000000 [0123.279] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74790000 [0123.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f1b4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWîhr\x8aÊ\x19 «*khö\x19", lpUsedDefaultChar=0x0) returned 14 [0123.280] GetProcAddress (hModule=0x74790000, lpProcName="DefWindowProcW") returned 0x745a07e0 [0123.281] GetStockObject (i=5) returned 0x1900015 [0123.301] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0123.307] CoTaskMemAlloc (cb=0x5c) returned 0x6ac678 [0123.307] RegisterClassW (lpWndClass=0x19f1a4) returned 0xc1d8 [0123.332] CoTaskMemFree (pv=0x6ac678) [0123.333] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0123.333] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x9022a [0123.335] SetWindowLongW (hWnd=0x9022a, nIndex=-4, dwNewLong=1952057312) returned 81135038 [0123.338] GetWindowLongW (hWnd=0x9022a, nIndex=-4) returned 1952057312 [0123.345] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea04 | out: phkResult=0x19ea04*=0x290) returned 0x0 [0123.346] RegQueryValueExW (in: hKey=0x290, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19ea24, lpData=0x0, lpcbData=0x19ea20*=0x0 | out: lpType=0x19ea24*=0x0, lpData=0x0, lpcbData=0x19ea20*=0x0) returned 0x2 [0123.346] RegQueryValueExW (in: hKey=0x290, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19ea24, lpData=0x0, lpcbData=0x19ea20*=0x0 | out: lpType=0x19ea24*=0x0, lpData=0x0, lpcbData=0x19ea20*=0x0) returned 0x2 [0123.346] RegCloseKey (hKey=0x290) returned 0x0 [0123.349] SetWindowLongW (hWnd=0x9022a, nIndex=-4, dwNewLong=81135078) returned 1952057312 [0123.349] GetWindowLongW (hWnd=0x9022a, nIndex=-4) returned 81135078 [0123.349] GetWindowLongW (hWnd=0x9022a, nIndex=-16) returned 113311744 [0123.351] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1b9 [0123.355] CallWindowProcW (lpPrevWndFunc=0x745a07e0, hWnd=0x9022a, Msg=0x24, wParam=0x0, lParam=0x19ed1c) returned 0x0 [0123.355] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc172 [0123.355] CallWindowProcW (lpPrevWndFunc=0x745a07e0, hWnd=0x9022a, Msg=0x81, wParam=0x0, lParam=0x19ed10) returned 0x1 [0123.356] CallWindowProcW (lpPrevWndFunc=0x745a07e0, hWnd=0x9022a, Msg=0x83, wParam=0x0, lParam=0x19ecfc) returned 0x0 [0123.667] CallWindowProcW (lpPrevWndFunc=0x745a07e0, hWnd=0x9022a, Msg=0x1, wParam=0x0, lParam=0x19ed10) returned 0x0 [0123.668] GetClientRect (in: hWnd=0x9022a, lpRect=0x19ea3c | out: lpRect=0x19ea3c) returned 1 [0123.668] GetWindowRect (in: hWnd=0x9022a, lpRect=0x19ea3c | out: lpRect=0x19ea3c) returned 1 [0123.670] GetParent (hWnd=0x9022a) returned 0x0 [0123.670] DeactivateActCtx (dwFlags=0x0, ulCookie=0x120e0001) returned 1 [0124.178] EtwEventRegister (in: ProviderId=0x222a888, EnableCallback=0x4d6060e, CallbackContext=0x0, RegHandle=0x222a864 | out: RegHandle=0x222a864) returned 0x0 [0124.182] EtwEventSetInformation (RegHandle=0x687590, InformationClass=0x28, EventInformation=0x2, InformationLength=0x222a7f8) returned 0x0 [0124.191] GetSystemDefaultLCID () returned 0x409 [0124.191] GetStockObject (i=17) returned 0x10a0047 [0124.194] GetObjectW (in: h=0x10a0047, c=92, pv=0x19ea7c | out: pv=0x19ea7c) returned 92 [0124.196] GetDC (hWnd=0x0) returned 0x401018d [0124.971] GdiplusStartup (in: token=0x62b4d0, input=0x19e040, output=0x19e090 | out: token=0x62b4d0, output=0x19e090) returned 0x0 [0124.995] CoTaskMemAlloc (cb=0x5c) returned 0x6aca20 [0124.997] GdipCreateFontFromLogfontW (hdc=0x401018d, logfont=0x6aca20, font=0x19eb44) returned 0x0 [0126.466] CoTaskMemFree (pv=0x6aca20) [0126.468] CoTaskMemAlloc (cb=0x5c) returned 0x6acaf0 [0126.469] CoTaskMemFree (pv=0x6acaf0) [0126.469] CoTaskMemAlloc (cb=0x5c) returned 0x6ac748 [0126.469] CoTaskMemFree (pv=0x6ac748) [0126.469] GdipGetFontUnit (font=0x4701f08, unit=0x19eb10) returned 0x0 [0126.470] GdipGetFontSize (font=0x4701f08, size=0x19eb14) returned 0x0 [0126.470] GdipGetFontStyle (font=0x4701f08, style=0x19eb0c) returned 0x0 [0126.470] GdipGetFamily (font=0x4701f08, family=0x19eb08) returned 0x0 [0126.471] GdipGetFontSize (font=0x4701f08, size=0x222b1b4) returned 0x0 [0126.472] ReleaseDC (hWnd=0x0, hDC=0x401018d) returned 1 [0126.472] GetDC (hWnd=0x0) returned 0x200106a4 [0126.472] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19eb30) returned 0x0 [0126.481] GdipGetDpiY (graphics=0x5ecf268, dpi=0x222b2bc) returned 0x0 [0126.481] GdipGetFontHeight (font=0x4701f08, graphics=0x5ecf268, height=0x19eb28) returned 0x0 [0126.481] GdipGetEmHeight (family=0x5ec41d8, style=0, EmHeight=0x19eb30) returned 0x0 [0126.482] GdipGetLineSpacing (family=0x5ec41d8, style=0, LineSpacing=0x19eb30) returned 0x0 [0126.482] GdipDeleteGraphics (graphics=0x5ecf268) returned 0x0 [0126.483] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.497] GdipCreateFont (fontFamily=0x5ec41d8, emSize=0x41040000, style=0, unit=0x3, font=0x222b27c) returned 0x0 [0126.497] GdipGetFontSize (font=0x470efc0, size=0x222b280) returned 0x0 [0126.497] GdipDeleteFont (font=0x4701f08) returned 0x0 [0126.497] GetDC (hWnd=0x0) returned 0x200106a4 [0126.497] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19eb98) returned 0x0 [0126.498] GdipGetFontHeight (font=0x470efc0, graphics=0x5ecf268, height=0x19eb90) returned 0x0 [0126.498] GdipDeleteGraphics (graphics=0x5ecf268) returned 0x0 [0126.498] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.500] GetSystemMetrics (nIndex=5) returned 1 [0126.500] GetSystemMetrics (nIndex=6) returned 1 [0126.501] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.502] AdjustWindowRectEx (in: lpRect=0x19ecc0, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ecc0) returned 1 [0126.518] GetProcessWindowStation () returned 0xf0 [0126.520] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x222b7d4, nLength=0xc, lpnLengthNeeded=0x19e55c | out: pvInfo=0x222b7d4, lpnLengthNeeded=0x19e55c) returned 1 [0126.524] SetConsoleCtrlHandler (HandlerRoutine=0x4d60636, Add=1) returned 1 [0126.525] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0126.525] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0126.527] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x222b838 | out: lpWndClass=0x222b838) returned 0 [0126.529] CoTaskMemAlloc (cb=0x58) returned 0x691598 [0126.529] RegisterClassW (lpWndClass=0x19e4ac) returned 0xc171 [0126.530] CoTaskMemFree (pv=0x691598) [0126.531] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20362 [0126.532] NtdllDefWindowProc_W (hWnd=0x20362, Msg=0x81, wParam=0x0, lParam=0x19dfe8) returned 0x1 [0126.535] NtdllDefWindowProc_W (hWnd=0x20362, Msg=0x83, wParam=0x0, lParam=0x19dfd4) returned 0x0 [0126.535] NtdllDefWindowProc_W (hWnd=0x20362, Msg=0x1, wParam=0x0, lParam=0x19dfe8) returned 0x0 [0126.536] NtdllDefWindowProc_W (hWnd=0x20362, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0126.536] NtdllDefWindowProc_W (hWnd=0x20362, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0126.549] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x1f4, pvParam=0x19ea38, fWinIni=0x0 | out: pvParam=0x19ea38) returned 1 [0126.549] GetDC (hWnd=0x0) returned 0x200106a4 [0126.549] CoTaskMemAlloc (cb=0x5c) returned 0x6acc28 [0126.550] GdipCreateFontFromLogfontW (hdc=0x200106a4, logfont=0x6acc28, font=0x19ec40) returned 0x0 [0126.556] CoTaskMemFree (pv=0x6acc28) [0126.556] CoTaskMemAlloc (cb=0x5c) returned 0x6aca20 [0126.556] CoTaskMemFree (pv=0x6aca20) [0126.556] CoTaskMemAlloc (cb=0x5c) returned 0x6ac748 [0126.556] CoTaskMemFree (pv=0x6ac748) [0126.556] GdipGetFontUnit (font=0x4701f08, unit=0x19ec0c) returned 0x0 [0126.557] GdipGetFontSize (font=0x4701f08, size=0x19ec10) returned 0x0 [0126.557] GdipGetFontStyle (font=0x4701f08, style=0x19ec08) returned 0x0 [0126.557] GdipGetFamily (font=0x4701f08, family=0x19ec04) returned 0x0 [0126.557] GdipGetFontSize (font=0x4701f08, size=0x222bf28) returned 0x0 [0126.557] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.557] GetDC (hWnd=0x0) returned 0x200106a4 [0126.557] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19ec24) returned 0x0 [0126.557] GdipGetDpiY (graphics=0x5ecf3b8, dpi=0x222c030) returned 0x0 [0126.558] GdipGetFontHeight (font=0x4701f08, graphics=0x5ecf3b8, height=0x19ec1c) returned 0x0 [0126.558] GdipGetEmHeight (family=0x5ec7cc0, style=0, EmHeight=0x19ec24) returned 0x0 [0126.558] GdipGetLineSpacing (family=0x5ec7cc0, style=0, LineSpacing=0x19ec24) returned 0x0 [0126.558] GdipDeleteGraphics (graphics=0x5ecf3b8) returned 0x0 [0126.558] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.558] GdipCreateFont (fontFamily=0x5ec7cc0, emSize=0x41100000, style=0, unit=0x3, font=0x222bff0) returned 0x0 [0126.558] GdipGetFontSize (font=0x5ecb080, size=0x222bff4) returned 0x0 [0126.562] GetDC (hWnd=0x0) returned 0x200106a4 [0126.562] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19ec50) returned 0x0 [0126.563] GdipGetFontHeight (font=0x5ecb080, graphics=0x5ecf3b8, height=0x19ec48) returned 0x0 [0126.563] GdipDeleteGraphics (graphics=0x5ecf3b8) returned 0x0 [0126.563] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.566] GetDC (hWnd=0x0) returned 0x200106a4 [0126.566] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19ebe0) returned 0x0 [0126.566] GdipGetFontHeight (font=0x5ecb080, graphics=0x5ecf3b8, height=0x19ebd8) returned 0x0 [0126.566] GdipDeleteGraphics (graphics=0x5ecf3b8) returned 0x0 [0126.566] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.566] GetSystemMetrics (nIndex=5) returned 1 [0126.566] GetSystemMetrics (nIndex=6) returned 1 [0126.566] GetSystemMetrics (nIndex=5) returned 1 [0126.567] GetSystemMetrics (nIndex=6) returned 1 [0126.567] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.568] AdjustWindowRectEx (in: lpRect=0x19eba4, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eba4) returned 1 [0126.573] GetSystemMetrics (nIndex=5) returned 1 [0126.573] GetSystemMetrics (nIndex=6) returned 1 [0126.581] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.581] AdjustWindowRectEx (in: lpRect=0x19ece0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ece0) returned 1 [0126.581] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.581] AdjustWindowRectEx (in: lpRect=0x19ece0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ece0) returned 1 [0126.582] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.582] AdjustWindowRectEx (in: lpRect=0x19ece0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ece0) returned 1 [0126.582] GetDC (hWnd=0x0) returned 0x200106a4 [0126.582] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19ebb8) returned 0x0 [0126.582] GdipGetFontHeight (font=0x470efc0, graphics=0x5ecf3b8, height=0x19ebb0) returned 0x0 [0126.582] GdipDeleteGraphics (graphics=0x5ecf3b8) returned 0x0 [0126.583] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.583] GetSystemMetrics (nIndex=5) returned 1 [0126.583] GetSystemMetrics (nIndex=6) returned 1 [0126.583] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.583] AdjustWindowRectEx (in: lpRect=0x19ece0, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ece0) returned 1 [0126.585] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.586] AdjustWindowRectEx (in: lpRect=0x19ece4, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ece4) returned 1 [0126.586] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.586] AdjustWindowRectEx (in: lpRect=0x19ece4, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ece4) returned 1 [0126.586] GetDC (hWnd=0x0) returned 0x200106a4 [0126.586] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19ebb8) returned 0x0 [0126.587] GdipGetFontHeight (font=0x470efc0, graphics=0x5ecf3b8, height=0x19ebb0) returned 0x0 [0126.587] GdipDeleteGraphics (graphics=0x5ecf3b8) returned 0x0 [0126.587] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.587] GetSystemMetrics (nIndex=5) returned 1 [0126.587] GetSystemMetrics (nIndex=6) returned 1 [0126.587] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.587] AdjustWindowRectEx (in: lpRect=0x19ece0, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ece0) returned 1 [0126.588] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.588] AdjustWindowRectEx (in: lpRect=0x19ece0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ece0) returned 1 [0126.588] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.588] AdjustWindowRectEx (in: lpRect=0x19ece4, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ece4) returned 1 [0126.588] GetDC (hWnd=0x0) returned 0x200106a4 [0126.588] GdipCreateFromHDC (hdc=0x200106a4, graphics=0x19eb28) returned 0x0 [0126.589] GdipGetFontHeight (font=0x470efc0, graphics=0x5ecf3b8, height=0x19eb20) returned 0x0 [0126.589] GdipDeleteGraphics (graphics=0x5ecf3b8) returned 0x0 [0126.589] ReleaseDC (hWnd=0x0, hDC=0x200106a4) returned 1 [0126.606] GdipGetFamilyName (in: family=0x5ec41d8, name=0x19ea34, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0126.613] CreateCompatibleDC (hdc=0x0) returned 0x9201098d [0126.615] GetCurrentObject (hdc=0x9201098d, type=0x1) returned 0x1b00017 [0126.615] GetCurrentObject (hdc=0x9201098d, type=0x2) returned 0x1900010 [0126.615] GetCurrentObject (hdc=0x9201098d, type=0x7) returned 0x185000f [0126.615] GetCurrentObject (hdc=0x9201098d, type=0x6) returned 0x18a0048 [0126.617] SaveDC (hdc=0x9201098d) returned 1 [0126.618] GetDeviceCaps (hdc=0x9201098d, index=90) returned 96 [0126.619] CoTaskMemAlloc (cb=0x5c) returned 0x6ac6e0 [0126.619] CreateFontIndirectW (lplf=0x6ac6e0) returned 0x520a093a [0126.619] CoTaskMemFree (pv=0x6ac6e0) [0126.620] GetObjectW (in: h=0x520a093a, c=92, pv=0x19ea0c | out: pv=0x19ea0c) returned 92 [0126.621] GetCurrentObject (hdc=0x9201098d, type=0x6) returned 0x18a0048 [0126.621] GetObjectW (in: h=0x18a0048, c=92, pv=0x19e964 | out: pv=0x19e964) returned 92 [0126.621] SelectObject (hdc=0x9201098d, h=0x520a093a) returned 0x18a0048 [0126.621] GetMapMode (hdc=0x9201098d) returned 1 [0126.622] GetTextMetricsW (in: hdc=0x9201098d, lptm=0x19ea18 | out: lptm=0x19ea18) returned 1 [0126.623] DrawTextExW (in: hdc=0x9201098d, lpchText="j^", cchText=2, lprc=0x19eb2c, format=0x420, lpdtp=0x222e714 | out: lpchText="j^", lprc=0x19eb2c) returned 13 [0126.748] GetSystemMetrics (nIndex=5) returned 1 [0126.748] GetSystemMetrics (nIndex=6) returned 1 [0126.748] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6bef0000 [0126.749] DrawTextExW (in: hdc=0x9201098d, lpchText="j^", cchText=2, lprc=0x19eb24, format=0x420, lpdtp=0x222e830 | out: lpchText="j^", lprc=0x19eb24) returned 13 [0126.749] GetSystemMetrics (nIndex=5) returned 1 [0126.749] GetSystemMetrics (nIndex=6) returned 1 [0126.749] AdjustWindowRectEx (in: lpRect=0x19ece8, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ece8) returned 1 [0127.328] GetLastError () returned 0x0 [0161.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", nBufferLength=0x105, lpBuffer=0x19e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", lpFilePart=0x0) returned 0x69 [0161.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e4f0) returned 1 [0161.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e56c | out: lpFileInformation=0x19e56c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0161.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e4ec) returned 1 [0162.097] GdipLoadImageFromStream (stream=0x4bd0030, image=0x19e1e0) returned 0x0 [0162.587] GdipImageForceValidation (image=0x5ecf3b8) returned 0x0 [0162.640] GdipGetImageType (image=0x5ecf3b8, type=0x19e1dc) returned 0x0 [0162.640] GdipGetImageRawFormat (image=0x5ecf3b8, format=0x19e15c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0162.945] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e738) returned 0x0 [0162.947] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.947] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.948] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=0, color=0x19e724) returned 0x0 [0162.956] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.956] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.956] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=1, color=0x19e724) returned 0x0 [0162.956] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.956] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.956] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=2, color=0x19e724) returned 0x0 [0162.956] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.956] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.956] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=3, color=0x19e724) returned 0x0 [0162.957] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.957] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.957] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=4, color=0x19e724) returned 0x0 [0162.957] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.957] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.957] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=5, color=0x19e724) returned 0x0 [0162.957] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.957] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.957] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=6, color=0x19e724) returned 0x0 [0162.957] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.957] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.957] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=7, color=0x19e724) returned 0x0 [0162.957] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.957] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.958] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=8, color=0x19e724) returned 0x0 [0162.958] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.958] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.958] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=9, color=0x19e724) returned 0x0 [0162.958] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.958] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.958] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=10, color=0x19e724) returned 0x0 [0162.958] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.958] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.958] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=11, color=0x19e724) returned 0x0 [0162.959] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.959] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.959] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=12, color=0x19e724) returned 0x0 [0162.959] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.959] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.959] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=13, color=0x19e724) returned 0x0 [0162.959] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.959] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.959] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=14, color=0x19e724) returned 0x0 [0162.959] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.960] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.960] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=15, color=0x19e724) returned 0x0 [0162.960] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.960] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.960] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=16, color=0x19e724) returned 0x0 [0162.960] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.960] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.960] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=17, color=0x19e724) returned 0x0 [0162.960] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.960] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.960] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=18, color=0x19e724) returned 0x0 [0162.960] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.960] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.960] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=19, color=0x19e724) returned 0x0 [0162.961] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.961] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.961] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=20, color=0x19e724) returned 0x0 [0162.961] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.961] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.961] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=21, color=0x19e724) returned 0x0 [0162.961] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.961] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.961] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=22, color=0x19e724) returned 0x0 [0162.961] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.961] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.962] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=23, color=0x19e724) returned 0x0 [0162.962] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.962] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.962] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=24, color=0x19e724) returned 0x0 [0162.962] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.962] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.962] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=25, color=0x19e724) returned 0x0 [0162.962] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.962] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.962] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=26, color=0x19e724) returned 0x0 [0162.962] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.962] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.962] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=27, color=0x19e724) returned 0x0 [0162.962] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.963] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.963] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=28, color=0x19e724) returned 0x0 [0162.963] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.963] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.963] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=29, color=0x19e724) returned 0x0 [0162.963] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.963] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.963] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=30, color=0x19e724) returned 0x0 [0162.963] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.963] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.963] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=31, color=0x19e724) returned 0x0 [0162.964] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.964] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.964] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=32, color=0x19e724) returned 0x0 [0162.964] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.964] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.964] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=33, color=0x19e724) returned 0x0 [0162.964] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.964] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.964] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=34, color=0x19e724) returned 0x0 [0162.964] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.964] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.964] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=35, color=0x19e724) returned 0x0 [0162.964] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.964] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.965] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=36, color=0x19e724) returned 0x0 [0162.965] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.965] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.965] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=37, color=0x19e724) returned 0x0 [0162.965] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.965] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.965] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=38, color=0x19e724) returned 0x0 [0162.965] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.965] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.965] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=39, color=0x19e724) returned 0x0 [0162.965] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.965] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.965] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=40, color=0x19e724) returned 0x0 [0162.965] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.966] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.966] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=41, color=0x19e724) returned 0x0 [0162.966] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.966] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.966] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=42, color=0x19e724) returned 0x0 [0162.966] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.966] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.966] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=43, color=0x19e724) returned 0x0 [0162.966] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.966] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.966] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=44, color=0x19e724) returned 0x0 [0162.966] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.966] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.966] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=45, color=0x19e724) returned 0x0 [0162.967] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.967] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.967] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=46, color=0x19e724) returned 0x0 [0162.967] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.967] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.967] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=47, color=0x19e724) returned 0x0 [0162.967] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.967] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.967] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=48, color=0x19e724) returned 0x0 [0162.967] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.967] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.967] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=49, color=0x19e724) returned 0x0 [0162.967] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.967] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.968] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=50, color=0x19e724) returned 0x0 [0162.968] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.968] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.968] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=51, color=0x19e724) returned 0x0 [0162.968] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.968] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.968] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=52, color=0x19e724) returned 0x0 [0162.968] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.968] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.968] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=53, color=0x19e724) returned 0x0 [0162.968] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.968] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.969] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=54, color=0x19e724) returned 0x0 [0162.969] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.969] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.969] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=55, color=0x19e724) returned 0x0 [0162.969] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.969] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.969] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=56, color=0x19e724) returned 0x0 [0162.969] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.969] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.969] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=57, color=0x19e724) returned 0x0 [0162.969] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.969] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.969] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=58, color=0x19e724) returned 0x0 [0162.969] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.970] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.970] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=59, color=0x19e724) returned 0x0 [0162.970] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.970] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.970] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=60, color=0x19e724) returned 0x0 [0162.970] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.970] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.970] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=61, color=0x19e724) returned 0x0 [0162.970] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.970] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.970] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=62, color=0x19e724) returned 0x0 [0162.970] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.971] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.971] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=63, color=0x19e724) returned 0x0 [0162.971] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.971] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.971] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=64, color=0x19e724) returned 0x0 [0162.971] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.971] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.971] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=65, color=0x19e724) returned 0x0 [0162.971] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.971] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.971] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=66, color=0x19e724) returned 0x0 [0162.972] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.972] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.972] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=67, color=0x19e724) returned 0x0 [0162.972] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.974] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.974] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=68, color=0x19e724) returned 0x0 [0162.974] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.974] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.974] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=69, color=0x19e724) returned 0x0 [0162.974] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.974] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.974] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=70, color=0x19e724) returned 0x0 [0162.974] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.974] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.974] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=71, color=0x19e724) returned 0x0 [0162.975] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.975] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.975] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=72, color=0x19e724) returned 0x0 [0162.975] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.975] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.975] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=73, color=0x19e724) returned 0x0 [0162.975] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.975] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.975] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=74, color=0x19e724) returned 0x0 [0162.975] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.975] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.975] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=75, color=0x19e724) returned 0x0 [0162.975] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.975] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.976] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=76, color=0x19e724) returned 0x0 [0162.976] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.976] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.976] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=77, color=0x19e724) returned 0x0 [0162.976] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.976] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.976] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=78, color=0x19e724) returned 0x0 [0162.976] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.976] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.976] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=79, color=0x19e724) returned 0x0 [0162.976] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.976] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.976] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=80, color=0x19e724) returned 0x0 [0162.977] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.977] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.977] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=81, color=0x19e724) returned 0x0 [0162.977] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.977] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.977] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=82, color=0x19e724) returned 0x0 [0162.977] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.977] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.977] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=83, color=0x19e724) returned 0x0 [0162.977] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.977] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.977] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=84, color=0x19e724) returned 0x0 [0162.977] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.977] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.977] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=85, color=0x19e724) returned 0x0 [0162.978] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.978] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.978] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=86, color=0x19e724) returned 0x0 [0162.978] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.978] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.978] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=87, color=0x19e724) returned 0x0 [0162.978] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.978] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.978] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=88, color=0x19e724) returned 0x0 [0162.978] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.978] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.978] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=89, color=0x19e724) returned 0x0 [0162.978] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.978] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.978] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=90, color=0x19e724) returned 0x0 [0162.978] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.979] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.979] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=91, color=0x19e724) returned 0x0 [0162.979] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.979] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.979] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=92, color=0x19e724) returned 0x0 [0162.979] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.979] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.979] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=93, color=0x19e724) returned 0x0 [0162.979] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.979] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.979] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=94, color=0x19e724) returned 0x0 [0162.979] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.979] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.979] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=95, color=0x19e724) returned 0x0 [0162.979] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.979] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.980] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=96, color=0x19e724) returned 0x0 [0162.980] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.980] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.980] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=97, color=0x19e724) returned 0x0 [0162.980] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.980] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.980] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=98, color=0x19e724) returned 0x0 [0162.980] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.980] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.980] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=99, color=0x19e724) returned 0x0 [0162.980] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.980] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.980] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=100, color=0x19e724) returned 0x0 [0162.980] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.980] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.980] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=101, color=0x19e724) returned 0x0 [0162.981] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.981] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.981] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=102, color=0x19e724) returned 0x0 [0162.981] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.981] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.981] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=103, color=0x19e724) returned 0x0 [0162.981] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.981] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.981] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=104, color=0x19e724) returned 0x0 [0162.981] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.981] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.981] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=105, color=0x19e724) returned 0x0 [0162.981] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.982] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.982] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=106, color=0x19e724) returned 0x0 [0162.982] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.982] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.982] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=107, color=0x19e724) returned 0x0 [0162.982] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.982] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.982] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=108, color=0x19e724) returned 0x0 [0162.982] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.982] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.982] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=109, color=0x19e724) returned 0x0 [0162.982] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.982] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.982] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=110, color=0x19e724) returned 0x0 [0162.983] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.983] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.983] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=111, color=0x19e724) returned 0x0 [0162.983] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.983] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.983] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=112, color=0x19e724) returned 0x0 [0162.983] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.983] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.983] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=113, color=0x19e724) returned 0x0 [0162.983] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.983] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.983] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=114, color=0x19e724) returned 0x0 [0162.983] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.983] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.983] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=115, color=0x19e724) returned 0x0 [0162.984] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.984] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.984] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=116, color=0x19e724) returned 0x0 [0162.984] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.984] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.984] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=117, color=0x19e724) returned 0x0 [0162.984] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.984] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.984] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=118, color=0x19e724) returned 0x0 [0162.984] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.984] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.984] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=119, color=0x19e724) returned 0x0 [0162.984] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.985] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.985] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=120, color=0x19e724) returned 0x0 [0162.985] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.985] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.985] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=121, color=0x19e724) returned 0x0 [0162.985] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.985] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.985] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=122, color=0x19e724) returned 0x0 [0162.985] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.985] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.985] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=123, color=0x19e724) returned 0x0 [0162.985] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.985] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.985] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=124, color=0x19e724) returned 0x0 [0162.985] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.985] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.985] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=125, color=0x19e724) returned 0x0 [0162.986] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.986] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.986] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=126, color=0x19e724) returned 0x0 [0162.986] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.986] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.986] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=127, color=0x19e724) returned 0x0 [0162.986] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.986] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.986] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=128, color=0x19e724) returned 0x0 [0162.986] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.987] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.987] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=129, color=0x19e724) returned 0x0 [0162.987] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.987] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.987] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=130, color=0x19e724) returned 0x0 [0162.987] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.987] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.987] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=131, color=0x19e724) returned 0x0 [0162.987] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.987] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.987] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=132, color=0x19e724) returned 0x0 [0162.987] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.987] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.987] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=133, color=0x19e724) returned 0x0 [0162.988] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.988] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.988] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=134, color=0x19e724) returned 0x0 [0162.988] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.988] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.988] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=135, color=0x19e724) returned 0x0 [0162.988] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.988] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.988] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=136, color=0x19e724) returned 0x0 [0162.988] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.988] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.988] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=137, color=0x19e724) returned 0x0 [0162.988] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.988] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.988] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=138, color=0x19e724) returned 0x0 [0162.988] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.988] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.989] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=139, color=0x19e724) returned 0x0 [0162.989] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.989] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.989] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=140, color=0x19e724) returned 0x0 [0162.989] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.989] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.989] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=141, color=0x19e724) returned 0x0 [0162.989] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.989] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.989] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=142, color=0x19e724) returned 0x0 [0162.989] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.989] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.989] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=143, color=0x19e724) returned 0x0 [0162.989] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.989] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.990] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=144, color=0x19e724) returned 0x0 [0162.990] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.990] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.990] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=145, color=0x19e724) returned 0x0 [0162.990] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.990] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.990] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=146, color=0x19e724) returned 0x0 [0162.990] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.990] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.990] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=147, color=0x19e724) returned 0x0 [0162.990] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.990] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.990] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=148, color=0x19e724) returned 0x0 [0162.990] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.990] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.990] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=149, color=0x19e724) returned 0x0 [0162.990] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.991] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.991] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=150, color=0x19e724) returned 0x0 [0162.991] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.991] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.991] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=151, color=0x19e724) returned 0x0 [0162.991] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.991] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.991] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=152, color=0x19e724) returned 0x0 [0162.991] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.991] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.991] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=153, color=0x19e724) returned 0x0 [0162.991] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.991] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.991] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=154, color=0x19e724) returned 0x0 [0162.991] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.991] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.992] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=155, color=0x19e724) returned 0x0 [0162.992] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.992] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.992] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=156, color=0x19e724) returned 0x0 [0162.992] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.994] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.994] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=157, color=0x19e724) returned 0x0 [0162.994] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.994] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.994] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=158, color=0x19e724) returned 0x0 [0162.994] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.994] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.994] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=159, color=0x19e724) returned 0x0 [0162.994] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.994] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.994] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=160, color=0x19e724) returned 0x0 [0162.994] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.994] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.994] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=161, color=0x19e724) returned 0x0 [0162.995] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.995] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.995] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=162, color=0x19e724) returned 0x0 [0162.995] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.995] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.995] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=163, color=0x19e724) returned 0x0 [0162.995] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.995] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.995] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=164, color=0x19e724) returned 0x0 [0162.995] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.995] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.995] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=165, color=0x19e724) returned 0x0 [0162.995] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.995] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.995] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=166, color=0x19e724) returned 0x0 [0162.995] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.996] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.996] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=167, color=0x19e724) returned 0x0 [0162.996] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.996] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.996] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=168, color=0x19e724) returned 0x0 [0162.996] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.996] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.996] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=169, color=0x19e724) returned 0x0 [0162.996] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.996] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.996] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=170, color=0x19e724) returned 0x0 [0162.996] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.996] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.996] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=171, color=0x19e724) returned 0x0 [0162.997] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.997] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.997] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=172, color=0x19e724) returned 0x0 [0162.997] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.997] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.997] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=173, color=0x19e724) returned 0x0 [0162.997] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.997] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.997] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=174, color=0x19e724) returned 0x0 [0162.997] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.997] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.997] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=175, color=0x19e724) returned 0x0 [0162.997] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.997] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.997] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=176, color=0x19e724) returned 0x0 [0162.997] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.998] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.998] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=177, color=0x19e724) returned 0x0 [0162.998] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.998] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.998] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=178, color=0x19e724) returned 0x0 [0162.998] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.998] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.998] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=179, color=0x19e724) returned 0x0 [0162.998] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.998] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.998] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=180, color=0x19e724) returned 0x0 [0162.998] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.998] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.998] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=181, color=0x19e724) returned 0x0 [0162.998] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.998] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.999] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=182, color=0x19e724) returned 0x0 [0162.999] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.999] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.999] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=183, color=0x19e724) returned 0x0 [0162.999] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.999] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.999] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=184, color=0x19e724) returned 0x0 [0162.999] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.999] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.999] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=185, color=0x19e724) returned 0x0 [0162.999] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.999] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.999] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=186, color=0x19e724) returned 0x0 [0162.999] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0162.999] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0162.999] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=187, color=0x19e724) returned 0x0 [0163.000] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.000] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.000] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=188, color=0x19e724) returned 0x0 [0163.000] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.000] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.000] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=189, color=0x19e724) returned 0x0 [0163.000] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.000] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.000] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=190, color=0x19e724) returned 0x0 [0163.000] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.000] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.000] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=191, color=0x19e724) returned 0x0 [0163.000] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.000] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.000] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=192, color=0x19e724) returned 0x0 [0163.000] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.000] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.001] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=193, color=0x19e724) returned 0x0 [0163.001] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.001] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.001] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=194, color=0x19e724) returned 0x0 [0163.001] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.001] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.001] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=195, color=0x19e724) returned 0x0 [0163.001] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.001] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.001] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=196, color=0x19e724) returned 0x0 [0163.001] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.001] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.001] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=197, color=0x19e724) returned 0x0 [0163.001] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.001] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.001] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=198, color=0x19e724) returned 0x0 [0163.002] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.002] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.002] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=199, color=0x19e724) returned 0x0 [0163.002] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.002] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.002] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=200, color=0x19e724) returned 0x0 [0163.002] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.002] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.002] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=201, color=0x19e724) returned 0x0 [0163.002] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.002] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.002] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=202, color=0x19e724) returned 0x0 [0163.002] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.002] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.002] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=203, color=0x19e724) returned 0x0 [0163.002] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.003] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.003] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=204, color=0x19e724) returned 0x0 [0163.003] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.003] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.003] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=205, color=0x19e724) returned 0x0 [0163.003] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.003] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.003] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=206, color=0x19e724) returned 0x0 [0163.003] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.003] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.003] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=207, color=0x19e724) returned 0x0 [0163.003] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.003] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.003] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=208, color=0x19e724) returned 0x0 [0163.003] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.004] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.004] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=209, color=0x19e724) returned 0x0 [0163.004] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.004] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.004] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=210, color=0x19e724) returned 0x0 [0163.004] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.004] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.004] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=211, color=0x19e724) returned 0x0 [0163.004] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.004] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.004] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=212, color=0x19e724) returned 0x0 [0163.004] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.004] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.005] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=213, color=0x19e724) returned 0x0 [0163.005] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.005] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.005] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=214, color=0x19e724) returned 0x0 [0163.005] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.005] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.005] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=215, color=0x19e724) returned 0x0 [0163.006] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.006] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.006] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=216, color=0x19e724) returned 0x0 [0163.007] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.007] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.007] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=217, color=0x19e724) returned 0x0 [0163.008] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.008] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.008] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=218, color=0x19e724) returned 0x0 [0163.008] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.008] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.008] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=219, color=0x19e724) returned 0x0 [0163.008] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.008] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.008] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=220, color=0x19e724) returned 0x0 [0163.008] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.008] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.009] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=221, color=0x19e724) returned 0x0 [0163.009] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.009] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.009] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=222, color=0x19e724) returned 0x0 [0163.009] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.009] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.009] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=223, color=0x19e724) returned 0x0 [0163.009] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.009] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.009] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=224, color=0x19e724) returned 0x0 [0163.009] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.009] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.009] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=225, color=0x19e724) returned 0x0 [0163.009] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.009] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.009] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=226, color=0x19e724) returned 0x0 [0163.010] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.010] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.010] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=227, color=0x19e724) returned 0x0 [0163.010] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.010] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.010] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=228, color=0x19e724) returned 0x0 [0163.010] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.010] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.010] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=229, color=0x19e724) returned 0x0 [0163.010] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.010] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.010] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=230, color=0x19e724) returned 0x0 [0163.010] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.010] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.010] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=231, color=0x19e724) returned 0x0 [0163.010] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.011] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.011] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=232, color=0x19e724) returned 0x0 [0163.011] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.011] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.011] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=233, color=0x19e724) returned 0x0 [0163.011] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.011] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.011] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=234, color=0x19e724) returned 0x0 [0163.011] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.011] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.011] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=235, color=0x19e724) returned 0x0 [0163.011] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.011] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.011] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=236, color=0x19e724) returned 0x0 [0163.011] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.012] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.012] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=237, color=0x19e724) returned 0x0 [0163.012] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.012] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.012] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=238, color=0x19e724) returned 0x0 [0163.012] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.012] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.012] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=239, color=0x19e724) returned 0x0 [0163.012] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.012] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.012] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=240, color=0x19e724) returned 0x0 [0163.012] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.012] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.012] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=241, color=0x19e724) returned 0x0 [0163.012] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.013] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.013] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=242, color=0x19e724) returned 0x0 [0163.013] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.013] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.013] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=243, color=0x19e724) returned 0x0 [0163.013] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.013] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.013] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=244, color=0x19e724) returned 0x0 [0163.013] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.013] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.013] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=245, color=0x19e724) returned 0x0 [0163.013] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.013] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.013] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=246, color=0x19e724) returned 0x0 [0163.013] GdipGetImageWidth (image=0x5ecf3b8, width=0x19e714) returned 0x0 [0163.014] GdipGetImageHeight (image=0x5ecf3b8, height=0x19e714) returned 0x0 [0163.014] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=247, color=0x19e724) returned 0x0 [0163.014] GdipBitmapGetPixel (bitmap=0x5ecf3b8, x=0, y=248, color=0x19e724) returned 0x0 [0164.245] CoTaskMemAlloc (cb=0xd) returned 0x7f010a0 [0164.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270484, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.246] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.246] CoTaskMemFree (pv=0x7f010a0) [0164.255] CoTaskMemAlloc (cb=0x11) returned 0x6820b8 [0164.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x22704bc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12 [0164.255] GetProcAddress (hModule=0x74650000, lpProcName="ResumeThread") returned 0x7466a800 [0164.256] CoTaskMemFree (pv=0x6820b8) [0164.261] CoTaskMemAlloc (cb=0xd) returned 0x7f01190 [0164.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270594, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.261] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.262] CoTaskMemFree (pv=0x7f01190) [0164.262] CoTaskMemAlloc (cb=0x1a) returned 0x72a4e8 [0164.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x22705cc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0164.262] GetProcAddress (hModule=0x74650000, lpProcName="Wow64SetThreadContext") returned 0x74693e60 [0164.262] CoTaskMemFree (pv=0x72a4e8) [0164.269] CoTaskMemAlloc (cb=0xd) returned 0x7f01298 [0164.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270698, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.269] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.272] CoTaskMemFree (pv=0x7f01298) [0164.272] CoTaskMemAlloc (cb=0x15) returned 0x6820b8 [0164.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x22706d0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0164.272] GetProcAddress (hModule=0x74650000, lpProcName="SetThreadContext") returned 0x74692490 [0164.273] CoTaskMemFree (pv=0x6820b8) [0164.276] CoTaskMemAlloc (cb=0xd) returned 0x7f010d0 [0164.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270798, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.276] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.276] CoTaskMemFree (pv=0x7f010d0) [0164.276] CoTaskMemAlloc (cb=0x1a) returned 0x72a150 [0164.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x22707d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0164.277] GetProcAddress (hModule=0x74650000, lpProcName="Wow64GetThreadContext") returned 0x74693e30 [0164.277] CoTaskMemFree (pv=0x72a150) [0164.280] CoTaskMemAlloc (cb=0xd) returned 0x7f01160 [0164.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x227089c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.280] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.280] CoTaskMemFree (pv=0x7f01160) [0164.280] CoTaskMemAlloc (cb=0x15) returned 0x6820b8 [0164.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x22708d4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0164.280] GetProcAddress (hModule=0x74650000, lpProcName="GetThreadContext") returned 0x7466ec60 [0164.281] CoTaskMemFree (pv=0x6820b8) [0164.283] CoTaskMemAlloc (cb=0xd) returned 0x7f01208 [0164.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270990, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.283] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.284] CoTaskMemFree (pv=0x7f01208) [0164.284] CoTaskMemAlloc (cb=0x13) returned 0x6547c0 [0164.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x22709c8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0164.284] GetProcAddress (hModule=0x74650000, lpProcName="VirtualAllocEx") returned 0x74692730 [0164.284] CoTaskMemFree (pv=0x6547c0) [0164.292] CoTaskMemAlloc (cb=0xd) returned 0x7f01310 [0164.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270a84, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.292] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.292] CoTaskMemFree (pv=0x7f01310) [0164.292] CoTaskMemAlloc (cb=0x17) returned 0x6820b8 [0164.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x2270abc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0164.292] GetProcAddress (hModule=0x74650000, lpProcName="WriteProcessMemory") returned 0x74692850 [0164.293] CoTaskMemFree (pv=0x6820b8) [0164.301] CoTaskMemAlloc (cb=0xd) returned 0x7f012e0 [0164.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270b80, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.301] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.302] CoTaskMemFree (pv=0x7f012e0) [0164.302] CoTaskMemAlloc (cb=0x16) returned 0x681c58 [0164.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x2270bb8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17 [0164.302] GetProcAddress (hModule=0x74650000, lpProcName="ReadProcessMemory") returned 0x74691c80 [0164.303] CoTaskMemFree (pv=0x681c58) [0164.309] CoTaskMemAlloc (cb=0xa) returned 0x7f01118 [0164.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x2270c78, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5 [0164.310] LoadLibraryA (lpLibFileName="ntdll") returned 0x778f0000 [0164.311] CoTaskMemFree (pv=0x7f01118) [0164.311] CoTaskMemAlloc (cb=0x19) returned 0x72a2e0 [0164.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x2270ca4, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20 [0164.311] GetProcAddress (hModule=0x778f0000, lpProcName="ZwUnmapViewOfSection") returned 0x77966f40 [0164.311] CoTaskMemFree (pv=0x72a2e0) [0164.315] CoTaskMemAlloc (cb=0xd) returned 0x7f01328 [0164.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2270d6c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0164.315] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0164.316] CoTaskMemFree (pv=0x7f01328) [0164.316] CoTaskMemAlloc (cb=0x13) returned 0x681c58 [0164.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x2270da4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14 [0164.316] GetProcAddress (hModule=0x74650000, lpProcName="CreateProcessA") returned 0x74690750 [0164.316] CoTaskMemFree (pv=0x681c58) [0164.344] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", nBufferLength=0x105, lpBuffer=0x19dd74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", lpFilePart=0x0) returned 0x62 [0164.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", cchWideChar=98, lpMultiByteStr=0x19deb4, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe\x0b\x08r\x8aÊ\x19 «*küæ\x19", lpUsedDefaultChar=0x0) returned 98 [0164.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x19deb0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ü\x92\x0b\x08C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", lpUsedDefaultChar=0x0) returned 0 [0164.371] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19df74*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19e298 | out: lpCommandLine="", lpProcessInformation=0x19e298*(hProcess=0x2e4, hThread=0x2e0, dwProcessId=0x12e4, dwThreadId=0x478)) returned 1 [0164.391] CoTaskMemFree (pv=0x0) [0164.395] GetThreadContext (in: hThread=0x2e0, lpContext=0x22710e8 | out: lpContext=0x22710e8*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x220000, Edx=0x0, Ecx=0x0, Eax=0x4bf602, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0164.397] ReadProcessMemory (in: hProcess=0x2e4, lpBaseAddress=0x220008, lpBuffer=0x19e288, nSize=0x4, lpNumberOfBytesRead=0x19e2cc | out: lpBuffer=0x19e288*, lpNumberOfBytesRead=0x19e2cc*=0x4) returned 1 [0164.399] NtUnmapViewOfSection (ProcessHandle=0x2e4, BaseAddress=0x400000) returned 0x0 [0164.402] VirtualAllocEx (hProcess=0x2e4, lpAddress=0x400000, dwSize=0x3c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0164.403] WriteProcessMemory (in: hProcess=0x2e4, lpBaseAddress=0x400000, lpBuffer=0x32e86d8*, nSize=0x200, lpNumberOfBytesWritten=0x19e2cc | out: lpBuffer=0x32e86d8*, lpNumberOfBytesWritten=0x19e2cc*=0x200) returned 1 [0164.415] WriteProcessMemory (in: hProcess=0x2e4, lpBaseAddress=0x402000, lpBuffer=0x347ef80*, nSize=0x35a00, lpNumberOfBytesWritten=0x19e2cc | out: lpBuffer=0x347ef80*, lpNumberOfBytesWritten=0x19e2cc*=0x35a00) returned 1 [0164.430] WriteProcessMemory (in: hProcess=0x2e4, lpBaseAddress=0x438000, lpBuffer=0x22713c0*, nSize=0x600, lpNumberOfBytesWritten=0x19e2cc | out: lpBuffer=0x22713c0*, lpNumberOfBytesWritten=0x19e2cc*=0x600) returned 1 [0164.435] WriteProcessMemory (in: hProcess=0x2e4, lpBaseAddress=0x43a000, lpBuffer=0x22719cc*, nSize=0x200, lpNumberOfBytesWritten=0x19e2cc | out: lpBuffer=0x22719cc*, lpNumberOfBytesWritten=0x19e2cc*=0x200) returned 1 [0164.443] WriteProcessMemory (in: hProcess=0x2e4, lpBaseAddress=0x220008, lpBuffer=0x2271bd8*, nSize=0x4, lpNumberOfBytesWritten=0x19e2cc | out: lpBuffer=0x2271bd8*, lpNumberOfBytesWritten=0x19e2cc*=0x4) returned 1 [0164.449] SetThreadContext (hThread=0x2e0, lpContext=0x22710e8*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x220000, Edx=0x0, Ecx=0x0, Eax=0x43785e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0164.450] ResumeThread (hThread=0x2e0) returned 0x1 [0164.525] CoGetContextToken (in: pToken=0x19e678 | out: pToken=0x19e678) returned 0x0 [0164.526] CObjectContext::QueryInterface () returned 0x0 [0164.526] CObjectContext::GetCurrentThreadType () returned 0x0 [0164.526] Release () returned 0x0 [0164.527] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x6584c8*=0x14c, lpdwindex=0x19e51c | out: lpdwindex=0x19e51c) returned 0x0 Thread: id = 2 os_tid = 0x98c Thread: id = 3 os_tid = 0xb08 Thread: id = 4 os_tid = 0xa60 [0113.622] CoGetContextToken (in: pToken=0x430fc3c | out: pToken=0x430fc3c) returned 0x800401f0 [0113.622] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0113.622] RoInitialize () returned 0x1 [0113.622] RoUninitialize () returned 0x0 [0127.012] GdipDeleteFont (font=0x4701f08) returned 0x0 [0164.617] SetWindowLongW (hWnd=0x9022a, nIndex=-4, dwNewLong=1952057312) returned 81135078 [0164.622] SetClassLongW (hWnd=0x9022a, nIndex=-24, dwNewLong=1952057312) returned 0x4d605be [0164.622] PostMessageW (hWnd=0x9022a, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0164.623] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0164.624] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0x400000) returned 0 [0164.625] EtwEventUnregister (RegHandle=0x687590) returned 0x0 [0164.631] IsWindow (hWnd=0x20362) returned 1 [0164.636] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74790000 [0164.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x430f9dc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW:lr\x8aÊ\x19 «*kXü0\x040og", lpUsedDefaultChar=0x0) returned 14 [0164.637] GetProcAddress (hModule=0x74790000, lpProcName="DefWindowProcW") returned 0x745a07e0 [0164.638] SetWindowLongW (hWnd=0x20362, nIndex=-4, dwNewLong=1952057312) returned 81135198 [0164.639] SetClassLongW (hWnd=0x20362, nIndex=-24, dwNewLong=1952057312) returned 0x4d6065e [0164.639] IsWindow (hWnd=0x20362) returned 1 [0164.640] DestroyWindow (hWnd=0x20362) returned 0 [0164.640] PostMessageW (hWnd=0x20362, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0164.640] SetConsoleCtrlHandler (HandlerRoutine=0x4d60636, Add=0) returned 1 [0164.650] GdipDisposeImage (image=0x5ecf3b8) returned 0x0 [0164.659] GetCurrentObject (hdc=0x9201098d, type=0x6) returned 0x520a093a [0164.659] SelectObject (hdc=0x9201098d, h=0x18a0048) returned 0x520a093a [0164.660] DeleteObject (ho=0x520a093a) returned 1 [0164.661] DeleteDC (hdc=0x9201098d) returned 1 [0164.664] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0 [0164.665] GdipDeleteFont (font=0x5ecb080) returned 0x0 [0164.666] GdipDeleteFont (font=0x470efc0) returned 0x0 [0164.671] CloseHandle (hObject=0x268) returned 1 [0164.682] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 5 os_tid = 0x614 Thread: id = 6 os_tid = 0x87c Thread: id = 7 os_tid = 0x13e4 Thread: id = 9 os_tid = 0x126c Thread: id = 11 os_tid = 0x1274 Process: id = "2" image_name = "2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" page_root = "0x552fd000" os_pid = "0x12e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 482 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 483 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 484 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 485 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 486 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 487 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 488 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 489 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 490 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 491 start_va = 0x400000 end_va = 0x4dbfff monitored = 1 entry_point = 0x4bf602 region_type = mapped_file name = "2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe") Region: id = 492 start_va = 0x778f0000 end_va = 0x77a6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 493 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 494 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 495 start_va = 0x7fff0000 end_va = 0x7ffb28afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 496 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 497 start_va = 0x7ffb28cc1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb28cc1000" filename = "" Region: id = 498 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 499 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 500 start_va = 0x657b0000 end_va = 0x65829fff monitored = 0 entry_point = 0x657c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 501 start_va = 0x65840000 end_va = 0x6588ffff monitored = 0 entry_point = 0x65858180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 502 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 503 start_va = 0x65830000 end_va = 0x65837fff monitored = 0 entry_point = 0x658317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 504 start_va = 0x500000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 505 start_va = 0x6cbd0000 end_va = 0x6cc28fff monitored = 1 entry_point = 0x6cbe0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 506 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 507 start_va = 0x75e80000 end_va = 0x75ffdfff monitored = 0 entry_point = 0x75f31b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 508 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 509 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 510 start_va = 0x440000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 511 start_va = 0x660000 end_va = 0x71dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 514 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 515 start_va = 0x77820000 end_va = 0x7789afff monitored = 0 entry_point = 0x7783e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 516 start_va = 0x75680000 end_va = 0x7573dfff monitored = 0 entry_point = 0x756b5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 517 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 518 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 519 start_va = 0x720000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 520 start_va = 0x75740000 end_va = 0x75783fff monitored = 0 entry_point = 0x75759d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 521 start_va = 0x74b50000 end_va = 0x74bfcfff monitored = 0 entry_point = 0x74b64f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 522 start_va = 0x74620000 end_va = 0x7463dfff monitored = 0 entry_point = 0x7462b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 523 start_va = 0x74610000 end_va = 0x74619fff monitored = 0 entry_point = 0x74612a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 524 start_va = 0x74730000 end_va = 0x74787fff monitored = 0 entry_point = 0x747725c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 525 start_va = 0x820000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 526 start_va = 0x6cb50000 end_va = 0x6cbc8fff monitored = 1 entry_point = 0x6cb5f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 527 start_va = 0x75790000 end_va = 0x757d4fff monitored = 0 entry_point = 0x757ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 528 start_va = 0x754b0000 end_va = 0x7566cfff monitored = 0 entry_point = 0x75592a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 529 start_va = 0x758f0000 end_va = 0x75a3efff monitored = 0 entry_point = 0x759a6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 530 start_va = 0x74790000 end_va = 0x748d6fff monitored = 0 entry_point = 0x747a1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 531 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 532 start_va = 0x9a0000 end_va = 0xb27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 533 start_va = 0x75e50000 end_va = 0x75e7afff monitored = 0 entry_point = 0x75e55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 534 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 535 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 536 start_va = 0xb30000 end_va = 0xcb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 537 start_va = 0xcc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 540 start_va = 0x820000 end_va = 0x8f7fff monitored = 1 entry_point = 0x8df602 region_type = mapped_file name = "2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe") Region: id = 541 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 542 start_va = 0x757e0000 end_va = 0x757ebfff monitored = 0 entry_point = 0x757e3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 543 start_va = 0x70130000 end_va = 0x70137fff monitored = 0 entry_point = 0x701317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 544 start_va = 0x6b2a0000 end_va = 0x6b950fff monitored = 1 entry_point = 0x6b2b5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 545 start_va = 0x6bde0000 end_va = 0x6bed4fff monitored = 0 entry_point = 0x6be34160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 546 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 547 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 548 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 549 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 550 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 551 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 552 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 553 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 554 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 555 start_va = 0x560000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 556 start_va = 0x510000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 557 start_va = 0x20c0000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 558 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 559 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 560 start_va = 0x820000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 561 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 562 start_va = 0x22a0000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 563 start_va = 0x20c0000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 564 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 565 start_va = 0x920000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 566 start_va = 0x2160000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 567 start_va = 0x42a0000 end_va = 0x45d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 568 start_va = 0x6a070000 end_va = 0x6b297fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 569 start_va = 0x75160000 end_va = 0x7524afff monitored = 0 entry_point = 0x7519d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 570 start_va = 0x45e0000 end_va = 0x4670fff monitored = 0 entry_point = 0x4618cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 571 start_va = 0x706d0000 end_va = 0x70744fff monitored = 0 entry_point = 0x70709a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 572 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 573 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 574 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 575 start_va = 0x6cad0000 end_va = 0x6cb4dfff monitored = 1 entry_point = 0x6cad1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 576 start_va = 0x76150000 end_va = 0x761e1fff monitored = 0 entry_point = 0x76188cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 577 start_va = 0x2260000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 578 start_va = 0x6c120000 end_va = 0x6cacbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 579 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 580 start_va = 0x6bf90000 end_va = 0x6c11cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 581 start_va = 0x69410000 end_va = 0x6a068fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 582 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 583 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 584 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 585 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 586 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 587 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 588 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 589 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 590 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 591 start_va = 0x45e0000 end_va = 0x474ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045e0000" filename = "" Region: id = 592 start_va = 0x76030000 end_va = 0x7614efff monitored = 0 entry_point = 0x76075980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 593 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 594 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 595 start_va = 0x2270000 end_va = 0x2270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 596 start_va = 0x45e0000 end_va = 0x469bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000045e0000" filename = "" Region: id = 597 start_va = 0x4740000 end_va = 0x474ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 598 start_va = 0x2270000 end_va = 0x2273fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 599 start_va = 0x701d0000 end_va = 0x701ecfff monitored = 0 entry_point = 0x701d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 600 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 601 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 602 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 603 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 604 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 605 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 606 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 607 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 608 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 609 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 610 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 611 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 612 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 613 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 614 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 615 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 616 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 617 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 618 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 619 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 620 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 621 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 622 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 623 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 624 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 625 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 626 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 627 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 628 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 629 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 630 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 631 start_va = 0x46a0000 end_va = 0x473bfff monitored = 1 entry_point = 0x472e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 632 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 633 start_va = 0x4750000 end_va = 0x475ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 634 start_va = 0x4750000 end_va = 0x475ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 635 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 636 start_va = 0x4750000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 637 start_va = 0x68cf0000 end_va = 0x69401fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 638 start_va = 0x6bcf0000 end_va = 0x6bddefff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 639 start_va = 0x685d0000 end_va = 0x68ce5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 640 start_va = 0x76370000 end_va = 0x7776efff monitored = 0 entry_point = 0x7652b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 641 start_va = 0x75300000 end_va = 0x75336fff monitored = 0 entry_point = 0x75303b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 642 start_va = 0x74c60000 end_va = 0x75158fff monitored = 0 entry_point = 0x74e67610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 643 start_va = 0x748e0000 end_va = 0x7496cfff monitored = 0 entry_point = 0x74929b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 644 start_va = 0x77770000 end_va = 0x777b3fff monitored = 0 entry_point = 0x77777410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 645 start_va = 0x757f0000 end_va = 0x757fefff monitored = 0 entry_point = 0x757f2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 646 start_va = 0x4850000 end_va = 0x4850fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004850000" filename = "" Region: id = 647 start_va = 0x742c0000 end_va = 0x742dafff monitored = 0 entry_point = 0x742c9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 648 start_va = 0x704d0000 end_va = 0x704e2fff monitored = 0 entry_point = 0x704d9950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 649 start_va = 0x704a0000 end_va = 0x704cefff monitored = 0 entry_point = 0x704b95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 650 start_va = 0x4860000 end_va = 0x489ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 651 start_va = 0x48a0000 end_va = 0x499ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 652 start_va = 0x49a0000 end_va = 0x49dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049a0000" filename = "" Region: id = 653 start_va = 0x49e0000 end_va = 0x4adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 654 start_va = 0x4ae0000 end_va = 0x4b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ae0000" filename = "" Region: id = 655 start_va = 0x4b20000 end_va = 0x4c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 656 start_va = 0x4c20000 end_va = 0x4c20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c20000" filename = "" Region: id = 657 start_va = 0x75860000 end_va = 0x758e3fff monitored = 0 entry_point = 0x75886220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 658 start_va = 0x4c30000 end_va = 0x4c30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c30000" filename = "" Region: id = 659 start_va = 0x6cc50000 end_va = 0x6cc91fff monitored = 1 entry_point = 0x6cc5f380 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 660 start_va = 0x6bf20000 end_va = 0x6bf86fff monitored = 0 entry_point = 0x6bf3b610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 661 start_va = 0x761f0000 end_va = 0x7624efff monitored = 0 entry_point = 0x761f4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 662 start_va = 0x70120000 end_va = 0x7012cfff monitored = 0 entry_point = 0x70123520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 663 start_va = 0x6cc30000 end_va = 0x6cc4bfff monitored = 0 entry_point = 0x6cc3aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 1112 start_va = 0x6bf00000 end_va = 0x6bf10fff monitored = 0 entry_point = 0x6bf08fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1113 start_va = 0x6bc30000 end_va = 0x6bceefff monitored = 0 entry_point = 0x6bc61e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1114 start_va = 0x4c40000 end_va = 0x4c43fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 1115 start_va = 0x6bba0000 end_va = 0x6bc20fff monitored = 0 entry_point = 0x6bbbb260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1116 start_va = 0x4c50000 end_va = 0x4c5efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 1117 start_va = 0x4c60000 end_va = 0x4c61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c60000" filename = "" Region: id = 1118 start_va = 0x4c70000 end_va = 0x4c70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c70000" filename = "" Region: id = 1119 start_va = 0x4c80000 end_va = 0x4d5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1120 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1121 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1122 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1123 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1124 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1125 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1126 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1127 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1128 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1129 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1130 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1131 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1132 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1133 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1134 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1135 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1136 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1137 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1138 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1139 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1140 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1141 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1142 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1232 start_va = 0x6bee0000 end_va = 0x6bef7fff monitored = 1 entry_point = 0x6bee5480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1233 start_va = 0x4d60000 end_va = 0x4d77fff monitored = 1 entry_point = 0x4d65480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1234 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1235 start_va = 0x6bee0000 end_va = 0x6bef7fff monitored = 1 entry_point = 0x6bee5480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1236 start_va = 0x4d90000 end_va = 0x4da7fff monitored = 1 entry_point = 0x4d95480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1237 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1238 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1239 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1240 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1241 start_va = 0x4da0000 end_va = 0x4da4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 1242 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1243 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1244 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1245 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1246 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1247 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1248 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1249 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1250 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1251 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1252 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1253 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1254 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1255 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1256 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1257 start_va = 0x6ba80000 end_va = 0x6bb9bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll") Region: id = 1258 start_va = 0x4db0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1259 start_va = 0x4df0000 end_va = 0x4eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1260 start_va = 0x7fe60000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 1261 start_va = 0x7fe50000 end_va = 0x7fe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1262 start_va = 0x4ef0000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1263 start_va = 0x4f30000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f30000" filename = "" Region: id = 1264 start_va = 0x6ba70000 end_va = 0x6ba79fff monitored = 1 entry_point = 0x6ba739f9 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 1265 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1266 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1267 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1268 start_va = 0x5030000 end_va = 0x5034fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1625 start_va = 0x5030000 end_va = 0x5032fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1626 start_va = 0x5030000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1627 start_va = 0x5070000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1628 start_va = 0x5030000 end_va = 0x5042fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1640 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1641 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1642 start_va = 0x5030000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1643 start_va = 0x5070000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1644 start_va = 0x50b0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 1645 start_va = 0x50f0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1646 start_va = 0x51f0000 end_va = 0x522ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1647 start_va = 0x5230000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1648 start_va = 0x51f0000 end_va = 0x51f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1649 start_va = 0x51f0000 end_va = 0x51f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1650 start_va = 0x51f0000 end_va = 0x51f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1651 start_va = 0x51f0000 end_va = 0x51f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1652 start_va = 0x51f0000 end_va = 0x51f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1653 start_va = 0x51f0000 end_va = 0x51f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1655 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1656 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1657 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1658 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1659 start_va = 0x720000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1660 start_va = 0x5270000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 1661 start_va = 0x52b0000 end_va = 0x53affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 1662 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1663 start_va = 0x50b0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 1664 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1665 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1666 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1667 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1668 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1669 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1670 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1671 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1672 start_va = 0x6ba20000 end_va = 0x6ba68fff monitored = 0 entry_point = 0x6ba26450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 1673 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1674 start_va = 0x53b0000 end_va = 0x54affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053b0000" filename = "" Region: id = 1675 start_va = 0x7a0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1678 start_va = 0x720000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1679 start_va = 0x4ef0000 end_va = 0x4feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1680 start_va = 0x50b0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 1681 start_va = 0x50f0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1682 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1683 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1684 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1685 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1686 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1687 start_va = 0x4ff0000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 1688 start_va = 0x4ff0000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 1689 start_va = 0x5000000 end_va = 0x500ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1690 start_va = 0x5010000 end_va = 0x501ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005010000" filename = "" Region: id = 1691 start_va = 0x5020000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 1692 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1693 start_va = 0x5200000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 1694 start_va = 0x5210000 end_va = 0x521ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 1695 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1696 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1697 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1698 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1699 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1700 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1701 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1702 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1703 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1704 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1705 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1706 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1707 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1708 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1709 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1710 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1711 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1712 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1713 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1714 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1715 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1716 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1717 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1718 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1719 start_va = 0x4ff0000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 1720 start_va = 0x5000000 end_va = 0x500ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1721 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1722 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1723 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1724 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1725 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1726 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1727 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1728 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1729 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1730 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1731 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1732 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1733 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1734 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1735 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1736 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1737 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1738 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1739 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1740 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1741 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1742 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1743 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1744 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1745 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1746 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1747 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1748 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1749 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1750 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1751 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1752 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1753 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1754 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1755 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1756 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1757 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1758 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1759 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1760 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1761 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1762 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1763 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1764 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1765 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1766 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1767 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1768 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1769 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1770 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1771 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1772 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1773 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1774 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1775 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1776 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1777 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1778 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1779 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1780 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1781 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1782 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1783 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1784 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1785 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1786 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1787 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1788 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1789 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1790 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1791 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1792 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1793 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1794 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1795 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1796 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1797 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1798 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1799 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1800 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1801 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1802 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1803 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1804 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1805 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1806 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1807 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1808 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1809 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1810 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1811 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1812 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1813 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1814 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1815 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1816 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1817 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1818 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1819 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1820 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1821 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1822 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1823 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1824 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1825 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1826 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1827 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1828 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1829 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1830 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1831 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1832 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1833 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1834 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1835 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1836 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1837 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1838 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1839 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1840 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1841 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1842 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1843 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1844 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1845 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1846 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1847 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1848 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1849 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1850 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1851 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1852 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1853 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1854 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1855 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1856 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1857 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1858 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1859 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1860 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1861 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1862 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1863 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1864 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1865 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1866 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1867 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1868 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1869 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1870 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1871 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1872 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1873 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1874 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1875 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1876 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1877 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1878 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1879 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1880 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1881 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1882 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1883 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1884 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1885 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1886 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1887 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1888 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1889 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1890 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1891 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1892 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1893 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1894 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1895 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1896 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1897 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1898 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1899 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1900 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1901 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1902 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1903 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1904 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1905 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1906 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1907 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1908 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1909 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1910 start_va = 0x4ef0000 end_va = 0x4f51fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 1911 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1912 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1913 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1914 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1915 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1916 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1917 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1918 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1919 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1920 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1921 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1922 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1923 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1924 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1925 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1926 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1927 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1928 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1929 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1930 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1931 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1932 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1933 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1934 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1935 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1936 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1937 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1938 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1939 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1940 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1941 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1942 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1943 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1944 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1945 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1946 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1947 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1948 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1949 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1950 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1951 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1952 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1953 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1954 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1955 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1956 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1957 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1958 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1959 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1960 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1961 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1962 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1963 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1964 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1965 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1966 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1967 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1968 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1969 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1970 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1971 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1972 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1973 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1974 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1975 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1976 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1977 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1978 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1979 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1980 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1981 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1982 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1983 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1984 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1985 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1986 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1987 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1988 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1989 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1990 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1991 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1992 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1993 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1994 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1995 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1996 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1997 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1998 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1999 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2000 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2001 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2002 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2003 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2004 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2005 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2006 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2007 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2008 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2009 start_va = 0x68510000 end_va = 0x685c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\4e4cb6e2e651b6d243241e4edd14b3f3\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\4e4cb6e2e651b6d243241e4edd14b3f3\\system.security.ni.dll") Region: id = 2010 start_va = 0x749d0000 end_va = 0x74b47fff monitored = 0 entry_point = 0x74a28a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2011 start_va = 0x74640000 end_va = 0x7464dfff monitored = 0 entry_point = 0x74645410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2012 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2013 start_va = 0x50b0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 2014 start_va = 0x704f0000 end_va = 0x704f7fff monitored = 0 entry_point = 0x704f1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 2015 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2016 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2017 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2018 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2019 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2020 start_va = 0x6ffd0000 end_va = 0x70009fff monitored = 0 entry_point = 0x6ffe9be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 2021 start_va = 0x741f0000 end_va = 0x742b7fff monitored = 0 entry_point = 0x7425ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 2022 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2023 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2024 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2025 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2026 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2027 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2028 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2029 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2030 start_va = 0x6b9f0000 end_va = 0x6ba12fff monitored = 0 entry_point = 0x6b9f7b50 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 2031 start_va = 0x6b9d0000 end_va = 0x6b9e5fff monitored = 0 entry_point = 0x6b9d21d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 2032 start_va = 0x684e0000 end_va = 0x6850afff monitored = 0 entry_point = 0x684e9a70 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll") Region: id = 2033 start_va = 0x740000 end_va = 0x74cfff monitored = 0 entry_point = 0x747b50 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 2035 start_va = 0x51b0000 end_va = 0x55aafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051b0000" filename = "" Region: id = 2036 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2037 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2038 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2039 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2040 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2041 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2042 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2043 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2044 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2045 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2046 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2047 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2048 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2049 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2050 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2051 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 2052 start_va = 0x4f60000 end_va = 0x4f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f60000" filename = "" Region: id = 2053 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2054 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2055 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2056 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2057 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2058 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2059 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 2060 start_va = 0x4f60000 end_va = 0x4f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f60000" filename = "" Region: id = 2061 start_va = 0x4f70000 end_va = 0x4f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 2062 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2063 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2064 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2065 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2066 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2067 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2068 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2069 start_va = 0x4f60000 end_va = 0x4f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f60000" filename = "" Region: id = 2070 start_va = 0x55b0000 end_va = 0x56affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055b0000" filename = "" Region: id = 2074 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2075 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2076 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2077 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2078 start_va = 0x4fa0000 end_va = 0x4fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fa0000" filename = "" Region: id = 2079 start_va = 0x56b0000 end_va = 0x57affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 2082 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2083 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2084 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2085 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2086 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2087 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2088 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2089 start_va = 0x72040000 end_va = 0x7206efff monitored = 0 entry_point = 0x7204bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2090 start_va = 0x72070000 end_va = 0x720f3fff monitored = 0 entry_point = 0x72096530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2091 start_va = 0x75250000 end_va = 0x75256fff monitored = 0 entry_point = 0x75251e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2092 start_va = 0x71f80000 end_va = 0x71f92fff monitored = 0 entry_point = 0x71f825d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 2093 start_va = 0x4fa0000 end_va = 0x4fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fa0000" filename = "" Region: id = 2094 start_va = 0x4fe0000 end_va = 0x501ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 2095 start_va = 0x56b0000 end_va = 0x57affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 2096 start_va = 0x57b0000 end_va = 0x57effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057b0000" filename = "" Region: id = 2097 start_va = 0x71f60000 end_va = 0x71f73fff monitored = 0 entry_point = 0x71f63c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 2098 start_va = 0x70750000 end_va = 0x70757fff monitored = 0 entry_point = 0x70751fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2099 start_va = 0x57f0000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 2100 start_va = 0x5830000 end_va = 0x592ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005830000" filename = "" Region: id = 2101 start_va = 0x72100000 end_va = 0x7214efff monitored = 0 entry_point = 0x7210d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2102 start_va = 0x72030000 end_va = 0x72037fff monitored = 0 entry_point = 0x72031920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2103 start_va = 0x71fe0000 end_va = 0x72026fff monitored = 0 entry_point = 0x71ff58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2104 start_va = 0x5930000 end_va = 0x5a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005930000" filename = "" Region: id = 2105 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2106 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2107 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2108 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2109 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2110 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2111 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 2112 start_va = 0x5a30000 end_va = 0x5abefff monitored = 0 entry_point = 0x5a3dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 2113 start_va = 0x68440000 end_va = 0x684d1fff monitored = 0 entry_point = 0x6844dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 2114 start_va = 0x5a30000 end_va = 0x5a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a30000" filename = "" Region: id = 2115 start_va = 0x790000 end_va = 0x793fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2116 start_va = 0x5020000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 2117 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2118 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 2119 start_va = 0x57b0000 end_va = 0x57c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000057b0000" filename = "" Region: id = 2120 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2121 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2122 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 2123 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 2124 start_va = 0x5930000 end_va = 0x596ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005930000" filename = "" Thread: id = 8 os_tid = 0x478 [0165.608] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0165.625] RoInitialize () returned 0x1 [0165.625] RoUninitialize () returned 0x0 [0166.275] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74790000 [0166.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19dc28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW`i\x97ãÜ\x14 «*k ß\x19", lpUsedDefaultChar=0x0) returned 14 [0166.276] GetProcAddress (hModule=0x74790000, lpProcName="DefWindowProcW") returned 0x7797aee0 [0166.276] GetStockObject (i=5) returned 0x1900015 [0166.304] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0166.309] CoTaskMemAlloc (cb=0x5c) returned 0x5b5390 [0166.309] RegisterClassW (lpWndClass=0x19dc18) returned 0xc1d8 [0166.310] CoTaskMemFree (pv=0x5b5390) [0166.310] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0166.312] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x502b0 [0166.320] SetWindowLongW (hWnd=0x502b0, nIndex=-4, dwNewLong=2006429408) returned 74712510 [0166.322] GetWindowLongW (hWnd=0x502b0, nIndex=-4) returned 2006429408 [0166.323] GetCurrentProcess () returned 0xffffffff [0166.323] GetCurrentThread () returned 0xfffffffe [0166.323] GetCurrentProcess () returned 0xffffffff [0166.323] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19d4f0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19d4f0*=0x258) returned 1 [0166.327] GetCurrentThreadId () returned 0x478 [0166.336] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19d474 | out: phkResult=0x19d474*=0x25c) returned 0x0 [0166.337] RegQueryValueExW (in: hKey=0x25c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19d494, lpData=0x0, lpcbData=0x19d490*=0x0 | out: lpType=0x19d494*=0x0, lpData=0x0, lpcbData=0x19d490*=0x0) returned 0x2 [0166.337] RegQueryValueExW (in: hKey=0x25c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19d494, lpData=0x0, lpcbData=0x19d490*=0x0 | out: lpType=0x19d494*=0x0, lpData=0x0, lpcbData=0x19d490*=0x0) returned 0x2 [0166.337] RegCloseKey (hKey=0x25c) returned 0x0 [0166.340] SetWindowLongW (hWnd=0x502b0, nIndex=-4, dwNewLong=74712550) returned 2006429408 [0166.340] GetWindowLongW (hWnd=0x502b0, nIndex=-4) returned 74712550 [0166.340] GetWindowLongW (hWnd=0x502b0, nIndex=-16) returned 79691776 [0166.366] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502b0, Msg=0x24, wParam=0x0, lParam=0x19d78c) returned 0x0 [0166.367] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc172 [0166.367] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502b0, Msg=0x81, wParam=0x0, lParam=0x19d780) returned 0x1 [0166.374] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502b0, Msg=0x83, wParam=0x0, lParam=0x19d76c) returned 0x0 [0166.382] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502b0, Msg=0x1, wParam=0x0, lParam=0x19d780) returned 0x0 [0166.721] GetCurrentProcessId () returned 0x12e4 [0166.725] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ed4c | out: lpLuid=0x19ed4c*(LowPart=0x14, HighPart=0)) returned 1 [0166.736] GetCurrentProcess () returned 0xffffffff [0166.737] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ed48 | out: TokenHandle=0x19ed48*=0x27c) returned 1 [0166.737] AdjustTokenPrivileges (in: TokenHandle=0x27c, DisableAllPrivileges=0, NewState=0x22a996c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0166.738] CloseHandle (hObject=0x27c) returned 1 [0166.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32a94b0, Length=0x20000, ResultLength=0x19f428 | out: SystemInformation=0x32a94b0, ResultLength=0x19f428*=0x17de0) returned 0x0 [0166.797] GetCurrentProcessId () returned 0x12e4 [0166.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32a94b0, Length=0x20000, ResultLength=0x19f418 | out: SystemInformation=0x32a94b0, ResultLength=0x19f418*=0x17de0) returned 0x0 [0172.845] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x27c [0172.847] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x280 [0172.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e5dc | out: phkResult=0x19e5dc*=0x284) returned 0x0 [0172.864] RegQueryValueExW (in: hKey=0x284, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5fc, lpData=0x0, lpcbData=0x19e5f8*=0x0 | out: lpType=0x19e5fc*=0x1, lpData=0x0, lpcbData=0x19e5f8*=0xe) returned 0x0 [0172.864] RegQueryValueExW (in: hKey=0x284, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5fc, lpData=0x22fbe78, lpcbData=0x19e5f8*=0xe | out: lpType=0x19e5fc*=0x1, lpData="Client", lpcbData=0x19e5f8*=0xe) returned 0x0 [0172.865] RegCloseKey (hKey=0x284) returned 0x0 [0173.179] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", nBufferLength=0x105, lpBuffer=0x19df98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", lpFilePart=0x0) returned 0x69 [0173.180] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", nBufferLength=0x105, lpBuffer=0x19df40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", lpFilePart=0x0) returned 0x69 [0173.503] GetCurrentProcess () returned 0xffffffff [0173.503] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2f8 | out: TokenHandle=0x19e2f8*=0x284) returned 1 [0173.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19ddd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0173.510] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0173.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0173.512] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0173.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0173.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e224) returned 1 [0173.515] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0173.516] GetFileType (hFile=0x288) returned 0x1 [0173.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e220) returned 1 [0173.516] GetFileType (hFile=0x288) returned 0x1 [0173.553] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x19e2ec | out: lpFileSizeHigh=0x19e2ec*=0x0) returned 0x8c8f [0173.554] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2a8, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19e2a8*=0x1000, lpOverlapped=0x0) returned 1 [0173.589] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e144, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19e144*=0x1000, lpOverlapped=0x0) returned 1 [0173.595] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0173.596] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0173.597] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0173.597] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df30, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19df30*=0x1000, lpOverlapped=0x0) returned 1 [0173.604] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0ac, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19e0ac*=0x1000, lpOverlapped=0x0) returned 1 [0173.607] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfc0, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19dfc0*=0x1000, lpOverlapped=0x0) returned 1 [0173.607] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfc0, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19dfc0*=0xc8f, lpOverlapped=0x0) returned 1 [0173.607] ReadFile (in: hFile=0x288, lpBuffer=0x22ff958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e080, lpOverlapped=0x0 | out: lpBuffer=0x22ff958*, lpNumberOfBytesRead=0x19e080*=0x0, lpOverlapped=0x0) returned 1 [0173.607] CloseHandle (hObject=0x288) returned 1 [0173.609] GetCurrentProcess () returned 0xffffffff [0173.609] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x288) returned 1 [0173.609] GetCurrentProcess () returned 0xffffffff [0173.609] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x28c) returned 1 [0173.610] GetCurrentProcess () returned 0xffffffff [0173.610] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2f8 | out: TokenHandle=0x19e2f8*=0x290) returned 1 [0173.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.610] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config", lpFilePart=0x0) returned 0x69 [0173.611] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.611] GetCurrentProcess () returned 0xffffffff [0173.611] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x294) returned 1 [0173.611] GetCurrentProcess () returned 0xffffffff [0173.611] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x298) returned 1 [0173.629] GetCurrentProcess () returned 0xffffffff [0173.629] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e1e4 | out: TokenHandle=0x19e1e4*=0x29c) returned 1 [0173.656] GetCurrentProcess () returned 0xffffffff [0173.656] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e1f8 | out: TokenHandle=0x19e1f8*=0x2a0) returned 1 [0173.681] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19dec0 | out: phkResult=0x19dec0*=0x0) returned 0x2 [0173.691] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3dc | out: phkResult=0x19f3dc*=0x2a4) returned 0x0 [0173.691] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f3f8, lpData=0x0, lpcbData=0x19f3f4*=0x0 | out: lpType=0x19f3f8*=0x0, lpData=0x0, lpcbData=0x19f3f4*=0x0) returned 0x2 [0173.691] RegCloseKey (hKey=0x2a4) returned 0x0 [0179.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0179.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0179.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2d8) returned 1 [0179.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f354 | out: lpFileInformation=0x19f354*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0179.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2d4) returned 1 [0179.672] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f05c | out: pfEnabled=0x19f05c) returned 0x0 [0180.263] CreateBindCtx (in: reserved=0x0, ppbc=0x19f404 | out: ppbc=0x19f404*=0x5b1690) returned 0x0 [0180.264] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eec0 | out: ppvObject=0x19eec0*=0x5b1690) returned 0x0 [0180.265] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee7c | out: ppvObject=0x19ee7c*=0x0) returned 0x80004002 [0180.265] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x0) returned 0x80004002 [0180.265] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea74 | out: ppvObject=0x19ea74*=0x0) returned 0x80004002 [0180.265] IUnknown:AddRef (This=0x5b1690) returned 0x3 [0180.265] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002 [0180.265] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e78c | out: ppvObject=0x19e78c*=0x0) returned 0x80004002 [0180.265] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e798 | out: ppvObject=0x19e798*=0x0) returned 0x80004002 [0180.265] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0 [0180.265] CObjectContext::QueryInterface () returned 0x0 [0180.266] CObjectContext::GetCurrentApartmentType () returned 0x0 [0180.266] Release () returned 0x0 [0180.266] CoGetObjectContext (in: riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5c7674 | out: ppv=0x5c7674*=0x5a0080) returned 0x0 [0180.305] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0180.305] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec90 | out: ppvObject=0x19ec90*=0x0) returned 0x80004002 [0180.305] IUnknown:Release (This=0x5b1690) returned 0x2 [0180.305] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0180.307] CoGetContextToken (in: pToken=0x19f130 | out: pToken=0x19f130) returned 0x0 [0180.307] IUnknown:QueryInterface (in: This=0x5b1690, riid=0x19f200*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x5b1690) returned 0x0 [0180.307] IUnknown:AddRef (This=0x5b1690) returned 0x4 [0180.307] IUnknown:Release (This=0x5b1690) returned 0x3 [0180.307] IUnknown:Release (This=0x5b1690) returned 0x2 [0180.308] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0180.308] IUnknown:AddRef (This=0x5b1690) returned 0x3 [0180.308] MkParseDisplayName (in: pbc=0x5b1690, szUserName="WinMgmts:", pchEaten=0x19f438, ppmk=0x19f3f0 | out: pchEaten=0x19f438, ppmk=0x19f3f0*=0x5cde90) returned 0x0 [0181.787] malloc (_Size=0x80) returned 0x9931b0 [0181.790] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5ce5a8 [0181.791] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0181.791] DllGetClassObject (in: rclsid=0x5d7f9c*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x754c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1e0 | out: ppv=0x19f1e0*=0x5ce548) returned 0x0 [0181.792] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5ce548 [0181.792] WinMGMTS:IClassFactory:CreateInstance (in: This=0x5ce548, pUnkOuter=0x0, riid=0x75166800*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f188 | out: ppvObject=0x19f188*=0x5cd1b0) returned 0x0 [0181.793] GetVersionExW (in: lpVersionInformation=0x19ef40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19efa0, dwMinorVersion=0x7466234f, dwBuildNumber=0xc0150008, dwPlatformId=0x0, szCSDVersion="\域≵) | out: lpVersionInformation=0x19ef40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19ef38 | out: phkResult=0x19ef38*=0x398) returned 0x0 [0181.794] RegQueryValueExW (in: hKey=0x398, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x19ef30, lpcbData=0x19ef3c*=0x4 | out: lpType=0x0, lpData=0x19ef30*=0x3, lpcbData=0x19ef3c*=0x4) returned 0x0 [0181.794] RegCloseKey (hKey=0x398) returned 0x0 [0181.794] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d8d98 [0181.794] GetSystemDirectoryW (in: lpBuffer=0x5d8d98, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0181.794] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x77820000 [0181.806] GetProcAddress (hModule=0x77820000, lpProcName="DuplicateTokenEx") returned 0x77840ad0 [0181.807] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0181.807] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5ce138 [0181.807] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5cd1b0 [0181.807] WinMGMTS:IUnknown:Release (This=0x5ce548) returned 0x0 [0181.807] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0181.807] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x5cd1b0, pbc=0x5b1690, pszDisplayName="WinMgmts:", pchEaten=0x19f398, ppmkOut=0x19f394 | out: pchEaten=0x19f398*=0x9, ppmkOut=0x19f394*=0x5cde90) returned 0x0 [0181.808] ApiSetQueryApiSetPresence () returned 0x0 [0181.808] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0181.808] IBindCtx:GetObjectParam (in: This=0x5b1690, pszKey=0x6cc53e5c, ppunk=0x19f240 | out: ppunk=0x19f240*=0x0) returned 0x80004005 [0181.808] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x574ae0 [0181.809] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0181.809] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b5050 [0181.809] ResolveDelayLoadedAPI () returned 0x75530060 [0181.810] CoCreateInstance (in: rclsid=0x6cc51c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc51c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5b5068 | out: ppv=0x5b5068*=0x5cd2d0) returned 0x0 [0181.990] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b54c8 [0181.990] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c1720 [0181.990] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x574b40 [0181.990] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0181.990] GetCurrentThreadId () returned 0x478 [0181.990] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0181.991] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0181.991] GetCurrentThreadId () returned 0x478 [0181.992] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19f0b4 | out: phkResult=0x19f0b4*=0x3a0) returned 0x0 [0181.992] RegQueryValueExW (in: hKey=0x3a0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x19f0b8*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x19f0b8*=0x16) returned 0x0 [0181.992] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x574cc0 [0181.992] RegQueryValueExW (in: hKey=0x3a0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x574cc0, lpcbData=0x19f0b8*=0x16 | out: lpType=0x0, lpData=0x574cc0*=0x72, lpcbData=0x19f0b8*=0x16) returned 0x0 [0181.992] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x574c00 [0181.993] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0181.993] RegCloseKey (hKey=0x3a0) returned 0x0 [0181.994] CoCreateInstance (in: rclsid=0x6cc521a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc521b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0ec | out: ppv=0x19f0ec*=0x5bf878) returned 0x0 [0182.288] SysStringLen (param_1=".") returned 0x1 [0182.288] WbemDefPath:IWbemPath:SetServer (This=0x5bf878, Name=".") returned 0x0 [0182.288] CoCreateInstance (in: rclsid=0x6cc521a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc521b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f098 | out: ppv=0x19f098*=0x5cd970) returned 0x0 [0182.289] CoCreateInstance (in: rclsid=0x6cc521a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cc521b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f034 | out: ppv=0x19f034*=0x5d8d98) returned 0x0 [0182.289] WbemDefPath:IWbemPath:SetText (This=0x5d8d98, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0182.289] WbemDefPath:IUnknown:Release (This=0x5d8d98) returned 0x0 [0182.289] SysStringLen (param_1="root\\cimv2") returned 0xa [0182.289] WbemDefPath:IWbemPath:SetText (This=0x5cd970, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0182.289] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5cd970, puCount=0x19f0b0 | out: puCount=0x19f0b0*=0x2) returned 0x0 [0182.289] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x5bf878) returned 0x0 [0182.289] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5cd970, uIndex=0x0, puNameBufLength=0x19f06c*=0x0, pName=0x0 | out: puNameBufLength=0x19f06c*=0x5, pName=0x0) returned 0x0 [0182.289] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d9130 [0182.289] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5cd970, uIndex=0x0, puNameBufLength=0x19f06c*=0x5, pName="" | out: puNameBufLength=0x19f06c*=0x5, pName="root") returned 0x0 [0182.290] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0182.290] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x5bf878, uIndex=0x0, pszName="root") returned 0x0 [0182.290] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5cd970, uIndex=0x1, puNameBufLength=0x19f06c*=0x0, pName=0x0 | out: puNameBufLength=0x19f06c*=0x6, pName=0x0) returned 0x0 [0182.290] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d9160 [0182.290] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x5cd970, uIndex=0x1, puNameBufLength=0x19f06c*=0x6, pName="" | out: puNameBufLength=0x19f06c*=0x6, pName="cimv2") returned 0x0 [0182.290] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0182.290] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x5bf878, uIndex=0x1, pszName="cimv2") returned 0x0 [0182.290] WbemDefPath:IUnknown:Release (This=0x5cd970) returned 0x0 [0182.290] WbemDefPath:IWbemPath:GetText (in: This=0x5bf878, lFlags=4, puBuffLength=0x19f0b4*=0x0, pszText=0x0 | out: puBuffLength=0x19f0b4*=0xf, pszText=0x0) returned 0x0 [0182.290] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5cdf08 [0182.290] WbemDefPath:IWbemPath:GetText (in: This=0x5bf878, lFlags=4, puBuffLength=0x19f0b4*=0xf, pszText="" | out: puBuffLength=0x19f0b4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.290] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0182.290] WbemDefPath:IUnknown:Release (This=0x5bf878) returned 0x0 [0182.290] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5cd2d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x19f134 | out: ppNamespace=0x19f134*=0x5c02c8) returned 0x0 [0185.708] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5cd970 [0185.708] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c1a80 [0185.708] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5dbeb0 [0185.708] WbemLocator:IUnknown:QueryInterface (in: This=0x5c02c8, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x5ba844) returned 0x0 [0185.709] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5ba844, pProxy=0x5c02c8, pAuthnSvc=0x19f100, pAuthzSvc=0x19f104, pServerPrincName=0x0, pAuthnLevel=0x19f174, pImpLevel=0x19f17c, pAuthInfo=0x0, pCapabilites=0x19f108 | out: pAuthnSvc=0x19f100*=0xa, pAuthzSvc=0x19f104*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f174*=0x6, pImpLevel=0x19f17c*=0x2, pAuthInfo=0x0, pCapabilites=0x19f108*=0x1) returned 0x0 [0185.709] WbemLocator:IUnknown:Release (This=0x5ba844) returned 0x1 [0185.709] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0185.709] GetCurrentThreadId () returned 0x478 [0185.709] WbemLocator:IUnknown:QueryInterface (in: This=0x5c02c8, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f19c | out: ppvObject=0x19f19c*=0x5ba844) returned 0x0 [0185.709] WbemLocator:IClientSecurity:CopyProxy (in: This=0x5ba844, pProxy=0x5c02c8, ppCopy=0x19f1c0 | out: ppCopy=0x19f1c0*=0x5bfaa8) returned 0x0 [0185.710] WbemLocator:IUnknown:QueryInterface (in: This=0x5bfaa8, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x5ba844) returned 0x0 [0185.710] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5ba844, pProxy=0x5bfaa8, pAuthnSvc=0x19f068, pAuthzSvc=0x19f064, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19f068*=0xa, pAuthzSvc=0x19f064*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0185.710] WbemLocator:IUnknown:Release (This=0x5ba844) returned 0x3 [0185.710] WbemLocator:IUnknown:QueryInterface (in: This=0x5bfaa8, riid=0x6cc51f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f01c | out: ppvObject=0x19f01c*=0x5ba868) returned 0x0 [0185.710] WbemLocator:IUnknown:QueryInterface (in: This=0x5bfaa8, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f020 | out: ppvObject=0x19f020*=0x5ba844) returned 0x0 [0185.710] WbemLocator:IClientSecurity:SetBlanket (This=0x5ba844, pProxy=0x5bfaa8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.710] WbemLocator:IUnknown:Release (This=0x5ba844) returned 0x4 [0185.710] WbemLocator:IUnknown:Release (This=0x5ba868) returned 0x3 [0185.711] WbemLocator:IUnknown:Release (This=0x5ba844) returned 0x2 [0185.711] WbemLocator:IUnknown:AddRef (This=0x5bfaa8) returned 0x3 [0185.711] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c1300 [0185.711] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d9378 [0185.711] WbemLocator:IUnknown:Release (This=0x5c02c8) returned 0x2 [0185.711] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0185.711] GetCurrentThreadId () returned 0x478 [0185.711] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0185.712] GetCurrentThreadId () returned 0x478 [0185.712] WbemLocator:IUnknown:QueryInterface (in: This=0x5bfaa8, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x5ba844) returned 0x0 [0185.712] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5ba844, pProxy=0x5bfaa8, pAuthnSvc=0x19f1b0, pAuthzSvc=0x19f1b4, pServerPrincName=0x0, pAuthnLevel=0x19f1c0, pImpLevel=0x19f1bc, pAuthInfo=0x0, pCapabilites=0x19f1b8 | out: pAuthnSvc=0x19f1b0*=0xa, pAuthzSvc=0x19f1b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f1c0*=0x6, pImpLevel=0x19f1bc*=0x3, pAuthInfo=0x0, pCapabilites=0x19f1b8*=0x20) returned 0x0 [0185.712] WbemLocator:IUnknown:Release (This=0x5ba844) returned 0x2 [0185.712] ResolveDelayLoadedAPI () returned 0x75192060 [0185.713] CreatePointerMoniker (in: punk=0x5cd970, ppmk=0x19f394 | out: ppmk=0x19f394*=0x5cde90) returned 0x0 [0185.713] IUnknown:AddRef (This=0x5cd970) returned 0x2 [0185.716] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0185.716] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0185.716] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0185.716] WbemLocator:IUnknown:Release (This=0x5cd2d0) returned 0x0 [0185.716] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0185.717] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0185.718] WinMGMTS:IUnknown:Release (This=0x5cd1b0) returned 0x0 [0185.718] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0185.722] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeb4 | out: ppvObject=0x19eeb4*=0x5cde90) returned 0x0 [0185.722] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee70 | out: ppvObject=0x19ee70*=0x0) returned 0x80004002 [0185.722] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec8c | out: ppvObject=0x19ec8c*=0x0) returned 0x80004002 [0185.722] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea64 | out: ppvObject=0x19ea64*=0x0) returned 0x80004002 [0185.723] IUnknown:AddRef (This=0x5cde90) returned 0x3 [0185.723] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7cc | out: ppvObject=0x19e7cc*=0x0) returned 0x80004002 [0185.723] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e77c | out: ppvObject=0x19e77c*=0x0) returned 0x80004002 [0185.723] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e788 | out: ppvObject=0x19e788*=0x5cdea4) returned 0x0 [0185.723] IMarshal:GetUnmarshalClass (in: This=0x5cdea4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e790 | out: pCid=0x19e790*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.724] IUnknown:Release (This=0x5cdea4) returned 0x3 [0185.724] CoGetContextToken (in: pToken=0x19e7e8 | out: pToken=0x19e7e8) returned 0x0 [0185.724] CoGetContextToken (in: pToken=0x19ebf0 | out: pToken=0x19ebf0) returned 0x0 [0185.724] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec80 | out: ppvObject=0x19ec80*=0x0) returned 0x80004002 [0185.724] IUnknown:Release (This=0x5cde90) returned 0x2 [0185.724] CoGetContextToken (in: pToken=0x19f1c8 | out: pToken=0x19f1c8) returned 0x0 [0185.724] CoGetContextToken (in: pToken=0x19f128 | out: pToken=0x19f128) returned 0x0 [0185.724] IUnknown:QueryInterface (in: This=0x5cde90, riid=0x19f1f8*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f4 | out: ppvObject=0x19f1f4*=0x5cde90) returned 0x0 [0185.725] IUnknown:AddRef (This=0x5cde90) returned 0x4 [0185.725] IUnknown:Release (This=0x5cde90) returned 0x3 [0185.725] IUnknown:Release (This=0x5b1690) returned 0x2 [0185.725] IUnknown:Release (This=0x5cde90) returned 0x2 [0185.726] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0185.726] IUnknown:AddRef (This=0x5cde90) returned 0x3 [0185.726] BindMoniker (in: pmk=0x5cde90, grfOpt=0x0, iidResult=0x22a6f40*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f3f4 | out: ppvResult=0x19f3f4*=0x5cd970) returned 0x0 [0185.726] IUnknown:QueryInterface (in: This=0x5cd970, riid=0x22a6f40*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3f4 | out: ppvObject=0x19f3f4*=0x5cd970) returned 0x0 [0185.727] LoadRegTypeLib (in: rguid=0x6cc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19ec54*=0x0 | out: pptlib=0x19ec54*=0x5e1da8) returned 0x0 [0186.003] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e1da8, GUID=0x5cd9b4*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x5cd99c | out: ppTInfo=0x5cd99c*=0x5e37fc) returned 0x0 [0186.009] IUnknown:Release (This=0x5e1da8) returned 0x1 [0186.032] CoGetContextToken (in: pToken=0x19e7f0 | out: pToken=0x19e7f0) returned 0x0 [0186.032] CoGetContextToken (in: pToken=0x19ebf8 | out: pToken=0x19ebf8) returned 0x0 [0186.033] IUnknown:Release (This=0x5cde90) returned 0x2 [0186.251] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0186.251] LoadRegTypeLib (in: rguid=0x6cc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eeb8*=0x0 | out: pptlib=0x19eeb8*=0x5e1da8) returned 0x0 [0186.253] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e1da8, GUID=0x5cd9a4*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x5cd998 | out: ppTInfo=0x5cd998*=0x5e3828) returned 0x0 [0186.253] IUnknown:Release (This=0x5e1da8) returned 0x2 [0186.253] IUnknown:AddRef (This=0x5e3828) returned 0x2 [0186.253] DispGetIDsOfNames (in: ptinfo=0x5e3828, rgszNames=0x19ef40*="InstancesOf", cNames=0x1, rgdispid=0x19ef30 | out: rgdispid=0x19ef30*=5) returned 0x0 [0186.255] IUnknown:Release (This=0x5e3828) returned 0x1 [0186.256] IUnknown:AddRef (This=0x5e3828) returned 0x2 [0186.257] ITypeInfo:LocalInvoke (This=0x5e3828) returned 0x0 [0186.257] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0186.258] GetCurrentThreadId () returned 0x478 [0186.258] WbemLocator:IUnknown:AddRef (This=0x5bfaa8) returned 0x3 [0186.258] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0186.258] GetCurrentThreadId () returned 0x478 [0186.258] IWbemServices:CreateInstanceEnum (in: This=0x5bfaa8, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x19e744 | out: ppEnum=0x19e744*=0x5e7150) returned 0x0 [0186.270] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c13c0 [0186.270] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c1420 [0186.270] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c1660 [0186.270] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d91f8 [0186.270] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5dc698 [0186.270] IUnknown:QueryInterface (in: This=0x5e7150, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x5e7154) returned 0x0 [0186.270] IClientSecurity:QueryBlanket (in: This=0x5e7154, pProxy=0x5e7150, pAuthnSvc=0x19e5d8, pAuthzSvc=0x19e5e0, pServerPrincName=0x0, pAuthnLevel=0x19e614, pImpLevel=0x19e618, pAuthInfo=0x0, pCapabilites=0x19e5dc | out: pAuthnSvc=0x19e5d8*=0xa, pAuthzSvc=0x19e5e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e614*=0x6, pImpLevel=0x19e618*=0x2, pAuthInfo=0x0, pCapabilites=0x19e5dc*=0x1) returned 0x0 [0186.270] IUnknown:Release (This=0x5e7154) returned 0x1 [0186.270] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0186.271] GetCurrentThreadId () returned 0x478 [0186.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5bfaa8, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x5ba844) returned 0x0 [0186.271] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5ba844, pProxy=0x5bfaa8, pAuthnSvc=0x19e5c4, pAuthzSvc=0x19e5c8, pServerPrincName=0x0, pAuthnLevel=0x19e5d4, pImpLevel=0x19e5d8, pAuthInfo=0x0, pCapabilites=0x19e5cc | out: pAuthnSvc=0x19e5c4*=0xa, pAuthzSvc=0x19e5c8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d4*=0x6, pImpLevel=0x19e5d8*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5cc*=0x20) returned 0x0 [0186.271] WbemLocator:IUnknown:Release (This=0x5ba844) returned 0x3 [0186.271] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0186.271] GetCurrentThreadId () returned 0x478 [0186.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5bfaa8, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x5ba844) returned 0x0 [0186.271] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5ba844, pProxy=0x5bfaa8, pAuthnSvc=0x19e5c4, pAuthzSvc=0x19e5c8, pServerPrincName=0x0, pAuthnLevel=0x19e5d8, pImpLevel=0x19e5d4, pAuthInfo=0x0, pCapabilites=0x19e5cc | out: pAuthnSvc=0x19e5c4*=0xa, pAuthzSvc=0x19e5c8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d8*=0x6, pImpLevel=0x19e5d4*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5cc*=0x20) returned 0x0 [0186.271] WbemLocator:IUnknown:Release (This=0x5ba844) returned 0x3 [0186.271] IUnknown:QueryInterface (in: This=0x5e7150, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e60c | out: ppvObject=0x19e60c*=0x5e7154) returned 0x0 [0186.274] IClientSecurity:CopyProxy (in: This=0x5e7154, pProxy=0x5e7150, ppCopy=0x19e610 | out: ppCopy=0x19e610*=0x5e7218) returned 0x0 [0186.274] IUnknown:QueryInterface (in: This=0x5e7218, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x5e721c) returned 0x0 [0186.274] IClientSecurity:QueryBlanket (in: This=0x5e721c, pProxy=0x5e7218, pAuthnSvc=0x19e594, pAuthzSvc=0x19e590, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e594*=0xa, pAuthzSvc=0x19e590*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0186.274] IUnknown:Release (This=0x5e721c) returned 0x3 [0186.274] IUnknown:QueryInterface (in: This=0x5e7218, riid=0x6cc51f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e548 | out: ppvObject=0x19e548*=0x5bab68) returned 0x0 [0186.274] IUnknown:QueryInterface (in: This=0x5e7218, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e54c | out: ppvObject=0x19e54c*=0x5e721c) returned 0x0 [0186.274] IClientSecurity:SetBlanket (This=0x5e721c, pProxy=0x5e7218, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0186.417] IUnknown:Release (This=0x5e721c) returned 0x4 [0186.417] WbemLocator:IUnknown:Release (This=0x5bab68) returned 0x3 [0186.417] IUnknown:Release (This=0x5e7154) returned 0x2 [0186.417] IUnknown:AddRef (This=0x5e7218) returned 0x3 [0186.417] IUnknown:Release (This=0x5e7150) returned 0x2 [0186.417] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19e700 | out: pperrinfo=0x19e700*=0x0) returned 0x1 [0186.417] WbemLocator:IUnknown:Release (This=0x5bfaa8) returned 0x2 [0186.417] IUnknown:Release (This=0x5e3828) returned 0x1 [0186.418] LoadRegTypeLib (in: rguid=0x6cc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19e714*=0x0 | out: pptlib=0x19e714*=0x5e1da8) returned 0x0 [0186.419] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e1da8, GUID=0x5c13f8*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5c13e0 | out: ppTInfo=0x5c13e0*=0x5e3930) returned 0x0 [0186.419] IUnknown:Release (This=0x5e1da8) returned 0x3 [0186.419] IUnknown:AddRef (This=0x5e3930) returned 0x2 [0186.419] ITypeInfo:RemoteGetTypeAttr (in: This=0x5e3930, ppTypeAttr=0x19e750, pDummy=0x1596591e | out: ppTypeAttr=0x19e750, pDummy=0x1596591e) returned 0x0 [0186.420] ITypeInfo:LocalReleaseTypeAttr (This=0x5e3930) returned 0x0 [0186.420] IUnknown:Release (This=0x5e3930) returned 0x1 [0186.421] CoGetContextToken (in: pToken=0x19e2b0 | out: pToken=0x19e2b0) returned 0x0 [0186.421] CoGetContextToken (in: pToken=0x19e6b8 | out: pToken=0x19e6b8) returned 0x0 [0186.518] CoGetContextToken (in: pToken=0x19f298 | out: pToken=0x19f298) returned 0x0 [0186.518] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0186.521] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0186.521] LoadRegTypeLib (in: rguid=0x6cc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x19f208*=0x0 | out: pptlib=0x19f208*=0x5e1da8) returned 0x0 [0186.523] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e1da8, GUID=0x5c13e8*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5c13dc | out: ppTInfo=0x5c13dc*=0x5e38d8) returned 0x0 [0186.523] IUnknown:Release (This=0x5e1da8) returned 0x4 [0186.523] IUnknown:AddRef (This=0x5e38d8) returned 0x2 [0186.523] ITypeInfo:LocalInvoke (This=0x5e38d8) returned 0x0 [0186.523] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0186.523] GetCurrentThreadId () returned 0x478 [0186.524] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5db8e8 [0186.524] IUnknown:Release (This=0x5e38d8) returned 0x1 [0186.524] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0186.986] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5a9b00 [0186.989] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5a9060 [0187.023] CoGetContextToken (in: pToken=0x19ef44 | out: pToken=0x19ef44) returned 0x0 [0187.267] CoGetContextToken (in: pToken=0x19ea40 | out: pToken=0x19ea40) returned 0x0 [0187.267] IUnknown:AddRef (This=0x5e38d8) returned 0x2 [0187.267] ITypeInfo:LocalInvoke (This=0x5e38d8) returned 0x0 [0187.267] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.267] GetCurrentThreadId () returned 0x478 [0187.267] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.267] GetCurrentThreadId () returned 0x478 [0187.268] IUnknown:AddRef (This=0x5e7218) returned 0x3 [0187.268] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.268] GetCurrentThreadId () returned 0x478 [0187.268] IEnumWbemClassObject:Clone (in: This=0x5e7218, ppEnum=0x19ea70 | out: ppEnum=0x19ea70*=0x5a5d98) returned 0x0 [0187.274] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5eb8a0 [0187.274] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5eb600 [0187.274] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5eb840 [0187.274] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d90f8 [0187.274] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5dc750 [0187.274] IUnknown:QueryInterface (in: This=0x5a5d98, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e91c | out: ppvObject=0x19e91c*=0x5a5d9c) returned 0x0 [0187.275] IClientSecurity:QueryBlanket (in: This=0x5a5d9c, pProxy=0x5a5d98, pAuthnSvc=0x19e908, pAuthzSvc=0x19e910, pServerPrincName=0x0, pAuthnLevel=0x19e944, pImpLevel=0x19e948, pAuthInfo=0x0, pCapabilites=0x19e90c | out: pAuthnSvc=0x19e908*=0xa, pAuthzSvc=0x19e910*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e944*=0x6, pImpLevel=0x19e948*=0x2, pAuthInfo=0x0, pCapabilites=0x19e90c*=0x1) returned 0x0 [0187.275] IUnknown:Release (This=0x5a5d9c) returned 0x1 [0187.275] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.275] GetCurrentThreadId () returned 0x478 [0187.275] IUnknown:QueryInterface (in: This=0x5e7218, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e90c | out: ppvObject=0x19e90c*=0x5e721c) returned 0x0 [0187.275] IClientSecurity:QueryBlanket (in: This=0x5e721c, pProxy=0x5e7218, pAuthnSvc=0x19e8f4, pAuthzSvc=0x19e8f8, pServerPrincName=0x0, pAuthnLevel=0x19e904, pImpLevel=0x19e908, pAuthInfo=0x0, pCapabilites=0x19e8fc | out: pAuthnSvc=0x19e8f4*=0xa, pAuthzSvc=0x19e8f8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e904*=0x6, pImpLevel=0x19e908*=0x3, pAuthInfo=0x0, pCapabilites=0x19e8fc*=0x20) returned 0x0 [0187.275] IUnknown:Release (This=0x5e721c) returned 0x3 [0187.275] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.275] GetCurrentThreadId () returned 0x478 [0187.275] IUnknown:QueryInterface (in: This=0x5e7218, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e90c | out: ppvObject=0x19e90c*=0x5e721c) returned 0x0 [0187.275] IClientSecurity:QueryBlanket (in: This=0x5e721c, pProxy=0x5e7218, pAuthnSvc=0x19e8f4, pAuthzSvc=0x19e8f8, pServerPrincName=0x0, pAuthnLevel=0x19e908, pImpLevel=0x19e904, pAuthInfo=0x0, pCapabilites=0x19e8fc | out: pAuthnSvc=0x19e8f4*=0xa, pAuthzSvc=0x19e8f8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e908*=0x6, pImpLevel=0x19e904*=0x3, pAuthInfo=0x0, pCapabilites=0x19e8fc*=0x20) returned 0x0 [0187.275] IUnknown:Release (This=0x5e721c) returned 0x3 [0187.275] IUnknown:QueryInterface (in: This=0x5a5d98, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x5a5d9c) returned 0x0 [0187.275] IClientSecurity:CopyProxy (in: This=0x5a5d9c, pProxy=0x5a5d98, ppCopy=0x19e940 | out: ppCopy=0x19e940*=0x5ef828) returned 0x0 [0187.276] IUnknown:QueryInterface (in: This=0x5ef828, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e894 | out: ppvObject=0x19e894*=0x5ef82c) returned 0x0 [0187.276] IClientSecurity:QueryBlanket (in: This=0x5ef82c, pProxy=0x5ef828, pAuthnSvc=0x19e8c4, pAuthzSvc=0x19e8c0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e8c4*=0xa, pAuthzSvc=0x19e8c0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0187.276] IUnknown:Release (This=0x5ef82c) returned 0x3 [0187.276] IUnknown:QueryInterface (in: This=0x5ef828, riid=0x6cc51f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e878 | out: ppvObject=0x19e878*=0x5ba068) returned 0x0 [0187.276] IUnknown:QueryInterface (in: This=0x5ef828, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e87c | out: ppvObject=0x19e87c*=0x5ef82c) returned 0x0 [0187.276] IClientSecurity:SetBlanket (This=0x5ef82c, pProxy=0x5ef828, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0187.280] IUnknown:Release (This=0x5ef82c) returned 0x4 [0187.281] WbemLocator:IUnknown:Release (This=0x5ba068) returned 0x3 [0187.281] IUnknown:Release (This=0x5a5d9c) returned 0x2 [0187.281] IUnknown:AddRef (This=0x5ef828) returned 0x3 [0187.281] IUnknown:Release (This=0x5a5d98) returned 0x2 [0187.281] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19ea30 | out: pperrinfo=0x19ea30*=0x0) returned 0x1 [0187.281] IUnknown:Release (This=0x5e7218) returned 0x2 [0187.281] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.281] GetCurrentThreadId () returned 0x478 [0187.281] IUnknown:AddRef (This=0x5ef828) returned 0x3 [0187.281] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.281] GetCurrentThreadId () returned 0x478 [0187.282] IEnumWbemClassObject:Reset (This=0x5ef828) returned 0x0 [0187.283] IUnknown:Release (This=0x5ef828) returned 0x2 [0187.283] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5db930 [0187.283] IUnknown:Release (This=0x5e38d8) returned 0x1 [0187.322] CoGetContextToken (in: pToken=0x19e228 | out: pToken=0x19e228) returned 0x0 [0187.322] CoGetContextToken (in: pToken=0x19e630 | out: pToken=0x19e630) returned 0x0 [0187.354] CoGetContextToken (in: pToken=0x19f028 | out: pToken=0x19f028) returned 0x0 [0187.355] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.355] GetCurrentThreadId () returned 0x478 [0187.355] IUnknown:AddRef (This=0x5ef828) returned 0x3 [0187.355] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.355] GetCurrentThreadId () returned 0x478 [0187.355] IEnumWbemClassObject:Next (in: This=0x5ef828, lTimeout=-1, uCount=0x1, apObjects=0x19f3a0, puReturned=0x19f380 | out: apObjects=0x19f3a0*=0x5f2da8, puReturned=0x19f380*=0x1) returned 0x0 [0187.363] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5dd3d8 [0187.363] IUnknown:AddRef (This=0x5f2da8) returned 0x2 [0187.363] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5ecb50 [0187.363] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5eb900 [0187.363] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5eba20 [0187.363] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d92d8 [0187.363] WbemLocator:IUnknown:AddRef (This=0x5bfaa8) returned 0x3 [0187.363] IUnknown:AddRef (This=0x5ef828) returned 0x4 [0187.363] IUnknown:QueryInterface (in: This=0x5ef828, riid=0x6cc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3cc | out: ppvObject=0x19f3cc*=0x5ef82c) returned 0x0 [0187.363] IClientSecurity:QueryBlanket (in: This=0x5ef82c, pProxy=0x5ef828, pAuthnSvc=0x19f350, pAuthzSvc=0x19f358, pServerPrincName=0x0, pAuthnLevel=0x19f37c, pImpLevel=0x19f388, pAuthInfo=0x0, pCapabilites=0x19f34c | out: pAuthnSvc=0x19f350*=0xa, pAuthzSvc=0x19f358*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f37c*=0x6, pImpLevel=0x19f388*=0x3, pAuthInfo=0x0, pCapabilites=0x19f34c*=0x20) returned 0x0 [0187.363] IUnknown:Release (This=0x5ef82c) returned 0x4 [0187.363] WbemLocator:IUnknown:Release (This=0x5bfaa8) returned 0x2 [0187.363] WbemLocator:IUnknown:AddRef (This=0x5bfaa8) returned 0x3 [0187.364] IUnknown:Release (This=0x5ef828) returned 0x3 [0187.364] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0187.364] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5e9858 [0187.364] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5d93b8 [0187.364] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f1548 [0187.364] IUnknown:AddRef (This=0x5f2da8) returned 0x3 [0187.364] IUnknown:Release (This=0x5f2da8) returned 0x2 [0187.364] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f318 | out: pperrinfo=0x19f318*=0x0) returned 0x1 [0187.364] IUnknown:Release (This=0x5ef828) returned 0x2 [0187.364] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3d0 | out: pperrinfo=0x19f3d0*=0x0) returned 0x1 [0187.365] LoadRegTypeLib (in: rguid=0x6cc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19eb7c*=0x0 | out: pptlib=0x19eb7c*=0x5e1da8) returned 0x0 [0187.366] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e1da8, GUID=0x6cc54c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x5e9874 | out: ppTInfo=0x5e9874*=0x5e395c) returned 0x0 [0187.366] IUnknown:Release (This=0x5e1da8) returned 0x5 [0187.366] IUnknown:AddRef (This=0x5e395c) returned 0x2 [0187.366] ITypeInfo:RemoteGetTypeAttr (in: This=0x5e395c, ppTypeAttr=0x19ebb8, pDummy=0x159655b6 | out: ppTypeAttr=0x19ebb8, pDummy=0x159655b6) returned 0x0 [0187.368] ITypeInfo:LocalReleaseTypeAttr (This=0x5e395c) returned 0x0 [0187.368] IUnknown:Release (This=0x5e395c) returned 0x1 [0187.368] CoGetContextToken (in: pToken=0x19e718 | out: pToken=0x19e718) returned 0x0 [0187.368] CoGetContextToken (in: pToken=0x19eb20 | out: pToken=0x19eb20) returned 0x0 [0187.373] CoGetContextToken (in: pToken=0x19eee0 | out: pToken=0x19eee0) returned 0x0 [0187.373] LoadRegTypeLib (in: rguid=0x6cc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eed8*=0x0 | out: pptlib=0x19eed8*=0x5e1da8) returned 0x0 [0187.385] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e1da8, GUID=0x6cc51e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x5e9870 | out: ppTInfo=0x5e9870*=0x5e3988) returned 0x0 [0187.385] IUnknown:Release (This=0x5e1da8) returned 0x6 [0187.385] IUnknown:AddRef (This=0x5e3988) returned 0x2 [0187.385] DispGetIDsOfNames (in: ptinfo=0x5e3988, rgszNames=0x19ef60*="SerialNumber", cNames=0x1, rgdispid=0x19ef50 | out: rgdispid=0x19ef50*=-1) returned 0x80020006 [0187.417] IUnknown:AddRef (This=0x5f2da8) returned 0x3 [0187.417] IWbemClassObject:Get (in: This=0x5f2da8, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0) returned 0x0 [0187.417] IUnknown:Release (This=0x5f2da8) returned 0x2 [0187.417] SysStringLen (param_1="SerialNumber") returned 0xc [0187.418] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f1408 [0187.418] SysStringLen (param_1="SerialNumber") returned 0xc [0187.418] IUnknown:Release (This=0x5e3988) returned 0x1 [0187.418] IUnknown:AddRef (This=0x5e3988) returned 0x2 [0187.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.418] GetCurrentThreadId () returned 0x478 [0187.418] SysStringLen (param_1="SerialNumber") returned 0xc [0187.418] IWbemClassObject:Get (in: This=0x5f2da8, wszName="SerialNumber", lFlags=0, pVal=0x19ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ece8*=0, plFlavor=0x0 | out: pVal=0x19ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x19ece8*=8, plFlavor=0x0) returned 0x0 [0187.419] IUnknown:Release (This=0x5e3988) returned 0x1 [0187.419] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0187.419] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0187.505] CoGetContextToken (in: pToken=0x19f028 | out: pToken=0x19f028) returned 0x0 [0187.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.505] GetCurrentThreadId () returned 0x478 [0187.505] IUnknown:AddRef (This=0x5ef828) returned 0x3 [0187.505] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.505] GetCurrentThreadId () returned 0x478 [0187.505] IEnumWbemClassObject:Next (in: This=0x5ef828, lTimeout=-1, uCount=0x1, apObjects=0x19f3a0, puReturned=0x19f380 | out: apObjects=0x19f3a0*=0x0, puReturned=0x19f380*=0x0) returned 0x1 [0187.507] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f318 | out: pperrinfo=0x19f318*=0x0) returned 0x1 [0187.507] IUnknown:Release (This=0x5ef828) returned 0x2 [0187.507] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3d0 | out: pperrinfo=0x19f3d0*=0x0) returned 0x1 [0187.745] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0187.746] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e0 [0187.758] SetEvent (hEvent=0x3e0) returned 1 [0187.790] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a8*=0x3d0, lpdwindex=0x19f1c4 | out: lpdwindex=0x19f1c4) returned 0x0 [0187.798] CoGetContextToken (in: pToken=0x19f278 | out: pToken=0x19f278) returned 0x0 [0187.798] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0187.798] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x19f2a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x5ecbc0) returned 0x0 [0187.798] WbemDefPath:IUnknown:AddRef (This=0x5ecbc0) returned 0x3 [0187.798] WbemDefPath:IUnknown:Release (This=0x5ecbc0) returned 0x2 [0187.801] WbemDefPath:IWbemPath:SetText (This=0x5ecbc0, uMode=0x4, pszPath="win32_processor") returned 0x0 [0187.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecbc0, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0187.804] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f424*=0x0, pszText=0x0 | out: puBuffLength=0x19f424*=0x10, pszText=0x0) returned 0x0 [0187.804] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f424*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f424*=0x10, pszText="win32_processor") returned 0x0 [0187.805] WbemDefPath:IWbemPath:GetInfo (in: This=0x5ecbc0, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0187.805] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecbc0, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0187.805] WbemDefPath:IWbemPath:GetInfo (in: This=0x5ecbc0, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0187.806] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecbc0, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0187.806] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x10, pszText=0x0) returned 0x0 [0187.806] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f414*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f414*=0x10, pszText="win32_processor") returned 0x0 [0187.806] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecbc0, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0187.806] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x10, pszText=0x0) returned 0x0 [0187.806] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f414*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f414*=0x10, pszText="win32_processor") returned 0x0 [0187.806] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecbc0, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x0) returned 0x0 [0187.807] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c [0187.807] SetEvent (hEvent=0x3e0) returned 1 [0187.807] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ec0c*=0x40c, lpdwindex=0x19ea2c | out: lpdwindex=0x19ea2c) returned 0x0 [0187.810] CoGetContextToken (in: pToken=0x19ead8 | out: pToken=0x19ead8) returned 0x0 [0187.810] CoGetContextToken (in: pToken=0x19ea38 | out: pToken=0x19ea38) returned 0x0 [0187.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x19eb08*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19eb04 | out: ppvObject=0x19eb04*=0x5ec840) returned 0x0 [0187.810] WbemDefPath:IUnknown:AddRef (This=0x5ec840) returned 0x3 [0187.810] WbemDefPath:IUnknown:Release (This=0x5ec840) returned 0x2 [0187.810] WbemDefPath:IWbemPath:SetText (This=0x5ec840, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0187.811] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19f394 | out: puCount=0x19f394*=0x2) returned 0x0 [0187.811] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19f390*=0x0, pszText=0x0 | out: puBuffLength=0x19f390*=0xf, pszText=0x0) returned 0x0 [0187.811] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19f390*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f390*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.811] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x410 [0187.811] SetEvent (hEvent=0x3e0) returned 1 [0187.811] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2f0*=0x410, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0187.814] CoGetContextToken (in: pToken=0x19f1c0 | out: pToken=0x19f1c0) returned 0x0 [0187.814] CoGetContextToken (in: pToken=0x19f120 | out: pToken=0x19f120) returned 0x0 [0187.814] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x19f1f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5ec990) returned 0x0 [0187.814] WbemDefPath:IUnknown:AddRef (This=0x5ec990) returned 0x3 [0187.814] WbemDefPath:IUnknown:Release (This=0x5ec990) returned 0x2 [0187.814] WbemDefPath:IWbemPath:SetText (This=0x5ec990, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0187.814] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec990, puCount=0x19f36c | out: puCount=0x19f36c*=0x2) returned 0x0 [0187.814] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f368*=0x0, pszText=0x0 | out: puBuffLength=0x19f368*=0xf, pszText=0x0) returned 0x0 [0187.814] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f368*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f368*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.995] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f28c*=0x424, lpdwindex=0x19f13c | out: lpdwindex=0x19f13c) returned 0x0 [0188.728] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0188.728] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0188.728] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b368724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f010 | out: ppvObject=0x19f010*=0x5a0148) returned 0x0 [0188.729] CObjectContext::ContextCallback () returned 0x0 [0188.745] IUnknown:Release (This=0x5a0148) returned 0x1 [0188.745] CoUnmarshalInterface (in: pStm=0x5d91d8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f078 | out: ppv=0x19f078*=0x5bb668) returned 0x0 [0188.746] CoMarshalInterface (pStm=0x5d91d8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5bb668, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0188.746] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef1c | out: ppvObject=0x19ef1c*=0x5bb668) returned 0x0 [0188.746] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eed8 | out: ppvObject=0x19eed8*=0x0) returned 0x80004002 [0188.753] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x0) returned 0x80004002 [0188.754] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eacc | out: ppvObject=0x19eacc*=0x0) returned 0x80004002 [0188.757] WbemLocator:IUnknown:AddRef (This=0x5bb668) returned 0x3 [0188.757] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e834 | out: ppvObject=0x19e834*=0x0) returned 0x80004002 [0188.757] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0188.757] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f0 | out: ppvObject=0x19e7f0*=0x5bb5c4) returned 0x0 [0188.757] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5bb5c4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7f8 | out: pCid=0x19e7f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0188.757] WbemLocator:IUnknown:Release (This=0x5bb5c4) returned 0x3 [0188.757] CoGetContextToken (in: pToken=0x19e850 | out: pToken=0x19e850) returned 0x0 [0188.757] CoGetContextToken (in: pToken=0x19ec58 | out: pToken=0x19ec58) returned 0x0 [0188.757] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ece8 | out: ppvObject=0x19ece8*=0x5bb64c) returned 0x0 [0188.757] WbemLocator:IRpcOptions:Query (in: This=0x5bb64c, pPrx=0x5bb668, dwProperty=2, pdwValue=0x19ed10 | out: pdwValue=0x19ed10) returned 0x0 [0188.758] WbemLocator:IUnknown:Release (This=0x5bb64c) returned 0x3 [0188.758] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x2 [0188.758] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x1 [0188.758] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0188.758] WbemLocator:IUnknown:AddRef (This=0x5bb668) returned 0x2 [0188.758] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x5bb644) returned 0x0 [0188.758] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5bb644, pProxy=0x5bb668, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0188.822] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x2 [0188.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x5bb668) returned 0x0 [0188.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x5bb644) returned 0x0 [0188.822] WbemLocator:IClientSecurity:SetBlanket (This=0x5bb644, pProxy=0x5bb668, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.822] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x3 [0188.822] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x2 [0188.822] CoTaskMemFree (pv=0x5fd9d8) [0188.823] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x1 [0188.823] SysStringLen (param_1=0x0) returned 0x0 [0188.823] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0188.823] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0188.823] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x19f268*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f264 | out: ppvObject=0x19f264*=0x592ca8) returned 0x0 [0188.824] WbemLocator:IUnknown:AddRef (This=0x592ca8) returned 0x3 [0188.824] WbemLocator:IUnknown:Release (This=0x592ca8) returned 0x2 [0188.825] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0188.825] WbemLocator:IUnknown:AddRef (This=0x592ca8) returned 0x3 [0188.825] WbemLocator:IUnknown:QueryInterface (in: This=0x592ca8, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x5bb644) returned 0x0 [0188.825] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5bb644, pProxy=0x592ca8, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0188.825] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x3 [0188.825] WbemLocator:IUnknown:QueryInterface (in: This=0x592ca8, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x5bb668) returned 0x0 [0188.825] WbemLocator:IUnknown:QueryInterface (in: This=0x592ca8, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x5bb644) returned 0x0 [0188.825] WbemLocator:IClientSecurity:SetBlanket (This=0x5bb644, pProxy=0x592ca8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.826] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x4 [0188.826] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x3 [0188.826] CoTaskMemFree (pv=0x5fddc8) [0188.826] WbemLocator:IUnknown:Release (This=0x592ca8) returned 0x2 [0188.826] SysStringLen (param_1=0x0) returned 0x0 [0188.826] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec990, puCount=0x19f390 | out: puCount=0x19f390*=0x2) returned 0x0 [0188.826] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f38c*=0x0, pszText=0x0 | out: puBuffLength=0x19f38c*=0xf, pszText=0x0) returned 0x0 [0188.826] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f38c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f38c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0188.826] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0188.827] CoUnmarshalInterface (in: pStm=0x5d91d8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff0 | out: ppv=0x19eff0*=0x5bb668) returned 0x0 [0188.827] CoMarshalInterface (pStm=0x5d91d8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5bb668, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0188.828] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x5bb668) returned 0x0 [0188.828] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x3 [0188.828] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x2 [0188.828] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0188.828] WbemLocator:IUnknown:AddRef (This=0x5bb668) returned 0x3 [0188.828] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x5bb644) returned 0x0 [0188.828] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5bb644, pProxy=0x5bb668, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0188.828] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x3 [0188.828] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5bb668) returned 0x0 [0188.828] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb668, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x5bb644) returned 0x0 [0188.828] WbemLocator:IClientSecurity:SetBlanket (This=0x5bb644, pProxy=0x5bb668, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.829] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x4 [0188.829] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x3 [0188.829] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x2 [0188.829] SysStringLen (param_1=0x0) returned 0x0 [0188.829] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0188.829] WbemLocator:IUnknown:AddRef (This=0x592ca8) returned 0x3 [0188.829] WbemLocator:IUnknown:Release (This=0x592ca8) returned 0x2 [0188.829] CoGetContextToken (in: pToken=0x19f170 | out: pToken=0x19f170) returned 0x0 [0188.829] WbemLocator:IUnknown:AddRef (This=0x592ca8) returned 0x3 [0188.829] WbemLocator:IUnknown:QueryInterface (in: This=0x592ca8, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x5bb644) returned 0x0 [0188.829] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5bb644, pProxy=0x592ca8, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0188.829] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x3 [0188.829] WbemLocator:IUnknown:QueryInterface (in: This=0x592ca8, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5bb668) returned 0x0 [0188.829] WbemLocator:IUnknown:QueryInterface (in: This=0x592ca8, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x5bb644) returned 0x0 [0188.829] WbemLocator:IClientSecurity:SetBlanket (This=0x5bb644, pProxy=0x592ca8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.830] WbemLocator:IUnknown:Release (This=0x5bb644) returned 0x4 [0188.830] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x3 [0188.830] WbemLocator:IUnknown:Release (This=0x592ca8) returned 0x2 [0188.830] SysStringLen (param_1=0x0) returned 0x0 [0188.830] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0x10, pszText=0x0) returned 0x0 [0188.830] WbemDefPath:IWbemPath:GetText (in: This=0x5ecbc0, lFlags=2, puBuffLength=0x19f394*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f394*=0x10, pszText="win32_processor") returned 0x0 [0188.838] IWbemServices:GetObject (in: This=0x592ca8, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f348*=0x0, ppCallResult=0x0 | out: ppObject=0x19f348*=0x5fd488, ppCallResult=0x0) returned 0x0 [0188.851] IWbemClassObject:Get (in: This=0x5fd488, wszName="__PATH", lFlags=0, pVal=0x19f330*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d8*=0, plFlavor=0x19f3d4*=0 | out: pVal=0x19f330*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f3d8*=8, plFlavor=0x19f3d4*=64) returned 0x0 [0188.856] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0188.856] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0188.857] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c [0188.857] SetEvent (hEvent=0x3e0) returned 1 [0188.857] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2ec*=0x45c, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0188.863] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0188.863] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0188.863] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x19f1e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x5ecc30) returned 0x0 [0188.863] WbemDefPath:IUnknown:AddRef (This=0x5ecc30) returned 0x3 [0188.863] WbemDefPath:IUnknown:Release (This=0x5ecc30) returned 0x2 [0188.863] WbemDefPath:IWbemPath:SetText (This=0x5ecc30, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0 [0188.863] IWbemClassObject:Get (in: This=0x5fd488, wszName="__CLASS", lFlags=0, pVal=0x19f3a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f420*=0, plFlavor=0x19f41c*=0 | out: pVal=0x19f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f420*=8, plFlavor=0x19f41c*=64) returned 0x0 [0188.863] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0188.863] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0188.863] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0188.863] WbemLocator:IUnknown:AddRef (This=0x592ca8) returned 0x3 [0188.863] IWbemServices:CreateInstanceEnum (in: This=0x592ca8, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f39c | out: ppEnum=0x19f39c*=0x5efda0) returned 0x0 [0188.944] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f230 | out: ppvObject=0x19f230*=0x5efda4) returned 0x0 [0188.944] IClientSecurity:QueryBlanket (in: This=0x5efda4, pProxy=0x5efda0, pAuthnSvc=0x19f280, pAuthzSvc=0x19f27c, pServerPrincName=0x19f274, pAuthnLevel=0x19f278, pImpLevel=0x19f268, pAuthInfo=0x19f26c, pCapabilites=0x19f270 | out: pAuthnSvc=0x19f280*=0xa, pAuthzSvc=0x19f27c*=0x0, pServerPrincName=0x19f274, pAuthnLevel=0x19f278*=0x6, pImpLevel=0x19f268*=0x2, pAuthInfo=0x19f26c, pCapabilites=0x19f270*=0x1) returned 0x0 [0188.944] IUnknown:Release (This=0x5efda4) returned 0x1 [0188.944] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x5b9a68) returned 0x0 [0188.945] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f220 | out: ppvObject=0x19f220*=0x5efda4) returned 0x0 [0188.945] IClientSecurity:SetBlanket (This=0x5efda4, pProxy=0x5efda0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0189.008] IUnknown:Release (This=0x5efda4) returned 0x2 [0189.008] WbemLocator:IUnknown:Release (This=0x5b9a68) returned 0x1 [0189.008] CoTaskMemFree (pv=0x5fda08) [0189.008] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee18 | out: ppvObject=0x19ee18*=0x5b9a68) returned 0x0 [0189.008] WbemLocator:IUnknown:QueryInterface (in: This=0x5b9a68, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edd4 | out: ppvObject=0x19edd4*=0x0) returned 0x80004002 [0189.059] WbemLocator:IUnknown:QueryInterface (in: This=0x5b9a68, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebf4 | out: ppvObject=0x19ebf4*=0x0) returned 0x80004002 [0189.103] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0189.154] WbemLocator:IUnknown:AddRef (This=0x5b9a68) returned 0x3 [0189.154] WbemLocator:IUnknown:QueryInterface (in: This=0x5b9a68, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e734 | out: ppvObject=0x19e734*=0x0) returned 0x80004002 [0189.155] WbemLocator:IUnknown:QueryInterface (in: This=0x5b9a68, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6e4 | out: ppvObject=0x19e6e4*=0x0) returned 0x80004002 [0189.155] WbemLocator:IUnknown:QueryInterface (in: This=0x5b9a68, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6f0 | out: ppvObject=0x19e6f0*=0x5b99c4) returned 0x0 [0189.155] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5b99c4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6f8 | out: pCid=0x19e6f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0189.155] WbemLocator:IUnknown:Release (This=0x5b99c4) returned 0x3 [0189.155] CoGetContextToken (in: pToken=0x19e750 | out: pToken=0x19e750) returned 0x0 [0189.155] CoGetContextToken (in: pToken=0x19eb58 | out: pToken=0x19eb58) returned 0x0 [0189.155] WbemLocator:IUnknown:QueryInterface (in: This=0x5b9a68, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebe8 | out: ppvObject=0x19ebe8*=0x5b9a4c) returned 0x0 [0189.155] WbemLocator:IRpcOptions:Query (in: This=0x5b9a4c, pPrx=0x5b9a68, dwProperty=2, pdwValue=0x19ec10 | out: pdwValue=0x19ec10) returned 0x80004002 [0189.155] WbemLocator:IUnknown:Release (This=0x5b9a4c) returned 0x3 [0189.155] WbemLocator:IUnknown:Release (This=0x5b9a68) returned 0x2 [0189.155] CoGetContextToken (in: pToken=0x19f128 | out: pToken=0x19f128) returned 0x0 [0189.155] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0189.155] WbemLocator:IUnknown:QueryInterface (in: This=0x5b9a68, riid=0x19f158*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f154 | out: ppvObject=0x19f154*=0x5efda0) returned 0x0 [0189.155] IUnknown:AddRef (This=0x5efda0) returned 0x4 [0189.155] IUnknown:Release (This=0x5efda0) returned 0x3 [0189.155] IUnknown:Release (This=0x5efda0) returned 0x2 [0189.155] WbemLocator:IUnknown:Release (This=0x592ca8) returned 0x2 [0189.156] SysStringLen (param_1=0x0) returned 0x0 [0189.156] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec990, puCount=0x19f3d8 | out: puCount=0x19f3d8*=0x2) returned 0x0 [0189.156] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f3d4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3d4*=0xf, pszText=0x0) returned 0x0 [0189.156] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f3d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0189.156] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0189.156] IUnknown:AddRef (This=0x5efda0) returned 0x3 [0189.156] IEnumWbemClassObject:Clone (in: This=0x5efda0, ppEnum=0x19f3d8 | out: ppEnum=0x19f3d8*=0x5ef760) returned 0x0 [0189.205] IUnknown:QueryInterface (in: This=0x5ef760, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x5ef764) returned 0x0 [0189.205] IClientSecurity:QueryBlanket (in: This=0x5ef764, pProxy=0x5ef760, pAuthnSvc=0x19f2ec, pAuthzSvc=0x19f2e8, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4, pImpLevel=0x19f2d4, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc | out: pAuthnSvc=0x19f2ec*=0xa, pAuthzSvc=0x19f2e8*=0x0, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4*=0x6, pImpLevel=0x19f2d4*=0x2, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc*=0x1) returned 0x0 [0189.205] IUnknown:Release (This=0x5ef764) returned 0x1 [0189.205] IUnknown:QueryInterface (in: This=0x5ef760, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x60e878) returned 0x0 [0189.205] IUnknown:QueryInterface (in: This=0x5ef760, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x5ef764) returned 0x0 [0189.206] IClientSecurity:SetBlanket (This=0x5ef764, pProxy=0x5ef760, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0189.209] IUnknown:Release (This=0x5ef764) returned 0x2 [0189.209] WbemLocator:IUnknown:Release (This=0x60e878) returned 0x1 [0189.209] CoTaskMemFree (pv=0x5fda38) [0189.209] IUnknown:QueryInterface (in: This=0x5ef760, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee78 | out: ppvObject=0x19ee78*=0x60e878) returned 0x0 [0189.210] WbemLocator:IUnknown:QueryInterface (in: This=0x60e878, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee34 | out: ppvObject=0x19ee34*=0x0) returned 0x80004002 [0189.211] WbemLocator:IUnknown:QueryInterface (in: This=0x60e878, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x0) returned 0x80004002 [0189.212] IUnknown:QueryInterface (in: This=0x5ef760, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea2c | out: ppvObject=0x19ea2c*=0x0) returned 0x80004002 [0189.214] WbemLocator:IUnknown:AddRef (This=0x60e878) returned 0x3 [0189.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60e878, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0189.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60e878, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002 [0189.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60e878, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x60e7d4) returned 0x0 [0189.214] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60e7d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e758 | out: pCid=0x19e758*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0189.214] WbemLocator:IUnknown:Release (This=0x60e7d4) returned 0x3 [0189.214] CoGetContextToken (in: pToken=0x19e7b0 | out: pToken=0x19e7b0) returned 0x0 [0189.214] CoGetContextToken (in: pToken=0x19ebb8 | out: pToken=0x19ebb8) returned 0x0 [0189.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60e878, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec48 | out: ppvObject=0x19ec48*=0x60e85c) returned 0x0 [0189.214] WbemLocator:IRpcOptions:Query (in: This=0x60e85c, pPrx=0x60e878, dwProperty=2, pdwValue=0x19ec70 | out: pdwValue=0x19ec70) returned 0x80004002 [0189.214] WbemLocator:IUnknown:Release (This=0x60e85c) returned 0x3 [0189.214] WbemLocator:IUnknown:Release (This=0x60e878) returned 0x2 [0189.214] CoGetContextToken (in: pToken=0x19f188 | out: pToken=0x19f188) returned 0x0 [0189.214] CoGetContextToken (in: pToken=0x19f0e8 | out: pToken=0x19f0e8) returned 0x0 [0189.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60e878, riid=0x19f1b8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x5ef760) returned 0x0 [0189.215] IUnknown:AddRef (This=0x5ef760) returned 0x4 [0189.215] IUnknown:Release (This=0x5ef760) returned 0x3 [0189.215] IUnknown:Release (This=0x5ef760) returned 0x2 [0189.215] IUnknown:Release (This=0x5efda0) returned 0x2 [0189.215] SysStringLen (param_1=0x0) returned 0x0 [0189.215] IEnumWbemClassObject:Reset (This=0x5ef760) returned 0x0 [0189.219] CoTaskMemAlloc (cb=0x4) returned 0x5f6b08 [0189.219] IEnumWbemClassObject:Next (in: This=0x5ef760, lTimeout=-1, uCount=0x1, apObjects=0x5f6b08, puReturned=0x23480fc | out: apObjects=0x5f6b08*=0x5fd680, puReturned=0x23480fc*=0x1) returned 0x0 [0200.054] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x5fd680) returned 0x0 [0200.055] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0200.055] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0200.055] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0200.055] IUnknown:AddRef (This=0x5fd680) returned 0x3 [0200.055] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0200.055] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0200.056] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x5fd684) returned 0x0 [0200.056] IMarshal:GetUnmarshalClass (in: This=0x5fd684, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0200.056] IUnknown:Release (This=0x5fd684) returned 0x3 [0200.056] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0200.056] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0200.056] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0200.056] IUnknown:Release (This=0x5fd680) returned 0x2 [0200.057] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0200.057] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0200.057] IUnknown:QueryInterface (in: This=0x5fd680, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5fd680) returned 0x0 [0200.057] IUnknown:AddRef (This=0x5fd680) returned 0x4 [0200.057] IUnknown:Release (This=0x5fd680) returned 0x3 [0200.057] IUnknown:Release (This=0x5fd680) returned 0x2 [0200.058] CoTaskMemFree (pv=0x5f6b08) [0200.058] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0200.058] IUnknown:AddRef (This=0x5fd680) returned 0x3 [0200.059] IWbemClassObject:Get (in: This=0x5fd680, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0200.060] IWbemClassObject:Get (in: This=0x5fd680, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0200.061] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0200.061] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0200.061] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x460 [0200.061] SetEvent (hEvent=0x3e0) returned 1 [0200.063] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x460, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0200.072] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0200.072] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0200.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x5ec6f0) returned 0x0 [0200.073] WbemDefPath:IUnknown:AddRef (This=0x5ec6f0) returned 0x3 [0200.073] WbemDefPath:IUnknown:Release (This=0x5ec6f0) returned 0x2 [0200.073] WbemDefPath:IWbemPath:SetText (This=0x5ec6f0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0200.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec990, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0200.073] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0200.073] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.074] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec990, puCount=0x19f3e4 | out: puCount=0x19f3e4*=0x2) returned 0x0 [0200.074] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f3e0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e0*=0xf, pszText=0x0) returned 0x0 [0200.074] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=4, puBuffLength=0x19f3e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.082] IWbemClassObject:Get (in: This=0x5fd680, wszName="processorID", lFlags=0, pVal=0x19f3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23489ac*=0, plFlavor=0x23489b0*=0 | out: pVal=0x19f3e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x23489ac*=8, plFlavor=0x23489b0*=0) returned 0x0 [0200.082] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0200.083] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0200.083] IWbemClassObject:Get (in: This=0x5fd680, wszName="processorID", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23489ac*=8, plFlavor=0x23489b0*=0 | out: pVal=0x19f3e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x23489ac*=8, plFlavor=0x23489b0*=0) returned 0x0 [0200.083] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0200.083] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0200.084] CoTaskMemAlloc (cb=0x4) returned 0x5f6ab8 [0200.084] IEnumWbemClassObject:Next (in: This=0x5ef760, lTimeout=-1, uCount=0x1, apObjects=0x5f6ab8, puReturned=0x23480fc | out: apObjects=0x5f6ab8*=0x0, puReturned=0x23480fc*=0x0) returned 0x1 [0200.088] CoTaskMemFree (pv=0x5f6ab8) [0200.088] CoGetContextToken (in: pToken=0x19f300 | out: pToken=0x19f300) returned 0x0 [0200.088] WbemLocator:IUnknown:Release (This=0x60e878) returned 0x1 [0200.089] IUnknown:Release (This=0x5ef760) returned 0x0 [0200.133] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x464 [0200.133] SetEvent (hEvent=0x3e0) returned 1 [0200.133] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a8*=0x464, lpdwindex=0x19f1c4 | out: lpdwindex=0x19f1c4) returned 0x0 [0200.138] CoGetContextToken (in: pToken=0x19f278 | out: pToken=0x19f278) returned 0x0 [0200.138] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0200.138] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x19f2a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x5eca70) returned 0x0 [0200.138] WbemDefPath:IUnknown:AddRef (This=0x5eca70) returned 0x3 [0200.138] WbemDefPath:IUnknown:Release (This=0x5eca70) returned 0x2 [0200.138] WbemDefPath:IWbemPath:SetText (This=0x5eca70, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0200.138] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5eca70, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f424*=0x0, pszText=0x0 | out: puBuffLength=0x19f424*=0x22, pszText=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f424*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f424*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetInfo (in: This=0x5eca70, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5eca70, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetInfo (in: This=0x5eca70, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5eca70, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x22, pszText=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f414*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f414*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5eca70, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x22, pszText=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f414*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f414*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5eca70, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19f394 | out: puCount=0x19f394*=0x2) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19f390*=0x0, pszText=0x0 | out: puBuffLength=0x19f390*=0xf, pszText=0x0) returned 0x0 [0200.139] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19f390*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f390*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.139] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x468 [0200.139] SetEvent (hEvent=0x3e0) returned 1 [0200.140] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2f0*=0x468, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0200.142] CoGetContextToken (in: pToken=0x19f1c0 | out: pToken=0x19f1c0) returned 0x0 [0200.142] CoGetContextToken (in: pToken=0x19f120 | out: pToken=0x19f120) returned 0x0 [0200.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x19f1f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5ecae0) returned 0x0 [0200.143] WbemDefPath:IUnknown:AddRef (This=0x5ecae0) returned 0x3 [0200.143] WbemDefPath:IUnknown:Release (This=0x5ecae0) returned 0x2 [0200.143] WbemDefPath:IWbemPath:SetText (This=0x5ecae0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0200.143] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f36c | out: puCount=0x19f36c*=0x2) returned 0x0 [0200.143] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f368*=0x0, pszText=0x0 | out: puBuffLength=0x19f368*=0xf, pszText=0x0) returned 0x0 [0200.143] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f368*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f368*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.162] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f28c*=0x47c, lpdwindex=0x19f13c | out: lpdwindex=0x19f13c) returned 0x0 [0200.200] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0200.200] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0200.200] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b368724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f010 | out: ppvObject=0x19f010*=0x5a0148) returned 0x0 [0200.200] CObjectContext::ContextCallback () returned 0x0 [0200.203] IUnknown:Release (This=0x5a0148) returned 0x1 [0200.203] CoUnmarshalInterface (in: pStm=0x5d9278, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f078 | out: ppv=0x19f078*=0x60d678) returned 0x0 [0200.203] CoMarshalInterface (pStm=0x5d9278, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60d678, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0200.204] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef1c | out: ppvObject=0x19ef1c*=0x60d678) returned 0x0 [0200.204] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eed8 | out: ppvObject=0x19eed8*=0x0) returned 0x80004002 [0200.204] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x0) returned 0x80004002 [0200.205] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eacc | out: ppvObject=0x19eacc*=0x0) returned 0x80004002 [0200.206] WbemLocator:IUnknown:AddRef (This=0x60d678) returned 0x3 [0200.206] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e834 | out: ppvObject=0x19e834*=0x0) returned 0x80004002 [0200.206] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0200.206] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f0 | out: ppvObject=0x19e7f0*=0x60d5d4) returned 0x0 [0200.206] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60d5d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7f8 | out: pCid=0x19e7f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.206] WbemLocator:IUnknown:Release (This=0x60d5d4) returned 0x3 [0200.206] CoGetContextToken (in: pToken=0x19e850 | out: pToken=0x19e850) returned 0x0 [0200.206] CoGetContextToken (in: pToken=0x19ec58 | out: pToken=0x19ec58) returned 0x0 [0200.207] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ece8 | out: ppvObject=0x19ece8*=0x60d65c) returned 0x0 [0200.207] WbemLocator:IRpcOptions:Query (in: This=0x60d65c, pPrx=0x60d678, dwProperty=2, pdwValue=0x19ed10 | out: pdwValue=0x19ed10) returned 0x0 [0200.207] WbemLocator:IUnknown:Release (This=0x60d65c) returned 0x3 [0200.207] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x2 [0200.207] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x1 [0200.207] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0200.207] WbemLocator:IUnknown:AddRef (This=0x60d678) returned 0x2 [0200.207] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x60d654) returned 0x0 [0200.208] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60d654, pProxy=0x60d678, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0200.208] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x2 [0200.208] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x60d678) returned 0x0 [0200.208] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x60d654) returned 0x0 [0200.208] WbemLocator:IClientSecurity:SetBlanket (This=0x60d654, pProxy=0x60d678, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.209] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x3 [0200.209] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x2 [0200.209] CoTaskMemFree (pv=0x5fd918) [0200.209] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x1 [0200.209] SysStringLen (param_1=0x0) returned 0x0 [0200.209] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0200.209] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0200.209] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x19f268*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f264 | out: ppvObject=0x19f264*=0x60cd18) returned 0x0 [0200.211] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0200.211] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0200.211] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0200.211] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0200.211] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x60d654) returned 0x0 [0200.211] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60d654, pProxy=0x60cd18, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0200.212] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x3 [0200.212] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x60d678) returned 0x0 [0200.212] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x60d654) returned 0x0 [0200.212] WbemLocator:IClientSecurity:SetBlanket (This=0x60d654, pProxy=0x60cd18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.212] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x4 [0200.212] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x3 [0200.212] CoTaskMemFree (pv=0x5fd978) [0200.212] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0200.213] SysStringLen (param_1=0x0) returned 0x0 [0200.213] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f390 | out: puCount=0x19f390*=0x2) returned 0x0 [0200.213] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f38c*=0x0, pszText=0x0 | out: puBuffLength=0x19f38c*=0xf, pszText=0x0) returned 0x0 [0200.213] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f38c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f38c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.213] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0200.213] CoUnmarshalInterface (in: pStm=0x5d9278, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff0 | out: ppv=0x19eff0*=0x60d678) returned 0x0 [0200.213] CoMarshalInterface (pStm=0x5d9278, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60d678, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0200.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x60d678) returned 0x0 [0200.214] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x3 [0200.214] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x2 [0200.214] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0200.214] WbemLocator:IUnknown:AddRef (This=0x60d678) returned 0x3 [0200.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x60d654) returned 0x0 [0200.214] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60d654, pProxy=0x60d678, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0200.214] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x3 [0200.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x60d678) returned 0x0 [0200.214] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x60d654) returned 0x0 [0200.215] WbemLocator:IClientSecurity:SetBlanket (This=0x60d654, pProxy=0x60d678, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.215] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x4 [0200.215] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x3 [0200.215] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x2 [0200.215] SysStringLen (param_1=0x0) returned 0x0 [0200.215] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0200.215] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0200.215] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0200.215] CoGetContextToken (in: pToken=0x19f170 | out: pToken=0x19f170) returned 0x0 [0200.215] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0200.215] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x60d654) returned 0x0 [0200.216] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60d654, pProxy=0x60cd18, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0200.216] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x3 [0200.216] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x60d678) returned 0x0 [0200.216] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x60d654) returned 0x0 [0200.216] WbemLocator:IClientSecurity:SetBlanket (This=0x60d654, pProxy=0x60cd18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.216] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x4 [0200.216] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x3 [0200.216] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0200.216] SysStringLen (param_1=0x0) returned 0x0 [0200.217] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0x22, pszText=0x0) returned 0x0 [0200.217] WbemDefPath:IWbemPath:GetText (in: This=0x5eca70, lFlags=2, puBuffLength=0x19f394*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f394*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0200.217] IWbemServices:GetObject (in: This=0x60cd18, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x19f348*=0x0, ppCallResult=0x0 | out: ppObject=0x19f348*=0x5d4328, ppCallResult=0x0) returned 0x0 [0200.249] IWbemClassObject:Get (in: This=0x5d4328, wszName="__PATH", lFlags=0, pVal=0x19f330*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d8*=0, plFlavor=0x19f3d4*=0 | out: pVal=0x19f330*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f3d8*=8, plFlavor=0x19f3d4*=64) returned 0x0 [0200.249] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0200.249] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0200.249] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x480 [0200.250] SetEvent (hEvent=0x3e0) returned 1 [0200.250] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2ec*=0x480, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0200.253] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0200.254] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0200.254] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x19f1e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x5ec5a0) returned 0x0 [0200.254] WbemDefPath:IUnknown:AddRef (This=0x5ec5a0) returned 0x3 [0200.254] WbemDefPath:IUnknown:Release (This=0x5ec5a0) returned 0x2 [0200.254] WbemDefPath:IWbemPath:SetText (This=0x5ec5a0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0200.254] IWbemClassObject:Get (in: This=0x5d4328, wszName="__CLASS", lFlags=0, pVal=0x19f3a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f420*=0, plFlavor=0x19f41c*=0 | out: pVal=0x19f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f420*=8, plFlavor=0x19f41c*=64) returned 0x0 [0200.254] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0200.254] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0200.254] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0200.254] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0200.254] IWbemServices:CreateInstanceEnum (in: This=0x60cd18, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x19f39c | out: ppEnum=0x19f39c*=0x5f0188) returned 0x0 [0200.261] IUnknown:QueryInterface (in: This=0x5f0188, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f20c | out: ppvObject=0x19f20c*=0x5f018c) returned 0x0 [0200.262] IClientSecurity:QueryBlanket (in: This=0x5f018c, pProxy=0x5f0188, pAuthnSvc=0x19f25c, pAuthzSvc=0x19f258, pServerPrincName=0x19f250, pAuthnLevel=0x19f254, pImpLevel=0x19f244, pAuthInfo=0x19f248, pCapabilites=0x19f24c | out: pAuthnSvc=0x19f25c*=0xa, pAuthzSvc=0x19f258*=0x0, pServerPrincName=0x19f250, pAuthnLevel=0x19f254*=0x6, pImpLevel=0x19f244*=0x2, pAuthInfo=0x19f248, pCapabilites=0x19f24c*=0x1) returned 0x0 [0200.262] IUnknown:Release (This=0x5f018c) returned 0x1 [0200.262] IUnknown:QueryInterface (in: This=0x5f0188, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x60e478) returned 0x0 [0200.262] IUnknown:QueryInterface (in: This=0x5f0188, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x5f018c) returned 0x0 [0200.262] IClientSecurity:SetBlanket (This=0x5f018c, pProxy=0x5f0188, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.366] IUnknown:Release (This=0x5f018c) returned 0x2 [0200.366] WbemLocator:IUnknown:Release (This=0x60e478) returned 0x1 [0200.366] CoTaskMemFree (pv=0x5fdca8) [0200.366] IUnknown:QueryInterface (in: This=0x5f0188, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edf4 | out: ppvObject=0x19edf4*=0x60e478) returned 0x0 [0200.366] WbemLocator:IUnknown:QueryInterface (in: This=0x60e478, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edb0 | out: ppvObject=0x19edb0*=0x0) returned 0x80004002 [0200.369] WbemLocator:IUnknown:QueryInterface (in: This=0x60e478, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebcc | out: ppvObject=0x19ebcc*=0x0) returned 0x80004002 [0200.372] IUnknown:QueryInterface (in: This=0x5f0188, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9a4 | out: ppvObject=0x19e9a4*=0x0) returned 0x80004002 [0200.380] WbemLocator:IUnknown:AddRef (This=0x60e478) returned 0x3 [0200.380] WbemLocator:IUnknown:QueryInterface (in: This=0x60e478, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e70c | out: ppvObject=0x19e70c*=0x0) returned 0x80004002 [0200.380] WbemLocator:IUnknown:QueryInterface (in: This=0x60e478, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6bc | out: ppvObject=0x19e6bc*=0x0) returned 0x80004002 [0200.380] WbemLocator:IUnknown:QueryInterface (in: This=0x60e478, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6c8 | out: ppvObject=0x19e6c8*=0x60e3d4) returned 0x0 [0200.381] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60e3d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6d0 | out: pCid=0x19e6d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.381] WbemLocator:IUnknown:Release (This=0x60e3d4) returned 0x3 [0200.381] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0200.381] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0200.381] WbemLocator:IUnknown:QueryInterface (in: This=0x60e478, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebc0 | out: ppvObject=0x19ebc0*=0x60e45c) returned 0x0 [0200.381] WbemLocator:IRpcOptions:Query (in: This=0x60e45c, pPrx=0x60e478, dwProperty=2, pdwValue=0x19ebe8 | out: pdwValue=0x19ebe8) returned 0x80004002 [0200.381] WbemLocator:IUnknown:Release (This=0x60e45c) returned 0x3 [0200.381] WbemLocator:IUnknown:Release (This=0x60e478) returned 0x2 [0200.381] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0 [0200.381] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0200.381] WbemLocator:IUnknown:QueryInterface (in: This=0x60e478, riid=0x19f138*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f134 | out: ppvObject=0x19f134*=0x5f0188) returned 0x0 [0200.381] IUnknown:AddRef (This=0x5f0188) returned 0x4 [0200.381] IUnknown:Release (This=0x5f0188) returned 0x3 [0200.381] IUnknown:Release (This=0x5f0188) returned 0x2 [0200.381] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0200.381] SysStringLen (param_1=0x0) returned 0x0 [0200.381] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f3d8 | out: puCount=0x19f3d8*=0x2) returned 0x0 [0200.381] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3d4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3d4*=0xf, pszText=0x0) returned 0x0 [0200.381] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.382] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0200.382] IUnknown:AddRef (This=0x5f0188) returned 0x3 [0200.382] IEnumWbemClassObject:Clone (in: This=0x5f0188, ppEnum=0x19f3d8 | out: ppEnum=0x19f3d8*=0x5f0318) returned 0x0 [0200.406] IUnknown:QueryInterface (in: This=0x5f0318, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x5f031c) returned 0x0 [0200.406] IClientSecurity:QueryBlanket (in: This=0x5f031c, pProxy=0x5f0318, pAuthnSvc=0x19f2ec, pAuthzSvc=0x19f2e8, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4, pImpLevel=0x19f2d4, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc | out: pAuthnSvc=0x19f2ec*=0xa, pAuthzSvc=0x19f2e8*=0x0, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4*=0x6, pImpLevel=0x19f2d4*=0x2, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc*=0x1) returned 0x0 [0200.406] IUnknown:Release (This=0x5f031c) returned 0x1 [0200.406] IUnknown:QueryInterface (in: This=0x5f0318, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x60e778) returned 0x0 [0200.406] IUnknown:QueryInterface (in: This=0x5f0318, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x5f031c) returned 0x0 [0200.407] IClientSecurity:SetBlanket (This=0x5f031c, pProxy=0x5f0318, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.433] IUnknown:Release (This=0x5f031c) returned 0x2 [0200.433] WbemLocator:IUnknown:Release (This=0x60e778) returned 0x1 [0200.433] CoTaskMemFree (pv=0x5fd918) [0200.433] IUnknown:QueryInterface (in: This=0x5f0318, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee78 | out: ppvObject=0x19ee78*=0x60e778) returned 0x0 [0200.434] WbemLocator:IUnknown:QueryInterface (in: This=0x60e778, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee34 | out: ppvObject=0x19ee34*=0x0) returned 0x80004002 [0200.453] WbemLocator:IUnknown:QueryInterface (in: This=0x60e778, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x0) returned 0x80004002 [0200.465] IUnknown:QueryInterface (in: This=0x5f0318, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea2c | out: ppvObject=0x19ea2c*=0x0) returned 0x80004002 [0200.476] WbemLocator:IUnknown:AddRef (This=0x60e778) returned 0x3 [0200.476] WbemLocator:IUnknown:QueryInterface (in: This=0x60e778, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0200.476] WbemLocator:IUnknown:QueryInterface (in: This=0x60e778, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002 [0200.476] WbemLocator:IUnknown:QueryInterface (in: This=0x60e778, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x60e6d4) returned 0x0 [0200.476] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60e6d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e758 | out: pCid=0x19e758*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.476] WbemLocator:IUnknown:Release (This=0x60e6d4) returned 0x3 [0200.476] CoGetContextToken (in: pToken=0x19e7b0 | out: pToken=0x19e7b0) returned 0x0 [0200.476] CoGetContextToken (in: pToken=0x19ebb8 | out: pToken=0x19ebb8) returned 0x0 [0200.476] WbemLocator:IUnknown:QueryInterface (in: This=0x60e778, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec48 | out: ppvObject=0x19ec48*=0x60e75c) returned 0x0 [0200.476] WbemLocator:IRpcOptions:Query (in: This=0x60e75c, pPrx=0x60e778, dwProperty=2, pdwValue=0x19ec70 | out: pdwValue=0x19ec70) returned 0x80004002 [0200.476] WbemLocator:IUnknown:Release (This=0x60e75c) returned 0x3 [0200.477] WbemLocator:IUnknown:Release (This=0x60e778) returned 0x2 [0200.477] CoGetContextToken (in: pToken=0x19f188 | out: pToken=0x19f188) returned 0x0 [0200.477] CoGetContextToken (in: pToken=0x19f0e8 | out: pToken=0x19f0e8) returned 0x0 [0200.477] WbemLocator:IUnknown:QueryInterface (in: This=0x60e778, riid=0x19f1b8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x5f0318) returned 0x0 [0200.477] IUnknown:AddRef (This=0x5f0318) returned 0x4 [0200.477] IUnknown:Release (This=0x5f0318) returned 0x3 [0200.477] IUnknown:Release (This=0x5f0318) returned 0x2 [0200.477] IUnknown:Release (This=0x5f0188) returned 0x2 [0200.477] SysStringLen (param_1=0x0) returned 0x0 [0200.477] IEnumWbemClassObject:Reset (This=0x5f0318) returned 0x0 [0200.489] CoTaskMemAlloc (cb=0x4) returned 0x5f6d18 [0200.489] IEnumWbemClassObject:Next (in: This=0x5f0318, lTimeout=-1, uCount=0x1, apObjects=0x5f6d18, puReturned=0x234a604 | out: apObjects=0x5f6d18*=0x5d4520, puReturned=0x234a604*=0x1) returned 0x0 [0200.542] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x5d4520) returned 0x0 [0200.542] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0200.542] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0200.542] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0200.542] IUnknown:AddRef (This=0x5d4520) returned 0x3 [0200.542] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0200.542] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0200.542] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x5d4524) returned 0x0 [0200.542] IMarshal:GetUnmarshalClass (in: This=0x5d4524, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0200.542] IUnknown:Release (This=0x5d4524) returned 0x3 [0200.542] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0200.543] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0200.543] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0200.543] IUnknown:Release (This=0x5d4520) returned 0x2 [0200.543] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0200.543] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0200.543] IUnknown:QueryInterface (in: This=0x5d4520, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5d4520) returned 0x0 [0200.543] IUnknown:AddRef (This=0x5d4520) returned 0x4 [0200.543] IUnknown:Release (This=0x5d4520) returned 0x3 [0200.543] IUnknown:Release (This=0x5d4520) returned 0x2 [0200.543] CoTaskMemFree (pv=0x5f6d18) [0200.543] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0200.543] IUnknown:AddRef (This=0x5d4520) returned 0x3 [0200.543] IWbemClassObject:Get (in: This=0x5d4520, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0200.543] IWbemClassObject:Get (in: This=0x5d4520, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0200.544] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0200.544] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0200.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x484 [0200.544] SetEvent (hEvent=0x3e0) returned 1 [0200.545] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x484, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0200.547] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0200.547] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0200.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x5ec610) returned 0x0 [0200.547] WbemDefPath:IUnknown:AddRef (This=0x5ec610) returned 0x3 [0200.547] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x2 [0200.547] WbemDefPath:IWbemPath:SetText (This=0x5ec610, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0200.548] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0200.548] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0200.548] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.551] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x2) returned 0x0 [0200.551] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3cc*=0xf, pszText=0x0) returned 0x0 [0200.551] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.551] IWbemClassObject:Get (in: This=0x5d4520, wszName="IPEnabled", lFlags=0, pVal=0x19f3cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234ae9c*=0, plFlavor=0x234aea0*=0 | out: pVal=0x19f3cc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234ae9c*=11, plFlavor=0x234aea0*=0) returned 0x0 [0200.551] IWbemClassObject:Get (in: This=0x5d4520, wszName="IPEnabled", lFlags=0, pVal=0x19f3d4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234ae9c*=11, plFlavor=0x234aea0*=0 | out: pVal=0x19f3d4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234ae9c*=11, plFlavor=0x234aea0*=0) returned 0x0 [0200.582] IUnknown:Release (This=0x5d4520) returned 0x2 [0200.591] CoTaskMemAlloc (cb=0x4) returned 0x5f6d38 [0200.591] IEnumWbemClassObject:Next (in: This=0x5f0318, lTimeout=-1, uCount=0x1, apObjects=0x5f6d38, puReturned=0x234a604 | out: apObjects=0x5f6d38*=0x632e80, puReturned=0x234a604*=0x1) returned 0x0 [0200.593] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x632e80) returned 0x0 [0200.593] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0200.593] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0200.593] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0200.593] IUnknown:AddRef (This=0x632e80) returned 0x3 [0200.593] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0200.593] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0200.593] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x632e84) returned 0x0 [0200.593] IMarshal:GetUnmarshalClass (in: This=0x632e84, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0200.593] IUnknown:Release (This=0x632e84) returned 0x3 [0200.593] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0200.594] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0200.594] IUnknown:QueryInterface (in: This=0x632e80, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0200.594] IUnknown:Release (This=0x632e80) returned 0x2 [0200.594] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0200.594] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0200.594] IUnknown:QueryInterface (in: This=0x632e80, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x632e80) returned 0x0 [0200.594] IUnknown:AddRef (This=0x632e80) returned 0x4 [0200.594] IUnknown:Release (This=0x632e80) returned 0x3 [0200.594] IUnknown:Release (This=0x632e80) returned 0x2 [0200.594] CoTaskMemFree (pv=0x5f6d38) [0200.594] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0200.594] IUnknown:AddRef (This=0x632e80) returned 0x3 [0200.594] IWbemClassObject:Get (in: This=0x632e80, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0200.594] IWbemClassObject:Get (in: This=0x632e80, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0200.594] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0200.594] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0200.594] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x488 [0200.595] SetEvent (hEvent=0x3e0) returned 1 [0200.595] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x488, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0200.597] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0200.597] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0200.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x5ec680) returned 0x0 [0200.597] WbemDefPath:IUnknown:AddRef (This=0x5ec680) returned 0x3 [0200.597] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x2 [0200.597] WbemDefPath:IWbemPath:SetText (This=0x5ec680, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0200.598] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0200.598] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0200.598] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.598] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x2) returned 0x0 [0200.598] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3cc*=0xf, pszText=0x0) returned 0x0 [0200.598] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.598] IWbemClassObject:Get (in: This=0x632e80, wszName="IPEnabled", lFlags=0, pVal=0x19f3cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234b958*=0, plFlavor=0x234b95c*=0 | out: pVal=0x19f3cc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x234b958*=11, plFlavor=0x234b95c*=0) returned 0x0 [0200.598] IWbemClassObject:Get (in: This=0x632e80, wszName="IPEnabled", lFlags=0, pVal=0x19f3d4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234b958*=11, plFlavor=0x234b95c*=0 | out: pVal=0x19f3d4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x234b958*=11, plFlavor=0x234b95c*=0) returned 0x0 [0200.601] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x2) returned 0x0 [0200.601] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3cc*=0xf, pszText=0x0) returned 0x0 [0200.601] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.601] IWbemClassObject:Get (in: This=0x632e80, wszName="MacAddress", lFlags=0, pVal=0x19f3cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234b9f4*=0, plFlavor=0x234b9f8*=0 | out: pVal=0x19f3cc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:00:8F:80:4A:B8", varVal2=0x0), pType=0x234b9f4*=8, plFlavor=0x234b9f8*=0) returned 0x0 [0200.601] SysStringByteLen (bstr="00:00:8F:80:4A:B8") returned 0x22 [0200.601] SysStringByteLen (bstr="00:00:8F:80:4A:B8") returned 0x22 [0200.601] IWbemClassObject:Get (in: This=0x632e80, wszName="MacAddress", lFlags=0, pVal=0x19f3d4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x234b9f4*=8, plFlavor=0x234b9f8*=0 | out: pVal=0x19f3d4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:00:8F:80:4A:B8", varVal2=0x0), pType=0x234b9f4*=8, plFlavor=0x234b9f8*=0) returned 0x0 [0200.601] SysStringByteLen (bstr="00:00:8F:80:4A:B8") returned 0x22 [0200.601] SysStringByteLen (bstr="00:00:8F:80:4A:B8") returned 0x22 [0200.601] IUnknown:Release (This=0x632e80) returned 0x2 [0200.602] CoTaskMemAlloc (cb=0x4) returned 0x5f6ca8 [0200.602] IEnumWbemClassObject:Next (in: This=0x5f0318, lTimeout=-1, uCount=0x1, apObjects=0x5f6ca8, puReturned=0x234a604 | out: apObjects=0x5f6ca8*=0x633b80, puReturned=0x234a604*=0x1) returned 0x0 [0200.603] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x633b80) returned 0x0 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0200.604] IUnknown:AddRef (This=0x633b80) returned 0x3 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x633b84) returned 0x0 [0200.604] IMarshal:GetUnmarshalClass (in: This=0x633b84, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0200.604] IUnknown:Release (This=0x633b84) returned 0x3 [0200.604] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0200.604] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0200.604] IUnknown:Release (This=0x633b80) returned 0x2 [0200.604] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0200.604] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0200.604] IUnknown:QueryInterface (in: This=0x633b80, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x633b80) returned 0x0 [0200.604] IUnknown:AddRef (This=0x633b80) returned 0x4 [0200.604] IUnknown:Release (This=0x633b80) returned 0x3 [0200.604] IUnknown:Release (This=0x633b80) returned 0x2 [0200.605] CoTaskMemFree (pv=0x5f6ca8) [0200.605] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0200.605] IUnknown:AddRef (This=0x633b80) returned 0x3 [0200.605] IWbemClassObject:Get (in: This=0x633b80, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0200.605] IWbemClassObject:Get (in: This=0x633b80, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0200.605] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0200.605] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0200.605] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x490 [0200.605] SetEvent (hEvent=0x3e0) returned 1 [0200.605] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x490, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0200.608] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0200.608] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0200.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x5ec7d0) returned 0x0 [0200.608] WbemDefPath:IUnknown:AddRef (This=0x5ec7d0) returned 0x3 [0200.608] WbemDefPath:IUnknown:Release (This=0x5ec7d0) returned 0x2 [0200.608] WbemDefPath:IWbemPath:SetText (This=0x5ec7d0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0200.608] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0200.608] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0200.608] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.608] CoTaskMemAlloc (cb=0x4) returned 0x5f6e18 [0200.608] IEnumWbemClassObject:Next (in: This=0x5f0318, lTimeout=-1, uCount=0x1, apObjects=0x5f6e18, puReturned=0x234a604 | out: apObjects=0x5f6e18*=0x62cf10, puReturned=0x234a604*=0x1) returned 0x0 [0200.610] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x62cf10) returned 0x0 [0200.610] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0200.610] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0200.610] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0200.610] IUnknown:AddRef (This=0x62cf10) returned 0x3 [0200.610] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0200.610] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0200.610] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x62cf14) returned 0x0 [0200.611] IMarshal:GetUnmarshalClass (in: This=0x62cf14, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0200.611] IUnknown:Release (This=0x62cf14) returned 0x3 [0200.611] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0200.611] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0200.611] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0200.611] IUnknown:Release (This=0x62cf10) returned 0x2 [0200.611] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0200.611] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0200.611] IUnknown:QueryInterface (in: This=0x62cf10, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x62cf10) returned 0x0 [0200.611] IUnknown:AddRef (This=0x62cf10) returned 0x4 [0200.611] IUnknown:Release (This=0x62cf10) returned 0x3 [0200.611] IUnknown:Release (This=0x62cf10) returned 0x2 [0200.611] CoTaskMemFree (pv=0x5f6e18) [0200.611] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0200.611] IUnknown:AddRef (This=0x62cf10) returned 0x3 [0200.611] IWbemClassObject:Get (in: This=0x62cf10, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0200.612] IWbemClassObject:Get (in: This=0x62cf10, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0200.612] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0200.612] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0200.612] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x494 [0200.612] SetEvent (hEvent=0x3e0) returned 1 [0200.612] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x494, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0200.614] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0200.614] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0200.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x5ec8b0) returned 0x0 [0200.614] WbemDefPath:IUnknown:AddRef (This=0x5ec8b0) returned 0x3 [0200.615] WbemDefPath:IUnknown:Release (This=0x5ec8b0) returned 0x2 [0200.615] WbemDefPath:IWbemPath:SetText (This=0x5ec8b0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0200.615] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0200.615] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0200.615] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.615] CoTaskMemAlloc (cb=0x4) returned 0x5f6de8 [0200.615] IEnumWbemClassObject:Next (in: This=0x5f0318, lTimeout=-1, uCount=0x1, apObjects=0x5f6de8, puReturned=0x234a604 | out: apObjects=0x5f6de8*=0x0, puReturned=0x234a604*=0x0) returned 0x1 [0200.616] CoTaskMemFree (pv=0x5f6de8) [0200.616] CoGetContextToken (in: pToken=0x19f300 | out: pToken=0x19f300) returned 0x0 [0200.616] WbemLocator:IUnknown:Release (This=0x60e778) returned 0x1 [0200.616] IUnknown:Release (This=0x5f0318) returned 0x0 [0200.656] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", nBufferLength=0x105, lpBuffer=0x19ef1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", lpFilePart=0x0) returned 0x62 [0200.658] GetEnvironmentVariableW (in: lpName="%startupfolder%", lpBuffer=0x19f338, nSize=0x80 | out: lpBuffer="") returned 0x0 [0200.668] GetUserNameW (in: lpBuffer=0x19f238, pcbBuffer=0x234d714 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x234d714) returned 1 [0200.674] GetComputerNameW (in: lpBuffer=0x19f238, nSize=0x234db90 | out: lpBuffer="XC64ZB", nSize=0x234db90) returned 1 [0200.679] EtwEventRegister (in: ProviderId=0x234e138, EnableCallback=0x4740c6e, CallbackContext=0x0, RegHandle=0x234e114 | out: RegHandle=0x234e114) returned 0x0 [0200.682] EtwEventSetInformation (RegHandle=0x5cbd58, InformationClass=0x47, EventInformation=0x2, InformationLength=0x234e0d8) returned 0x0 [0200.682] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3fc | out: UnbiasedTime=0x19f3fc) returned 1 [0200.690] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3ec | out: UnbiasedTime=0x19f3ec) returned 1 [0200.693] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f41c | out: UnbiasedTime=0x19f41c) returned 1 [0200.693] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f40c | out: UnbiasedTime=0x19f40c) returned 1 [0209.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", nBufferLength=0x105, lpBuffer=0x19eedc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", lpFilePart=0x0) returned 0x62 [0209.815] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", nBufferLength=0x105, lpBuffer=0x19eedc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", lpFilePart=0x0) returned 0x62 [0209.832] CoTaskMemAlloc (cb=0x67) returned 0x5ec920 [0209.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", cchWideChar=98, lpMultiByteStr=0x234e9ec, cbMultiByte=99, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe", lpUsedDefaultChar=0x0) returned 98 [0209.832] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5ec924, nSize=0x100 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe")) returned 0x62 [0209.833] CoTaskMemFree (pv=0x5ec920) [0209.838] CoTaskMemAlloc (cb=0x20c) returned 0x615eb8 [0209.838] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x615eb8 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0209.838] CoTaskMemFree (pv=0x615eb8) [0209.839] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19ef5c, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0209.840] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19ef70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0209.844] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19f284 | out: lpTimeZoneInformation=0x19f284) returned 0x2 [0209.845] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19f0d8 | out: pTimeZoneInformation=0x19f0d8) returned 0x2 [0209.847] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f1bc | out: phkResult=0x19f1bc*=0x4dc) returned 0x0 [0209.848] RegQueryValueExW (in: hKey=0x4dc, lpValueName="TZI", lpReserved=0x0, lpType=0x19f1d8, lpData=0x0, lpcbData=0x19f1d4*=0x0 | out: lpType=0x19f1d8*=0x3, lpData=0x0, lpcbData=0x19f1d4*=0x2c) returned 0x0 [0209.850] RegQueryValueExW (in: hKey=0x4dc, lpValueName="TZI", lpReserved=0x0, lpType=0x19f1d8, lpData=0x234fa08, lpcbData=0x19f1d4*=0x2c | out: lpType=0x19f1d8*=0x3, lpData=0x234fa08*, lpcbData=0x19f1d4*=0x2c) returned 0x0 [0209.850] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f010 | out: phkResult=0x19f010*=0x0) returned 0x2 [0209.851] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f1b0, lpData=0x0, lpcbData=0x19f1ac*=0x0 | out: lpType=0x19f1b0*=0x1, lpData=0x0, lpcbData=0x19f1ac*=0x20) returned 0x0 [0209.851] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f1b0, lpData=0x234fe2c, lpcbData=0x19f1ac*=0x20 | out: lpType=0x19f1b0*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19f1ac*=0x20) returned 0x0 [0209.851] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f1b0, lpData=0x0, lpcbData=0x19f1ac*=0x0 | out: lpType=0x19f1b0*=0x1, lpData=0x0, lpcbData=0x19f1ac*=0x20) returned 0x0 [0209.851] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f1b0, lpData=0x234fe84, lpcbData=0x19f1ac*=0x20 | out: lpType=0x19f1b0*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19f1ac*=0x20) returned 0x0 [0209.852] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f1b0, lpData=0x0, lpcbData=0x19f1ac*=0x0 | out: lpType=0x19f1b0*=0x1, lpData=0x0, lpcbData=0x19f1ac*=0x20) returned 0x0 [0209.852] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f1b0, lpData=0x234fedc, lpcbData=0x19f1ac*=0x20 | out: lpType=0x19f1b0*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19f1ac*=0x20) returned 0x0 [0209.860] CoTaskMemAlloc (cb=0x20c) returned 0x615eb8 [0209.860] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x615eb8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0209.863] CoTaskMemFree (pv=0x615eb8) [0209.865] CoTaskMemAlloc (cb=0x20c) returned 0x615eb8 [0209.865] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f1cc, pwszFileMUIPath=0x615eb8, pcchFileMUIPath=0x19f1d0, pululEnumerator=0x19f1c4 | out: pwszLanguage=0x0, pcchLanguage=0x19f1cc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f1d0, pululEnumerator=0x19f1c4) returned 1 [0209.886] CoTaskMemFree (pv=0x0) [0209.886] CoTaskMemFree (pv=0x615eb8) [0209.886] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x51f0001 [0209.906] CoTaskMemAlloc (cb=0x3ec) returned 0x62f970 [0209.906] LoadStringW (in: hInstance=0x51f0001, uID=0x140, lpBuffer=0x62f970, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0209.907] CoTaskMemFree (pv=0x62f970) [0209.907] FreeLibrary (hLibModule=0x51f0001) returned 1 [0209.909] CoTaskMemAlloc (cb=0x20c) returned 0x615eb8 [0209.909] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x615eb8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0209.909] CoTaskMemFree (pv=0x615eb8) [0209.909] CoTaskMemAlloc (cb=0x20c) returned 0x615eb8 [0209.909] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f1cc, pwszFileMUIPath=0x615eb8, pcchFileMUIPath=0x19f1d0, pululEnumerator=0x19f1c4 | out: pwszLanguage=0x0, pcchLanguage=0x19f1cc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f1d0, pululEnumerator=0x19f1c4) returned 1 [0209.913] CoTaskMemFree (pv=0x0) [0209.913] CoTaskMemFree (pv=0x615eb8) [0209.913] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x51f0001 [0209.917] CoTaskMemAlloc (cb=0x3ec) returned 0x62f970 [0209.917] LoadStringW (in: hInstance=0x51f0001, uID=0x142, lpBuffer=0x62f970, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0209.917] CoTaskMemFree (pv=0x62f970) [0209.918] FreeLibrary (hLibModule=0x51f0001) returned 1 [0209.918] CoTaskMemAlloc (cb=0x20c) returned 0x615eb8 [0209.918] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x615eb8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0209.918] CoTaskMemFree (pv=0x615eb8) [0209.918] CoTaskMemAlloc (cb=0x20c) returned 0x615eb8 [0209.918] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f1cc, pwszFileMUIPath=0x615eb8, pcchFileMUIPath=0x19f1d0, pululEnumerator=0x19f1c4 | out: pwszLanguage=0x0, pcchLanguage=0x19f1cc, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f1d0, pululEnumerator=0x19f1c4) returned 1 [0209.928] CoTaskMemFree (pv=0x0) [0209.928] CoTaskMemFree (pv=0x615eb8) [0209.928] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x51f0001 [0209.931] CoTaskMemAlloc (cb=0x3ec) returned 0x62f970 [0209.931] LoadStringW (in: hInstance=0x51f0001, uID=0x141, lpBuffer=0x62f970, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0209.931] CoTaskMemFree (pv=0x62f970) [0209.931] FreeLibrary (hLibModule=0x51f0001) returned 1 [0209.932] RegCloseKey (hKey=0x4dc) returned 0x0 [0209.954] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2442c3ecd04264f108429a954275ee27986e00b79cbce6d07843dfefdf4d24af.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\\\tmpG486.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpg486.tmp"), dwFlags=0x8) returned 1 [0219.282] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3fc | out: UnbiasedTime=0x19f3fc) returned 1 [0219.282] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3ec | out: UnbiasedTime=0x19f3ec) returned 1 [0237.435] SetClipboardViewer (hWndNewViewer=0x502b0) returned 0x0 [0237.557] OleInitialize (pvReserved=0x0) returned 0x0 [0237.561] OleGetClipboard (in: ppDataObj=0x19f1bc | out: ppDataObj=0x19f1bc*=0x573bf8) returned 0x0 [0237.893] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec7c | out: ppvObject=0x19ec7c*=0x573bf8) returned 0x0 [0237.895] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec38 | out: ppvObject=0x19ec38*=0x0) returned 0x80004002 [0237.895] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea54 | out: ppvObject=0x19ea54*=0x0) returned 0x80004002 [0237.896] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0237.897] IUnknown:AddRef (This=0x573bf8) returned 0x3 [0237.897] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e594 | out: ppvObject=0x19e594*=0x0) returned 0x80004002 [0237.897] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0237.897] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e550 | out: ppvObject=0x19e550*=0x0) returned 0x80004002 [0237.897] CoGetContextToken (in: pToken=0x19e5b0 | out: pToken=0x19e5b0) returned 0x0 [0237.897] CoGetContextToken (in: pToken=0x19e9b8 | out: pToken=0x19e9b8) returned 0x0 [0237.897] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea48 | out: ppvObject=0x19ea48*=0x0) returned 0x80004002 [0237.897] IUnknown:Release (This=0x573bf8) returned 0x2 [0237.897] CoGetContextToken (in: pToken=0x19ef90 | out: pToken=0x19ef90) returned 0x0 [0237.897] CoGetContextToken (in: pToken=0x19eef0 | out: pToken=0x19eef0) returned 0x0 [0237.897] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x19efc0*(Data1=0x10e, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efbc | out: ppvObject=0x19efbc*=0x573bf8) returned 0x0 [0237.898] IUnknown:AddRef (This=0x573bf8) returned 0x4 [0237.898] IUnknown:Release (This=0x573bf8) returned 0x3 [0237.898] IUnknown:Release (This=0x573bf8) returned 0x2 [0237.899] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0237.900] CoGetContextToken (in: pToken=0x19ef68 | out: pToken=0x19ef68) returned 0x0 [0237.900] IUnknown:QueryInterface (in: This=0x573bf8, riid=0x19f038*(Data1=0x3cee8cc1, Data2=0x1adb, Data3=0x327f, Data4=([0]=0x9b, [1]=0x97, [2]=0x7a, [3]=0x9c, [4]=0x80, [5]=0x89, [6]=0xbf, [7]=0xb3)), ppvObject=0x19f034 | out: ppvObject=0x19f034*=0x0) returned 0x80004002 [0237.920] IDataObject:QueryGetData (This=0x573bf8, pformatetc=0x19f17c) returned 0x0 [0237.940] IDataObject:RemoteGetData (in: This=0x573bf8, pformatetcIn=0x19f17c, pRemoteMedium=0x19f10c | out: pRemoteMedium=0x19f10c) returned 0x0 [0237.944] GlobalLock (hMem=0x7a0004) returned 0x5cdb38 [0237.944] GlobalUnlock (hMem=0x7a0004) returned 0 [0237.988] SendMessageW (hWnd=0x0, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0237.988] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502b0, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0279.471] CoTaskMemAlloc (cb=0x20c) returned 0x5f6218 [0279.471] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f6218 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0279.477] CoTaskMemFree (pv=0x5f6218) [0279.477] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0279.481] CoTaskMemAlloc (cb=0x20c) returned 0x5f6218 [0279.481] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5f6218 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0279.481] CoTaskMemFree (pv=0x5f6218) [0279.481] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0279.594] _finite (_X=0x0) returned 1 [0280.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0280.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0280.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.951] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0280.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0280.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0280.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0280.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0280.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0280.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.954] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.954] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0280.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.954] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.954] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3e [0280.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.954] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0280.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0280.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0280.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0280.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x33 [0280.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0280.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0280.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0280.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.958] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0280.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.958] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0280.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0280.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x41 [0280.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0280.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0280.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0280.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.961] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0280.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0280.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0280.975] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0280.975] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e5a88, nSize=0x104 | out: lpBuffer="") returned 0x25 [0280.975] CoTaskMemFree (pv=0x5e5a88) [0281.147] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x40 [0281.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edbc) returned 1 [0281.147] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0281.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d498) returned 1 [0281.804] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0281.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0281.804] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0281.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0281.852] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0281.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0281.852] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0281.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0281.954] CoTaskMemAlloc (cb=0x20c) returned 0x5e5ed8 [0281.954] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5e5ed8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0281.954] CoTaskMemFree (pv=0x5e5ed8) [0281.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", nBufferLength=0x105, lpBuffer=0x19ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", lpFilePart=0x0) returned 0x46 [0281.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee70) returned 1 [0281.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ipswitch\\ws_ftp\\sites\\ws_ftp.ini"), fInfoLevelId=0x0, lpFileInformation=0x19eeec | out: lpFileInformation=0x19eeec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0281.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee6c) returned 1 [0281.965] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0281.965] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0281.969] CoTaskMemFree (pv=0x5e4fc0) [0281.969] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x19e9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0281.971] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0281.971] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e5a88 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0281.971] CoTaskMemFree (pv=0x5e5a88) [0281.971] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0282.033] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x19ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e [0282.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eea0) returned 1 [0282.033] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x19ef1c | out: lpFileInformation=0x19ef1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee9c) returned 1 [0282.367] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eef4 | out: phkResult=0x19eef4*=0x0) returned 0x2 [0282.439] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0282.439] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.439] CoTaskMemFree (pv=0x5e4fc0) [0282.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0282.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee98) returned 1 [0282.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x19ef14 | out: lpFileInformation=0x19ef14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cb400, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0282.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee94) returned 1 [0282.444] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0282.444] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.444] CoTaskMemFree (pv=0x5e4fc0) [0282.444] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef14) returned 1 [0282.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ea1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0282.447] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19e9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0282.447] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x19ec3c | out: lpFindFileData=0x19ec3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cb400, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5de960 [0282.449] FindNextFileW (in: hFindFile=0x5de960, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cb400, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0282.449] FindNextFileW (in: hFindFile=0x5de960, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0282.449] FindNextFileW (in: hFindFile=0x5de960, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0282.450] FindClose (in: hFindFile=0x5de960 | out: hFindFile=0x5de960) returned 1 [0282.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eed4) returned 1 [0282.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee0) returned 1 [0282.452] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0282.452] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0282.452] CoTaskMemFree (pv=0x5e4fc0) [0282.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0282.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0282.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee98) returned 1 [0282.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x19ef14 | out: lpFileInformation=0x19ef14*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0282.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee94) returned 1 [0282.453] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0282.453] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e5a88 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0282.453] CoTaskMemFree (pv=0x5e5a88) [0282.453] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0282.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef14) returned 1 [0282.453] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ea1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0282.453] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19e9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0282.453] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x19ec3c | out: lpFindFileData=0x19ec3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5deee0 [0282.453] FindNextFileW (in: hFindFile=0x5deee0, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0282.453] FindNextFileW (in: hFindFile=0x5deee0, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0282.454] FindClose (in: hFindFile=0x5deee0 | out: hFindFile=0x5deee0) returned 1 [0282.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eed4) returned 1 [0282.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee0) returned 1 [0282.507] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19e9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0282.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee54) returned 1 [0282.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x23770d4 | out: lpFileInformation=0x23770d4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0282.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee50) returned 1 [0282.513] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19e898, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0282.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ed8c) returned 1 [0282.513] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x448 [0282.513] GetFileType (hFile=0x448) returned 0x1 [0282.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ed88) returned 1 [0282.514] GetFileType (hFile=0x448) returned 0x1 [0282.514] GetFileSize (in: hFile=0x448, lpFileSizeHigh=0x19ee94 | out: lpFileSizeHigh=0x19ee94*=0x0) returned 0x2ac0 [0282.514] ReadFile (in: hFile=0x448, lpBuffer=0x237739c, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19ee40, lpOverlapped=0x0 | out: lpBuffer=0x237739c*, lpNumberOfBytesRead=0x19ee40*=0x2ac0, lpOverlapped=0x0) returned 1 [0282.518] CloseHandle (hObject=0x448) returned 1 [0282.761] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19e990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0282.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee24) returned 1 [0282.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x19eea0 | out: lpFileInformation=0x19eea0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0282.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee20) returned 1 [0282.761] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19e990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0282.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee24) returned 1 [0282.762] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x19eea0 | out: lpFileInformation=0x19eea0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe08cb400, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xe08cc733, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0282.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee20) returned 1 [0282.817] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0282.817] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e5a88 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0282.817] CoTaskMemFree (pv=0x5e5a88) [0282.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0282.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef14) returned 1 [0282.820] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x19ea1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0282.820] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x19e9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0282.820] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x19ec3c | out: lpFindFileData=0x19ec3c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5dee20 [0282.821] FindNextFileW (in: hFindFile=0x5dee20, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0282.821] FindNextFileW (in: hFindFile=0x5dee20, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa55c36e7, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0282.822] FindNextFileW (in: hFindFile=0x5dee20, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0282.822] FindNextFileW (in: hFindFile=0x5dee20, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa563624b, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0282.822] FindNextFileW (in: hFindFile=0x5dee20, lpFindFileData=0x19ec4c | out: lpFindFileData=0x19ec4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa563624b, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0282.822] FindClose (in: hFindFile=0x5dee20 | out: hFindFile=0x5dee20) returned 1 [0282.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eed4) returned 1 [0282.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee0) returned 1 [0282.834] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19ea44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0282.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eea4) returned 1 [0282.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24"), fInfoLevelId=0x0, lpFileInformation=0x19ef20 | out: lpFileInformation=0x19ef20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xde7dde0f, ftCreationTime.dwHighDateTime=0x1d7b055, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0282.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eea0) returned 1 [0282.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19ea54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0282.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0282.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", nBufferLength=0x105, lpBuffer=0x19ea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", lpFilePart=0x0) returned 0x66 [0282.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\.", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", lpFilePart=0x0) returned 0x66 [0283.059] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", nBufferLength=0x105, lpBuffer=0x19e930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", lpFilePart=0x0) returned 0x8b [0283.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee24) returned 1 [0283.059] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x448 [0283.059] GetFileType (hFile=0x448) returned 0x1 [0283.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee20) returned 1 [0283.059] GetFileType (hFile=0x448) returned 0x1 [0283.059] GetFileSize (in: hFile=0x448, lpFileSizeHigh=0x19ef2c | out: lpFileSizeHigh=0x19ef2c*=0x0) returned 0x1d4 [0283.059] ReadFile (in: hFile=0x448, lpBuffer=0x2382360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19eed8, lpOverlapped=0x0 | out: lpBuffer=0x2382360*, lpNumberOfBytesRead=0x19eed8*=0x1d4, lpOverlapped=0x0) returned 1 [0283.061] CloseHandle (hObject=0x448) returned 1 [0284.417] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19e930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0284.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee24) returned 1 [0284.418] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0284.419] GetFileType (hFile=0x444) returned 0x1 [0284.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee20) returned 1 [0284.419] GetFileType (hFile=0x444) returned 0x1 [0284.419] GetFileSize (in: hFile=0x444, lpFileSizeHigh=0x19ef2c | out: lpFileSizeHigh=0x19ef2c*=0x0) returned 0x2ac0 [0284.419] ReadFile (in: hFile=0x444, lpBuffer=0x234933c, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19eed8, lpOverlapped=0x0 | out: lpBuffer=0x234933c*, lpNumberOfBytesRead=0x19eed8*=0x2ac0, lpOverlapped=0x0) returned 1 [0284.419] CloseHandle (hObject=0x444) returned 1 [0284.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x2f4) returned 0x6354b8 [0284.551] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef04 | out: phkResult=0x19ef04*=0x0) returned 0x2 [0284.555] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0284.555] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e5a88 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0284.555] CoTaskMemFree (pv=0x5e5a88) [0284.555] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0284.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x3c [0284.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee5c) returned 1 [0284.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19eed8 | out: lpFileInformation=0x19eed8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee58) returned 1 [0284.564] CoTaskMemAlloc (cb=0x20c) returned 0x5e5ed8 [0284.564] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e5ed8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0284.564] CoTaskMemFree (pv=0x5e5ed8) [0284.564] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0284.566] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x19ea88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x3b [0284.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0284.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x19ef64 | out: lpFileInformation=0x19ef64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0284.579] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eedc | out: phkResult=0x19eedc*=0x0) returned 0x2 [0284.580] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x19ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Folder.lst", lpFilePart=0x0) returned 0x28 [0284.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eea8) returned 1 [0284.580] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Folder.lst" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x19ef24 | out: lpFileInformation=0x19ef24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eea4) returned 1 [0284.587] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0284.587] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x5e5a88, nSize=0x104 | out: lpBuffer="") returned 0x2 [0284.587] CoTaskMemFree (pv=0x5e5a88) [0284.588] GetFullPathNameW (in: lpFileName="C:\\cftp\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x19ea60, lpFilePart=0x0 | out: lpBuffer="C:\\cftp\\Ftplist.txt", lpFilePart=0x0) returned 0x13 [0284.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eec0) returned 1 [0284.588] GetFileAttributesExW (in: lpFileName="C:\\cftp\\Ftplist.txt" (normalized: "c:\\cftp\\ftplist.txt"), fInfoLevelId=0x0, lpFileInformation=0x19ef3c | out: lpFileInformation=0x19ef3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eebc) returned 1 [0284.596] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x19ee1c, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0284.597] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x19ee1c, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0284.599] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0284.599] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0284.599] CoTaskMemFree (pv=0x5e4fc0) [0284.600] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x19ea60, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Private Internet Access\\data", lpFilePart=0x0) returned 0x2d [0284.600] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eebc) returned 1 [0284.600] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data" (normalized: "c:\\program files\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x19ef38 | out: lpFileInformation=0x19ef38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb8) returned 1 [0284.601] GetFullPathNameW (in: lpFileName="\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x19ea60, lpFilePart=0x0 | out: lpBuffer="C:\\Private Internet Access\\data", lpFilePart=0x0) returned 0x1f [0284.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eebc) returned 1 [0284.601] GetFileAttributesExW (in: lpFileName="C:\\Private Internet Access\\data" (normalized: "c:\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x19ef38 | out: lpFileInformation=0x19ef38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb8) returned 1 [0284.611] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0284.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.612] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.617] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0284.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.617] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.649] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef18 | out: phkResult=0x19ef18*=0x0) returned 0x2 [0284.669] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0284.669] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0284.669] CoTaskMemFree (pv=0x5e4fc0) [0284.670] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0284.670] GetEnvironmentVariableW (in: lpName="Username", lpBuffer=0x5e5a88, nSize=0x104 | out: lpBuffer="") returned 0xc [0284.671] CoTaskMemFree (pv=0x5e5a88) [0284.689] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", nBufferLength=0x105, lpBuffer=0x19ea5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", lpFilePart=0x0) returned 0x36 [0284.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eebc) returned 1 [0284.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat" (normalized: "c:\\users\\all users\\appdata\\roaming\\flashfxp\\3quick.dat"), fInfoLevelId=0x0, lpFileInformation=0x19ef38 | out: lpFileInformation=0x19ef38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb8) returned 1 [0284.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0284.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.692] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0284.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.721] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.723] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.734] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0284.734] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0284.734] CoTaskMemFree (pv=0x5e4fc0) [0284.734] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0284.736] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml", nBufferLength=0x105, lpBuffer=0x19ea58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml", lpFilePart=0x0) returned 0x3b [0284.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb8) returned 1 [0284.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ftpgetter\\servers.xml"), fInfoLevelId=0x0, lpFileInformation=0x19ef34 | out: lpFileInformation=0x19ef34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb4) returned 1 [0284.798] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0284.798] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0284.798] CoTaskMemFree (pv=0x5e4fc0) [0284.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0284.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x19e980, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x30 [0284.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eddc) returned 1 [0284.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x19ee58 | out: lpFileInformation=0x19ee58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edd8) returned 1 [0284.802] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x19e988, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x38 [0284.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x19ee64 | out: lpFileInformation=0x19ee64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ede4) returned 1 [0284.807] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0284.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.807] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.810] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0284.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.810] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.852] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0284.852] GetEnvironmentVariableW (in: lpName="Programfiles(x86)", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0284.852] CoTaskMemFree (pv=0x5e4fc0) [0284.854] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0284.854] GetEnvironmentVariableW (in: lpName="programfiles(x86)", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0284.854] CoTaskMemFree (pv=0x5e4fc0) [0284.856] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script", nBufferLength=0x105, lpBuffer=0x19ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\jDownloader\\config\\database.script", lpFilePart=0x0) returned 0x39 [0284.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0284.856] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script" (normalized: "c:\\program files (x86)\\jdownloader\\config\\database.script"), fInfoLevelId=0x0, lpFileInformation=0x19eefc | out: lpFileInformation=0x19eefc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0284.862] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0284.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.862] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0284.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0284.866] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0284.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0284.896] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\OpenVPN-GUI\\configs", ulOptions=0x0, samDesired=0x2001f, phkResult=0x19ef28 | out: phkResult=0x19ef28*=0x0) returned 0x2 [0284.914] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeb8 | out: phkResult=0x19eeb8*=0x0) returned 0x2 [0284.917] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeb8 | out: phkResult=0x19eeb8*=0x0) returned 0x2 [0284.919] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeb8 | out: phkResult=0x19eeb8*=0x0) returned 0x2 [0284.921] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeb8 | out: phkResult=0x19eeb8*=0x444) returned 0x0 [0284.922] RegQueryInfoKeyW (in: hKey=0x444, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19eee0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19eedc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19eee0*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19eedc*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0284.923] RegEnumKeyExW (in: hKey=0x444, dwIndex=0x0, lpName=0x235f914, lpcchName=0x19eefc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x19eefc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0284.923] RegEnumKeyExW (in: hKey=0x444, dwIndex=0x1, lpName=0x235f914, lpcchName=0x19eefc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x19eefc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0284.923] RegEnumKeyExW (in: hKey=0x444, dwIndex=0x2, lpName=0x235f914, lpcchName=0x19eefc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x19eefc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0284.927] RegOpenKeyExW (in: hKey=0x444, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeb8 | out: phkResult=0x19eeb8*=0x458) returned 0x0 [0284.929] RegQueryValueExW (in: hKey=0x458, lpValueName="Email", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.931] RegQueryValueExW (in: hKey=0x458, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.932] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.933] RegQueryValueExW (in: hKey=0x458, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.934] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.935] RegCloseKey (hKey=0x458) returned 0x0 [0284.935] RegOpenKeyExW (in: hKey=0x444, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeb8 | out: phkResult=0x19eeb8*=0x458) returned 0x0 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="Email", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x1, lpData=0x0, lpcbData=0x19eed4*=0x1e) returned 0x0 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="Email", lpReserved=0x0, lpType=0x19eed8, lpData=0x235ff08, lpcbData=0x19eed4*=0x1e | out: lpType=0x19eed8*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19eed4*=0x1e) returned 0x0 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x3, lpData=0x0, lpcbData=0x19eed4*=0x121) returned 0x0 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x235ff60, lpcbData=0x19eed4*=0x121 | out: lpType=0x19eed8*=0x3, lpData=0x235ff60*, lpcbData=0x19eed4*=0x121) returned 0x0 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.935] RegQueryValueExW (in: hKey=0x458, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0284.936] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x3, lpData=0x0, lpcbData=0x19eed4*=0x121) returned 0x0 [0284.936] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x23600c4, lpcbData=0x19eed4*=0x121 | out: lpType=0x19eed8*=0x3, lpData=0x23600c4*, lpcbData=0x19eed4*=0x121) returned 0x0 [0284.936] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x3, lpData=0x0, lpcbData=0x19eed4*=0x121) returned 0x0 [0284.936] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x23601f4, lpcbData=0x19eed4*=0x121 | out: lpType=0x19eed8*=0x3, lpData=0x23601f4*, lpcbData=0x19eed4*=0x121) returned 0x0 [0285.758] CryptUnprotectData (in: pDataIn=0x19eec0, ppszDataDescr=0x0, pOptionalEntropy=0x19eeb8, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19eec8 | out: ppszDataDescr=0x0, pDataOut=0x19eec8) returned 1 [0285.785] LocalFree (hMem=0x5dea20) returned 0x0 [0285.785] RegQueryValueExW (in: hKey=0x458, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0285.785] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0285.785] RegQueryValueExW (in: hKey=0x458, lpValueName="Email", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x1, lpData=0x0, lpcbData=0x19eed4*=0x1e) returned 0x0 [0285.785] RegQueryValueExW (in: hKey=0x458, lpValueName="Email", lpReserved=0x0, lpType=0x19eed8, lpData=0x2360524, lpcbData=0x19eed4*=0x1e | out: lpType=0x19eed8*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19eed4*=0x1e) returned 0x0 [0285.787] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x1, lpData=0x0, lpcbData=0x19eed4*=0x1c) returned 0x0 [0285.787] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19eed8, lpData=0x23605a0, lpcbData=0x19eed4*=0x1c | out: lpType=0x19eed8*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19eed4*=0x1c) returned 0x0 [0285.787] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x1, lpData=0x0, lpcbData=0x19eed4*=0x1c) returned 0x0 [0285.788] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19eed8, lpData=0x23605f0, lpcbData=0x19eed4*=0x1c | out: lpType=0x19eed8*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19eed4*=0x1c) returned 0x0 [0285.793] RegCloseKey (hKey=0x458) returned 0x0 [0285.793] RegOpenKeyExW (in: hKey=0x444, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeb8 | out: phkResult=0x19eeb8*=0x458) returned 0x0 [0285.794] RegQueryValueExW (in: hKey=0x458, lpValueName="Email", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0285.794] RegQueryValueExW (in: hKey=0x458, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0285.794] RegQueryValueExW (in: hKey=0x458, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0285.794] RegQueryValueExW (in: hKey=0x458, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0285.794] RegQueryValueExW (in: hKey=0x458, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19eed8, lpData=0x0, lpcbData=0x19eed4*=0x0 | out: lpType=0x19eed8*=0x0, lpData=0x0, lpcbData=0x19eed4*=0x0) returned 0x2 [0285.794] RegCloseKey (hKey=0x458) returned 0x0 [0285.852] CoTaskMemAlloc (cb=0x20c) returned 0x5e5ed8 [0285.852] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e5ed8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0285.852] CoTaskMemFree (pv=0x5e5ed8) [0285.852] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0285.853] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x19e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0285.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ecb4) returned 1 [0285.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19ed30 | out: lpFileInformation=0x19ed30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0285.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ecb0) returned 1 [0286.488] VaultEnumerateVaults () returned 0x0 [0286.533] VaultOpenVault () returned 0x0 [0286.548] VaultEnumerateItems () returned 0x0 [0286.549] VaultOpenVault () returned 0x0 [0286.550] VaultEnumerateItems () returned 0x0 [0286.572] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0286.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0286.572] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0286.579] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0286.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0286.579] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0286.608] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0286.608] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0286.609] CoTaskMemFree (pv=0x5e4fc0) [0286.609] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0286.611] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", nBufferLength=0x105, lpBuffer=0x19ea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", lpFilePart=0x0) returned 0x4d [0286.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eec0) returned 1 [0286.611] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mysql\\workbench\\workbench_user_data.dat"), fInfoLevelId=0x0, lpFileInformation=0x19ef3c | out: lpFileInformation=0x19ef3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0286.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eebc) returned 1 [0286.630] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0286.630] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0286.630] CoTaskMemFree (pv=0x5e4fc0) [0286.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e984, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0286.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x40 [0286.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edcc) returned 1 [0286.632] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0286.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4a8) returned 1 [0286.688] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0286.688] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e5a88 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0286.688] CoTaskMemFree (pv=0x5e5a88) [0286.689] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0286.690] CoTaskMemAlloc (cb=0x20c) returned 0x5e5a88 [0286.690] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e5a88 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0286.690] CoTaskMemFree (pv=0x5e5a88) [0286.690] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0286.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x19ea50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2f [0286.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeac) returned 1 [0286.692] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x19ef28 | out: lpFileInformation=0x19ef28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0286.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eea8) returned 1 [0286.702] CoTaskMemAlloc (cb=0x20c) returned 0x5e5ed8 [0286.702] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x5e5ed8, nSize=0x104 | out: lpBuffer="") returned 0x2 [0286.702] CoTaskMemFree (pv=0x5e5ed8) [0286.703] GetFullPathNameW (in: lpFileName="C:\\FTP Navigator\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x19e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\FTP Navigator\\Ftplist.txt", lpFilePart=0x0) returned 0x1c [0286.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edec) returned 1 [0286.704] CreateFileW (lpFileName="C:\\FTP Navigator\\Ftplist.txt" (normalized: "c:\\ftp navigator\\ftplist.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0286.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c8) returned 1 [0286.745] CoTaskMemAlloc (cb=0x20c) returned 0x5e5ed8 [0286.745] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5e5ed8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0286.745] CoTaskMemFree (pv=0x5e5ed8) [0286.747] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x19ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2e [0286.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee98) returned 1 [0286.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x19ef14 | out: lpFileInformation=0x19ef14*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0286.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee94) returned 1 [0286.748] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0286.748] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0286.748] CoTaskMemFree (pv=0x5e4fc0) [0286.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CoreFTP\\sites.idx", nBufferLength=0x105, lpBuffer=0x19e944, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CoreFTP\\sites.idx", lpFilePart=0x0) returned 0x37 [0286.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee38) returned 1 [0286.756] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CoreFTP\\sites.idx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\coreftp\\sites.idx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0286.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d510) returned 1 [0286.792] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19ee10 | out: lpclsid=0x19ee10*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0286.808] CoGetClassObject (in: rclsid=0x5fdb04*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ea40 | out: ppv=0x19ea40*=0x991120) returned 0x0 [0287.411] WshShell:IUnknown:QueryInterface (in: This=0x991120, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0287.411] WshShell:IClassFactory:CreateInstance (in: This=0x991120, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x99114c) returned 0x0 [0287.411] WshShell:IUnknown:Release (This=0x991120) returned 0x0 [0287.411] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x99114c) returned 0x0 [0287.411] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e848 | out: ppvObject=0x19e848*=0x0) returned 0x80004002 [0287.411] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x99113c) returned 0x0 [0287.412] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x99113c, ppTI=0x19e66c | out: ppTI=0x19e66c*=0x645f20) returned 0x0 [0287.423] ITypeInfo:RemoteGetTypeAttr (in: This=0x645f20, ppTypeAttr=0x19e660, pDummy=0x159658ee | out: ppTypeAttr=0x19e660, pDummy=0x159658ee) returned 0x0 [0287.423] ITypeInfo:LocalReleaseTypeAttr (This=0x645f20) returned 0x0 [0287.423] WshShell:IUnknown:Release (This=0x99113c) returned 0x2 [0287.423] IUnknown:Release (This=0x645f20) returned 0x1 [0287.423] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e43c | out: ppvObject=0x19e43c*=0x0) returned 0x80004002 [0287.423] WshShell:IUnknown:AddRef (This=0x99114c) returned 0x3 [0287.423] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1a4 | out: ppvObject=0x19e1a4*=0x0) returned 0x80004002 [0287.423] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e154 | out: ppvObject=0x19e154*=0x0) returned 0x80004002 [0287.423] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e160 | out: ppvObject=0x19e160*=0x0) returned 0x80004002 [0287.423] CoGetContextToken (in: pToken=0x19e1c0 | out: pToken=0x19e1c0) returned 0x0 [0287.423] CoGetContextToken (in: pToken=0x19e170 | out: pToken=0x19e170) returned 0x0 [0287.424] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1, cHandles=0x1, pHandles=0x19e158*=0x16c, lpdwindex=0x19e00c | out: lpdwindex=0x19e00c) returned 0x80010115 [0287.425] CoGetContextToken (in: pToken=0x19d024 | out: pToken=0x19d024) returned 0x0 [0287.425] CoGetContextToken (in: pToken=0x19d00c | out: pToken=0x19d00c) returned 0x0 [0287.426] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.426] IUnknown:Release (This=0x5b1690) returned 0x1 [0287.426] IUnknown:Release (This=0x5b1690) returned 0x0 [0287.426] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.426] IUnknown:Release (This=0x5cde90) returned 0x1 [0287.426] IUnknown:Release (This=0x5cde90) returned 0x0 [0287.426] IUnknown:Release (This=0x5cd970) returned 0x3 [0287.426] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.426] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.426] IUnknown:Release (This=0x5e7218) returned 0x1 [0287.427] IUnknown:Release (This=0x5e7218) returned 0x0 [0287.434] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.434] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.434] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.434] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.434] IUnknown:Release (This=0x5e38d8) returned 0x0 [0287.434] IUnknown:Release (This=0x5e3930) returned 0x0 [0287.434] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.435] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.435] WbemLocator:IUnknown:Release (This=0x5bfaa8) returned 0x2 [0287.435] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.435] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.435] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.435] IUnknown:Release (This=0x5e3828) returned 0x0 [0287.435] IUnknown:Release (This=0x5e37fc) returned 0x0 [0287.435] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.435] IUnknown:Release (This=0x5ef828) returned 0x1 [0287.435] IUnknown:Release (This=0x5ef828) returned 0x0 [0287.444] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.444] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.444] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.444] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.444] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.444] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.444] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.444] IUnknown:Release (This=0x5f2da8) returned 0x1 [0287.444] WbemLocator:IUnknown:Release (This=0x5bfaa8) returned 0x1 [0287.444] WbemLocator:IUnknown:Release (This=0x5bfaa8) returned 0x0 [0287.456] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.456] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.456] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.456] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.456] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.456] IUnknown:Release (This=0x5f2da8) returned 0x0 [0287.457] IUnknown:Release (This=0x5e3988) returned 0x0 [0287.457] IUnknown:Release (This=0x5e395c) returned 0x0 [0287.460] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.460] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.460] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.460] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.460] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0287.460] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.460] WbemLocator:IUnknown:Release (This=0x5bb668) returned 0x1 [0287.460] WbemLocator:IUnknown:Release (This=0x592ca8) returned 0x0 [0287.461] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.461] IUnknown:Release (This=0x5fd680) returned 0x2 [0287.461] IUnknown:Release (This=0x5fd680) returned 0x1 [0287.461] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.461] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x1 [0287.461] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x0 [0287.461] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.461] IUnknown:Release (This=0x5d4520) returned 0x1 [0287.461] IUnknown:Release (This=0x5d4520) returned 0x0 [0287.461] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.461] IUnknown:Release (This=0x632e80) returned 0x1 [0287.462] IUnknown:Release (This=0x632e80) returned 0x0 [0287.462] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.462] IUnknown:Release (This=0x633b80) returned 0x2 [0287.462] IUnknown:Release (This=0x633b80) returned 0x1 [0287.462] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.462] IUnknown:Release (This=0x62cf10) returned 0x2 [0287.462] IUnknown:Release (This=0x62cf10) returned 0x1 [0287.462] CoGetContextToken (in: pToken=0x19cf98 | out: pToken=0x19cf98) returned 0x0 [0287.462] IUnknown:Release (This=0x573bf8) returned 0x1 [0287.462] IUnknown:Release (This=0x573bf8) returned 0x0 [0287.465] CoGetContextToken (in: pToken=0x19d024 | out: pToken=0x19d024) returned 0x0 [0287.465] CoGetContextToken (in: pToken=0x19cfe4 | out: pToken=0x19cfe4) returned 0x0 [0287.465] WbemLocator:IUnknown:Release (This=0x60e478) returned 0x1 [0287.465] IUnknown:Release (This=0x5f0188) returned 0x0 [0287.479] CoGetContextToken (in: pToken=0x19d024 | out: pToken=0x19d024) returned 0x0 [0287.479] CoGetContextToken (in: pToken=0x19cfe4 | out: pToken=0x19cfe4) returned 0x0 [0287.479] WbemLocator:IUnknown:Release (This=0x5b9a68) returned 0x1 [0287.479] IUnknown:Release (This=0x5efda0) returned 0x0 [0287.491] CoGetContextToken (in: pToken=0x19e5c8 | out: pToken=0x19e5c8) returned 0x0 [0287.491] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e658 | out: ppvObject=0x19e658*=0x0) returned 0x80004002 [0287.491] WshShell:IUnknown:Release (This=0x99114c) returned 0x2 [0287.491] WshShell:IUnknown:Release (This=0x99114c) returned 0x1 [0287.493] CoGetContextToken (in: pToken=0x19e9e0 | out: pToken=0x19e9e0) returned 0x0 [0287.493] WshShell:IUnknown:QueryInterface (in: This=0x99114c, riid=0x6b4091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea54 | out: ppvObject=0x19ea54*=0x991138) returned 0x0 [0287.494] WshShell:IDispatch:GetIDsOfNames (in: This=0x991138, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19ea50*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ea40 | out: rgDispId=0x19ea40*=2000) returned 0x0 [0287.494] WshShell:IDispatch:Invoke (in: This=0x991138, dispIdMember=2000, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x2369e60)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64, pExcepInfo=0x19e93c, puArgErr=0x19e970 | out: pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x2369e60)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64*(varType=0x0, wReserved1=0x19, wReserved2=0x4dd5, wReserved3=0x72c2, varVal1=0x80070002, varVal2=0x4298428a), pExcepInfo=0x19e93c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070002), puArgErr=0x19e970*=0x5d3704) returned 0x80020009 [0287.504] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".") returned 0x55 [0287.505] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0287.514] WshShell:IUnknown:Release (This=0x991138) returned 0x1 [0287.519] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19ee10 | out: lpclsid=0x19ee10*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0287.520] CoGetClassObject (in: rclsid=0x5fdb04*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ea40 | out: ppv=0x19ea40*=0x991120) returned 0x0 [0287.521] WshShell:IUnknown:QueryInterface (in: This=0x991120, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0287.521] WshShell:IClassFactory:CreateInstance (in: This=0x991120, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x99053c) returned 0x0 [0287.521] WshShell:IUnknown:Release (This=0x991120) returned 0x0 [0287.521] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x99053c) returned 0x0 [0287.521] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e848 | out: ppvObject=0x19e848*=0x0) returned 0x80004002 [0287.521] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x99052c) returned 0x0 [0287.521] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x99052c, ppTI=0x19e66c | out: ppTI=0x19e66c*=0x645f20) returned 0x0 [0287.521] ITypeInfo:RemoteGetTypeAttr (in: This=0x645f20, ppTypeAttr=0x19e660, pDummy=0x159658ee | out: ppTypeAttr=0x19e660, pDummy=0x159658ee) returned 0x0 [0287.521] ITypeInfo:LocalReleaseTypeAttr (This=0x645f20) returned 0x0 [0287.521] WshShell:IUnknown:Release (This=0x99052c) returned 0x2 [0287.522] IUnknown:Release (This=0x645f20) returned 0x1 [0287.522] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e43c | out: ppvObject=0x19e43c*=0x0) returned 0x80004002 [0287.522] WshShell:IUnknown:AddRef (This=0x99053c) returned 0x3 [0287.522] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1a4 | out: ppvObject=0x19e1a4*=0x0) returned 0x80004002 [0287.522] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e154 | out: ppvObject=0x19e154*=0x0) returned 0x80004002 [0287.522] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e160 | out: ppvObject=0x19e160*=0x0) returned 0x80004002 [0287.522] CoGetContextToken (in: pToken=0x19e1c0 | out: pToken=0x19e1c0) returned 0x0 [0287.522] CoGetContextToken (in: pToken=0x19e5c8 | out: pToken=0x19e5c8) returned 0x0 [0287.522] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e658 | out: ppvObject=0x19e658*=0x0) returned 0x80004002 [0287.522] WshShell:IUnknown:Release (This=0x99053c) returned 0x2 [0287.522] WshShell:IUnknown:Release (This=0x99053c) returned 0x1 [0287.522] CoGetContextToken (in: pToken=0x19e9e0 | out: pToken=0x19e9e0) returned 0x0 [0287.522] WshShell:IUnknown:QueryInterface (in: This=0x99053c, riid=0x6b4091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea54 | out: ppvObject=0x19ea54*=0x990528) returned 0x0 [0287.522] WshShell:IDispatch:GetIDsOfNames (in: This=0x990528, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19ea50*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ea40 | out: rgDispId=0x19ea40*=2000) returned 0x0 [0287.523] WshShell:IDispatch:Invoke (in: This=0x990528, dispIdMember=2000, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x236a724)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64, pExcepInfo=0x19e93c, puArgErr=0x19e970 | out: pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x236a724)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64*(varType=0x0, wReserved1=0x0, wReserved2=0x101, wReserved3=0x0, varVal1=0x80070003, varVal2=0x0), pExcepInfo=0x19e93c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19e970*=0x5d3704) returned 0x80020009 [0287.524] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".") returned 0x50 [0287.524] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0287.528] WshShell:IUnknown:Release (This=0x990528) returned 0x1 [0287.532] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19ee10 | out: lpclsid=0x19ee10*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0287.533] CoGetClassObject (in: rclsid=0x5fdb04*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ea40 | out: ppv=0x19ea40*=0x991120) returned 0x0 [0287.534] WshShell:IUnknown:QueryInterface (in: This=0x991120, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0287.534] WshShell:IClassFactory:CreateInstance (in: This=0x991120, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x99056c) returned 0x0 [0287.534] WshShell:IUnknown:Release (This=0x991120) returned 0x0 [0287.534] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x99056c) returned 0x0 [0287.534] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e848 | out: ppvObject=0x19e848*=0x0) returned 0x80004002 [0287.534] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x99055c) returned 0x0 [0287.534] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x99055c, ppTI=0x19e66c | out: ppTI=0x19e66c*=0x645f20) returned 0x0 [0287.534] ITypeInfo:RemoteGetTypeAttr (in: This=0x645f20, ppTypeAttr=0x19e660, pDummy=0x159658ee | out: ppTypeAttr=0x19e660, pDummy=0x159658ee) returned 0x0 [0287.534] ITypeInfo:LocalReleaseTypeAttr (This=0x645f20) returned 0x0 [0287.534] WshShell:IUnknown:Release (This=0x99055c) returned 0x2 [0287.534] IUnknown:Release (This=0x645f20) returned 0x1 [0287.534] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e43c | out: ppvObject=0x19e43c*=0x0) returned 0x80004002 [0287.535] WshShell:IUnknown:AddRef (This=0x99056c) returned 0x3 [0287.535] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1a4 | out: ppvObject=0x19e1a4*=0x0) returned 0x80004002 [0287.535] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e154 | out: ppvObject=0x19e154*=0x0) returned 0x80004002 [0287.535] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e160 | out: ppvObject=0x19e160*=0x0) returned 0x80004002 [0287.535] CoGetContextToken (in: pToken=0x19e1c0 | out: pToken=0x19e1c0) returned 0x0 [0287.535] CoGetContextToken (in: pToken=0x19e5c8 | out: pToken=0x19e5c8) returned 0x0 [0287.535] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e658 | out: ppvObject=0x19e658*=0x0) returned 0x80004002 [0287.535] WshShell:IUnknown:Release (This=0x99056c) returned 0x2 [0287.535] WshShell:IUnknown:Release (This=0x99056c) returned 0x1 [0287.535] CoGetContextToken (in: pToken=0x19e9e0 | out: pToken=0x19e9e0) returned 0x0 [0287.535] WshShell:IUnknown:QueryInterface (in: This=0x99056c, riid=0x6b4091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea54 | out: ppvObject=0x19ea54*=0x990558) returned 0x0 [0287.535] WshShell:IDispatch:GetIDsOfNames (in: This=0x990558, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19ea50*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ea40 | out: rgDispId=0x19ea40*=2000) returned 0x0 [0287.535] WshShell:IDispatch:Invoke (in: This=0x990558, dispIdMember=2000, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x236afe0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64, pExcepInfo=0x19e93c, puArgErr=0x19e970 | out: pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x236afe0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64*(varType=0x0, wReserved1=0x0, wReserved2=0x101, wReserved3=0x0, varVal1=0x80070003, varVal2=0x0), pExcepInfo=0x19e93c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19e970*=0x5d3704) returned 0x80020009 [0287.536] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".") returned 0x50 [0287.537] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0287.539] WshShell:IUnknown:Release (This=0x990558) returned 0x1 [0287.542] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19ee10 | out: lpclsid=0x19ee10*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0287.544] CoGetClassObject (in: rclsid=0x5fdb04*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ea40 | out: ppv=0x19ea40*=0x991120) returned 0x0 [0287.544] WshShell:IUnknown:QueryInterface (in: This=0x991120, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0287.544] WshShell:IClassFactory:CreateInstance (in: This=0x991120, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x996534) returned 0x0 [0287.544] WshShell:IUnknown:Release (This=0x991120) returned 0x0 [0287.544] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x996534) returned 0x0 [0287.544] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e848 | out: ppvObject=0x19e848*=0x0) returned 0x80004002 [0287.544] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x996524) returned 0x0 [0287.544] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x996524, ppTI=0x19e66c | out: ppTI=0x19e66c*=0x645f20) returned 0x0 [0287.544] ITypeInfo:RemoteGetTypeAttr (in: This=0x645f20, ppTypeAttr=0x19e660, pDummy=0x159658ee | out: ppTypeAttr=0x19e660, pDummy=0x159658ee) returned 0x0 [0287.544] ITypeInfo:LocalReleaseTypeAttr (This=0x645f20) returned 0x0 [0287.544] WshShell:IUnknown:Release (This=0x996524) returned 0x2 [0287.545] IUnknown:Release (This=0x645f20) returned 0x1 [0287.545] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e43c | out: ppvObject=0x19e43c*=0x0) returned 0x80004002 [0287.545] WshShell:IUnknown:AddRef (This=0x996534) returned 0x3 [0287.545] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1a4 | out: ppvObject=0x19e1a4*=0x0) returned 0x80004002 [0287.545] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e154 | out: ppvObject=0x19e154*=0x0) returned 0x80004002 [0287.545] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e160 | out: ppvObject=0x19e160*=0x0) returned 0x80004002 [0287.545] CoGetContextToken (in: pToken=0x19e1c0 | out: pToken=0x19e1c0) returned 0x0 [0287.545] CoGetContextToken (in: pToken=0x19e5c8 | out: pToken=0x19e5c8) returned 0x0 [0287.545] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e658 | out: ppvObject=0x19e658*=0x0) returned 0x80004002 [0287.545] WshShell:IUnknown:Release (This=0x996534) returned 0x2 [0287.545] WshShell:IUnknown:Release (This=0x996534) returned 0x1 [0287.545] CoGetContextToken (in: pToken=0x19e9e0 | out: pToken=0x19e9e0) returned 0x0 [0287.545] WshShell:IUnknown:QueryInterface (in: This=0x996534, riid=0x6b4091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea54 | out: ppvObject=0x19ea54*=0x996520) returned 0x0 [0287.545] WshShell:IDispatch:GetIDsOfNames (in: This=0x996520, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19ea50*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ea40 | out: rgDispId=0x19ea40*=2000) returned 0x0 [0287.545] WshShell:IDispatch:Invoke (in: This=0x996520, dispIdMember=2000, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x236b624)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64, pExcepInfo=0x19e93c, puArgErr=0x19e970 | out: pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x236b624)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64*(varType=0x0, wReserved1=0x0, wReserved2=0x101, wReserved3=0x0, varVal1=0x80070003, varVal2=0x0), pExcepInfo=0x19e93c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19e970*=0x5d3704) returned 0x80020009 [0287.546] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".") returned 0x4e [0287.547] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0287.549] WshShell:IUnknown:Release (This=0x996520) returned 0x1 [0287.552] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x19ee10 | out: lpclsid=0x19ee10*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0287.554] CoGetClassObject (in: rclsid=0x5fdb04*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ea40 | out: ppv=0x19ea40*=0x991120) returned 0x0 [0287.554] WshShell:IUnknown:QueryInterface (in: This=0x991120, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0287.554] WshShell:IClassFactory:CreateInstance (in: This=0x991120, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x996564) returned 0x0 [0287.554] WshShell:IUnknown:Release (This=0x991120) returned 0x0 [0287.554] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x996564) returned 0x0 [0287.554] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e848 | out: ppvObject=0x19e848*=0x0) returned 0x80004002 [0287.554] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x996554) returned 0x0 [0287.554] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x996554, ppTI=0x19e66c | out: ppTI=0x19e66c*=0x645f20) returned 0x0 [0287.555] ITypeInfo:RemoteGetTypeAttr (in: This=0x645f20, ppTypeAttr=0x19e660, pDummy=0x159658ee | out: ppTypeAttr=0x19e660, pDummy=0x159658ee) returned 0x0 [0287.555] ITypeInfo:LocalReleaseTypeAttr (This=0x645f20) returned 0x0 [0287.555] WshShell:IUnknown:Release (This=0x996554) returned 0x2 [0287.555] IUnknown:Release (This=0x645f20) returned 0x1 [0287.555] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e43c | out: ppvObject=0x19e43c*=0x0) returned 0x80004002 [0287.555] WshShell:IUnknown:AddRef (This=0x996564) returned 0x3 [0287.555] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1a4 | out: ppvObject=0x19e1a4*=0x0) returned 0x80004002 [0287.555] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e154 | out: ppvObject=0x19e154*=0x0) returned 0x80004002 [0287.555] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e160 | out: ppvObject=0x19e160*=0x0) returned 0x80004002 [0287.555] CoGetContextToken (in: pToken=0x19e1c0 | out: pToken=0x19e1c0) returned 0x0 [0287.555] CoGetContextToken (in: pToken=0x19e5c8 | out: pToken=0x19e5c8) returned 0x0 [0287.555] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e658 | out: ppvObject=0x19e658*=0x0) returned 0x80004002 [0287.555] WshShell:IUnknown:Release (This=0x996564) returned 0x2 [0287.555] WshShell:IUnknown:Release (This=0x996564) returned 0x1 [0287.555] CoGetContextToken (in: pToken=0x19e9e0 | out: pToken=0x19e9e0) returned 0x0 [0287.555] WshShell:IUnknown:QueryInterface (in: This=0x996564, riid=0x6b4091c8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea54 | out: ppvObject=0x19ea54*=0x996550) returned 0x0 [0287.555] WshShell:IDispatch:GetIDsOfNames (in: This=0x996550, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x19ea50*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x19ea40 | out: rgDispId=0x19ea40*=2000) returned 0x0 [0287.556] WshShell:IDispatch:Invoke (in: This=0x996550, dispIdMember=2000, riid=0x6b2bc51c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x236bc6c)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64, pExcepInfo=0x19e93c, puArgErr=0x19e970 | out: pDispParams=0x19ebd4*(rgvarg=([0]=0x19ea60*(varType=0x4008, wReserved1=0x6b5b, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ea30*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x236bc6c)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x19eb64*(varType=0x0, wReserved1=0x0, wReserved2=0x101, wReserved3=0x0, varVal1=0x80070003, varVal2=0x0), pExcepInfo=0x19e93c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x19e970*=0x5d3704) returned 0x80020009 [0287.556] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".") returned 0x50 [0287.557] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0287.559] WshShell:IUnknown:Release (This=0x996550) returned 0x1 [0287.594] CoTaskMemAlloc (cb=0x20c) returned 0x5e4720 [0287.594] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e4720, nSize=0x104 | out: lpBuffer="") returned 0x25 [0287.594] CoTaskMemFree (pv=0x5e4720) [0287.596] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0287.596] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0287.596] CoTaskMemFree (pv=0x5e4fc0) [0287.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19e990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0287.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", nBufferLength=0x105, lpBuffer=0x19e9ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFilePart=0x0) returned 0x57 [0287.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19e980, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0287.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x19e984, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x51 [0287.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee54) returned 1 [0287.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x19e95c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x51 [0287.654] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19e930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0287.655] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFindFileData=0x19eb7c | out: lpFindFileData=0x19eb7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0287.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee18) returned 1 [0287.687] SetErrorInfo (dwReserved=0x0, perrinfo=0x56c814) returned 0x0 [0287.688] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0287.734] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0287.734] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e4fc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0287.735] CoTaskMemFree (pv=0x5e4fc0) [0287.735] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0287.736] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x19ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x2b [0287.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee4) returned 1 [0287.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x236e9dc | out: lpFileInformation=0x236e9dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee0) returned 1 [0287.740] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0287.755] CoTaskMemAlloc (cb=0x20c) returned 0x5e5cb0 [0287.755] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e5cb0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0287.755] CoTaskMemFree (pv=0x5e5cb0) [0287.755] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0287.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x19ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x44 [0287.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eea8) returned 1 [0287.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x19ef24 | out: lpFileInformation=0x19ef24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eea4) returned 1 [0287.765] CoTaskMemAlloc (cb=0x20c) returned 0x5e5410 [0287.765] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e5410 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0287.766] CoTaskMemFree (pv=0x5e5410) [0287.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0287.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ea44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0287.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eea0) returned 1 [0287.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19ef1c | out: lpFileInformation=0x19ef1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee9c) returned 1 [0287.769] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x19ea4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x58 [0287.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeac) returned 1 [0287.769] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x19ef28 | out: lpFileInformation=0x19ef28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eea8) returned 1 [0287.773] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0287.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0287.773] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0287.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0287.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0287.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0287.777] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0287.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0287.824] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0287.824] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0287.824] CoTaskMemFree (pv=0x5e4fc0) [0287.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x19ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x3b [0287.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0287.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x19eefc | out: lpFileInformation=0x19eefc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0287.851] CoTaskMemAlloc (cb=0x20c) returned 0x5e5cb0 [0287.851] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e5cb0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0287.851] CoTaskMemFree (pv=0x5e5cb0) [0287.853] CoTaskMemAlloc (cb=0x20c) returned 0x5e5cb0 [0287.853] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e5cb0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0287.853] CoTaskMemFree (pv=0x5e5cb0) [0287.855] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles", nBufferLength=0x105, lpBuffer=0x19ea24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles", lpFilePart=0x0) returned 0x32 [0287.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0287.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\psi\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x19eefc | out: lpFileInformation=0x19eefc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0287.856] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles", nBufferLength=0x105, lpBuffer=0x19ea24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles", lpFilePart=0x0) returned 0x33 [0287.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0287.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\psi+\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x19eefc | out: lpFileInformation=0x19eefc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0287.859] CoTaskMemAlloc (cb=0x20c) returned 0x5e42d0 [0287.859] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e42d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0287.859] CoTaskMemFree (pv=0x5e42d0) [0287.860] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0287.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef2c) returned 1 [0287.863] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x19ea34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0287.863] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x19ea08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0287.863] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\*", lpFindFileData=0x19ec54 | out: lpFindFileData=0x19ec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0287.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eef0) returned 1 [0287.951] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.951] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.952] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.952] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.953] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.953] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.953] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.953] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.953] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.953] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.953] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.954] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.954] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee3c | out: phkResult=0x19ee3c*=0x0) returned 0x2 [0287.955] CoTaskMemAlloc (cb=0x20c) returned 0x5e4720 [0287.955] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5e4720, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.955] CoTaskMemFree (pv=0x5e4720) [0287.956] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0287.956] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.956] CoTaskMemFree (pv=0x5e4fc0) [0287.958] CoTaskMemAlloc (cb=0x20c) returned 0x5e4948 [0287.958] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5e4948, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.958] CoTaskMemFree (pv=0x5e4948) [0287.958] CoTaskMemAlloc (cb=0x20c) returned 0x5e5cb0 [0287.958] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5e5cb0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.958] CoTaskMemFree (pv=0x5e5cb0) [0287.958] CoTaskMemAlloc (cb=0x20c) returned 0x5e51e8 [0287.958] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5e51e8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.958] CoTaskMemFree (pv=0x5e51e8) [0287.959] CoTaskMemAlloc (cb=0x20c) returned 0x5e42d0 [0287.959] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5e42d0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.959] CoTaskMemFree (pv=0x5e42d0) [0287.959] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0287.959] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.959] CoTaskMemFree (pv=0x5e4fc0) [0287.960] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0287.960] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0287.960] CoTaskMemFree (pv=0x5e4fc0) [0287.960] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0287.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.960] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0287.960] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0287.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.960] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0287.961] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0287.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.961] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0287.961] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0287.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.961] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0287.961] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0287.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.961] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0287.961] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0287.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.961] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0287.962] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0287.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.962] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0287.962] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19e970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0287.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edd0) returned 1 [0287.962] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ee4c | out: lpFileInformation=0x19ee4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0287.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edcc) returned 1 [0288.006] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x19edac | out: phkResult=0x19edac*=0x0) returned 0x2 [0288.008] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x19edac | out: phkResult=0x19edac*=0x0) returned 0x2 [0288.009] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x19e918, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb [0288.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ed74) returned 1 [0288.009] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x19edf0 | out: lpFileInformation=0x19edf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0288.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ed70) returned 1 [0288.010] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x19e918, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8 [0288.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ed74) returned 1 [0288.011] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19edf0 | out: lpFileInformation=0x19edf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0288.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ed70) returned 1 [0288.011] CoTaskMemAlloc (cb=0x20c) returned 0x5e5cb0 [0288.011] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e5cb0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0288.011] CoTaskMemFree (pv=0x5e5cb0) [0288.011] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0288.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19e918, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4c [0288.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ed74) returned 1 [0288.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19edf0 | out: lpFileInformation=0x19edf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0288.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ed70) returned 1 [0288.013] CoTaskMemAlloc (cb=0x20c) returned 0x5e5638 [0288.013] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e5638 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0288.013] CoTaskMemFree (pv=0x5e5638) [0288.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0288.014] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19e918, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x52 [0288.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ed74) returned 1 [0288.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19edf0 | out: lpFileInformation=0x19edf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0288.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ed70) returned 1 [0288.019] CoTaskMemAlloc (cb=0x20c) returned 0x5e4fc0 [0288.019] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5e4fc0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0288.019] CoTaskMemFree (pv=0x5e4fc0) [0288.019] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x19e904, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0288.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edf8) returned 1 [0288.020] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4d0) returned 1 [0288.054] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\DownloadManager\\Passwords", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef08 | out: phkResult=0x19ef08*=0x0) returned 0x2 [0288.059] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0288.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.059] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.062] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0288.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.063] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.072] CoTaskMemAlloc (cb=0x20c) returned 0x5e4720 [0288.072] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5e4720 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0288.072] CoTaskMemFree (pv=0x5e4720) [0288.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0288.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x19ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x48 [0288.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eea8) returned 1 [0288.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x19ef24 | out: lpFileInformation=0x19ef24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0288.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eea4) returned 1 [0288.083] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0288.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.083] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0288.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.087] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.099] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0288.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.099] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.105] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0288.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.105] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.112] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0288.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.112] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.115] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0288.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ede8) returned 1 [0288.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0288.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d4c0) returned 1 [0288.134] GetUserNameW (in: lpBuffer=0x19ed28, pcbBuffer=0x2385078 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x2385078) returned 1 [0288.136] GetComputerNameW (in: lpBuffer=0x19ed28, nSize=0x2385540 | out: lpBuffer="XC64ZB", nSize=0x2385540) returned 1 [0288.187] GetUserNameW (in: lpBuffer=0x19ed18, pcbBuffer=0x2388e10 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x2388e10) returned 1 [0288.190] GetComputerNameW (in: lpBuffer=0x19ed18, nSize=0x23892a8 | out: lpBuffer="XC64ZB", nSize=0x23892a8) returned 1 [0288.221] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454 [0288.221] SetEvent (hEvent=0x3e0) returned 1 [0288.221] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ee98*=0x454, lpdwindex=0x19ecb4 | out: lpdwindex=0x19ecb4) returned 0x0 [0288.227] CoGetContextToken (in: pToken=0x19ed68 | out: pToken=0x19ed68) returned 0x0 [0288.227] CoGetContextToken (in: pToken=0x19ecc8 | out: pToken=0x19ecc8) returned 0x0 [0288.227] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x19ed98*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19ed94 | out: ppvObject=0x19ed94*=0x5ecb50) returned 0x0 [0288.227] WbemDefPath:IUnknown:AddRef (This=0x5ecb50) returned 0x3 [0288.227] WbemDefPath:IUnknown:Release (This=0x5ecb50) returned 0x2 [0288.227] WbemDefPath:IWbemPath:SetText (This=0x5ecb50, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0288.227] WbemDefPath:IWbemPath:GetInfo (in: This=0x5ecb50, uRequestedInfo=0x0, puResponse=0x19ef44 | out: puResponse=0x19ef44*=0xc15) returned 0x0 [0288.228] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecb50, puCount=0x19ef3c | out: puCount=0x19ef3c*=0x0) returned 0x0 [0288.229] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19ef14 | out: puCount=0x19ef14*=0x2) returned 0x0 [0288.229] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19ef10*=0x0, pszText=0x0 | out: puBuffLength=0x19ef10*=0xf, pszText=0x0) returned 0x0 [0288.229] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19ef10*=0xf, pszText="00000000000000" | out: puBuffLength=0x19ef10*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.290] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19edb0*=0x4d4, lpdwindex=0x19ec64 | out: lpdwindex=0x19ec64) returned 0x0 [0288.331] CoGetContextToken (in: pToken=0x19eb70 | out: pToken=0x19eb70) returned 0x0 [0288.331] CoGetContextToken (in: pToken=0x19eb18 | out: pToken=0x19eb18) returned 0x0 [0288.331] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b368724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaf8 | out: ppvObject=0x19eaf8*=0x5a0148) returned 0x0 [0288.331] CObjectContext::ContextCallback () returned 0x0 [0288.337] IUnknown:Release (This=0x5a0148) returned 0x1 [0288.337] CoUnmarshalInterface (in: pStm=0x62f438, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb60 | out: ppv=0x19eb60*=0x60da78) returned 0x0 [0288.338] CoMarshalInterface (pStm=0x62f438, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60da78, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0288.339] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea04 | out: ppvObject=0x19ea04*=0x60da78) returned 0x0 [0288.339] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x0) returned 0x80004002 [0288.341] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002 [0288.342] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0288.344] WbemLocator:IUnknown:AddRef (This=0x60da78) returned 0x3 [0288.344] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e31c | out: ppvObject=0x19e31c*=0x0) returned 0x80004002 [0288.344] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2cc | out: ppvObject=0x19e2cc*=0x0) returned 0x80004002 [0288.344] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2d8 | out: ppvObject=0x19e2d8*=0x60d9d4) returned 0x0 [0288.344] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60d9d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e2e0 | out: pCid=0x19e2e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.344] WbemLocator:IUnknown:Release (This=0x60d9d4) returned 0x3 [0288.344] CoGetContextToken (in: pToken=0x19e338 | out: pToken=0x19e338) returned 0x0 [0288.344] CoGetContextToken (in: pToken=0x19e740 | out: pToken=0x19e740) returned 0x0 [0288.344] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7d0 | out: ppvObject=0x19e7d0*=0x60da5c) returned 0x0 [0288.344] WbemLocator:IRpcOptions:Query (in: This=0x60da5c, pPrx=0x60da78, dwProperty=2, pdwValue=0x19e7f8 | out: pdwValue=0x19e7f8) returned 0x0 [0288.344] WbemLocator:IUnknown:Release (This=0x60da5c) returned 0x3 [0288.345] WbemLocator:IUnknown:Release (This=0x60da78) returned 0x2 [0288.345] WbemLocator:IUnknown:Release (This=0x60da78) returned 0x1 [0288.345] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0288.345] WbemLocator:IUnknown:AddRef (This=0x60da78) returned 0x2 [0288.345] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed68 | out: ppvObject=0x19ed68*=0x60da54) returned 0x0 [0288.345] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60da54, pProxy=0x60da78, pAuthnSvc=0x19edb8, pAuthzSvc=0x19edb4, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0, pImpLevel=0x19eda0, pAuthInfo=0x19eda4, pCapabilites=0x19eda8 | out: pAuthnSvc=0x19edb8*=0xa, pAuthzSvc=0x19edb4*=0x0, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0*=0x6, pImpLevel=0x19eda0*=0x2, pAuthInfo=0x19eda4, pCapabilites=0x19eda8*=0x1) returned 0x0 [0288.345] WbemLocator:IUnknown:Release (This=0x60da54) returned 0x2 [0288.345] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed5c | out: ppvObject=0x19ed5c*=0x60da78) returned 0x0 [0288.345] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed58 | out: ppvObject=0x19ed58*=0x60da54) returned 0x0 [0288.345] WbemLocator:IClientSecurity:SetBlanket (This=0x60da54, pProxy=0x60da78, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.345] WbemLocator:IUnknown:Release (This=0x60da54) returned 0x3 [0288.345] WbemLocator:IUnknown:Release (This=0x60da78) returned 0x2 [0288.345] CoTaskMemFree (pv=0x5fd8e8) [0288.346] WbemLocator:IUnknown:Release (This=0x60da78) returned 0x1 [0288.346] SysStringLen (param_1=0x0) returned 0x0 [0288.346] CoGetContextToken (in: pToken=0x19ed20 | out: pToken=0x19ed20) returned 0x0 [0288.346] CoGetContextToken (in: pToken=0x19ec80 | out: pToken=0x19ec80) returned 0x0 [0288.346] WbemLocator:IUnknown:QueryInterface (in: This=0x60da78, riid=0x19ed50*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ed4c | out: ppvObject=0x19ed4c*=0x60cd18) returned 0x0 [0288.348] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0288.348] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0288.348] CoGetContextToken (in: pToken=0x19ece0 | out: pToken=0x19ece0) returned 0x0 [0288.348] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0288.348] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed68 | out: ppvObject=0x19ed68*=0x60da54) returned 0x0 [0288.348] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60da54, pProxy=0x60cd18, pAuthnSvc=0x19edb8, pAuthzSvc=0x19edb4, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0, pImpLevel=0x19eda0, pAuthInfo=0x19eda4, pCapabilites=0x19eda8 | out: pAuthnSvc=0x19edb8*=0xa, pAuthzSvc=0x19edb4*=0x0, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0*=0x6, pImpLevel=0x19eda0*=0x2, pAuthInfo=0x19eda4, pCapabilites=0x19eda8*=0x1) returned 0x0 [0288.348] WbemLocator:IUnknown:Release (This=0x60da54) returned 0x3 [0288.348] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed5c | out: ppvObject=0x19ed5c*=0x60da78) returned 0x0 [0288.348] WbemLocator:IUnknown:QueryInterface (in: This=0x60cd18, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed58 | out: ppvObject=0x19ed58*=0x60da54) returned 0x0 [0288.348] WbemLocator:IClientSecurity:SetBlanket (This=0x60da54, pProxy=0x60cd18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.348] WbemLocator:IUnknown:Release (This=0x60da54) returned 0x4 [0288.348] WbemLocator:IUnknown:Release (This=0x60da78) returned 0x3 [0288.348] CoTaskMemFree (pv=0x5fdbe8) [0288.349] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0288.349] SysStringLen (param_1=0x0) returned 0x0 [0288.349] CoGetContextToken (in: pToken=0x19ec58 | out: pToken=0x19ec58) returned 0x0 [0288.349] WbemLocator:IUnknown:AddRef (This=0x60cd18) returned 0x3 [0288.349] IWbemServices:ExecQuery (in: This=0x60cd18, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x19ee74 | out: ppEnum=0x19ee74*=0x5efa80) returned 0x0 [0288.381] IUnknown:QueryInterface (in: This=0x5efa80, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eccc | out: ppvObject=0x19eccc*=0x5efa84) returned 0x0 [0288.381] IClientSecurity:QueryBlanket (in: This=0x5efa84, pProxy=0x5efa80, pAuthnSvc=0x19ed1c, pAuthzSvc=0x19ed18, pServerPrincName=0x19ed10, pAuthnLevel=0x19ed14, pImpLevel=0x19ed04, pAuthInfo=0x19ed08, pCapabilites=0x19ed0c | out: pAuthnSvc=0x19ed1c*=0xa, pAuthzSvc=0x19ed18*=0x0, pServerPrincName=0x19ed10, pAuthnLevel=0x19ed14*=0x6, pImpLevel=0x19ed04*=0x2, pAuthInfo=0x19ed08, pCapabilites=0x19ed0c*=0x1) returned 0x0 [0288.381] IUnknown:Release (This=0x5efa84) returned 0x1 [0288.381] IUnknown:QueryInterface (in: This=0x5efa80, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecc0 | out: ppvObject=0x19ecc0*=0x60d478) returned 0x0 [0288.381] IUnknown:QueryInterface (in: This=0x5efa80, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecbc | out: ppvObject=0x19ecbc*=0x5efa84) returned 0x0 [0288.381] IClientSecurity:SetBlanket (This=0x5efa84, pProxy=0x5efa80, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.490] IUnknown:Release (This=0x5efa84) returned 0x2 [0288.490] WbemLocator:IUnknown:Release (This=0x60d478) returned 0x1 [0288.490] CoTaskMemFree (pv=0x5fdc18) [0288.491] IUnknown:QueryInterface (in: This=0x5efa80, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b8 | out: ppvObject=0x19e8b8*=0x60d478) returned 0x0 [0288.491] WbemLocator:IUnknown:QueryInterface (in: This=0x60d478, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e874 | out: ppvObject=0x19e874*=0x0) returned 0x80004002 [0288.520] WbemLocator:IUnknown:QueryInterface (in: This=0x60d478, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e694 | out: ppvObject=0x19e694*=0x0) returned 0x80004002 [0288.543] IUnknown:QueryInterface (in: This=0x5efa80, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e46c | out: ppvObject=0x19e46c*=0x0) returned 0x80004002 [0288.572] WbemLocator:IUnknown:AddRef (This=0x60d478) returned 0x3 [0288.572] WbemLocator:IUnknown:QueryInterface (in: This=0x60d478, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1d4 | out: ppvObject=0x19e1d4*=0x0) returned 0x80004002 [0288.572] WbemLocator:IUnknown:QueryInterface (in: This=0x60d478, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e184 | out: ppvObject=0x19e184*=0x0) returned 0x80004002 [0288.572] WbemLocator:IUnknown:QueryInterface (in: This=0x60d478, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e190 | out: ppvObject=0x19e190*=0x60d3d4) returned 0x0 [0288.573] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60d3d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e198 | out: pCid=0x19e198*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.573] WbemLocator:IUnknown:Release (This=0x60d3d4) returned 0x3 [0288.573] CoGetContextToken (in: pToken=0x19e1f0 | out: pToken=0x19e1f0) returned 0x0 [0288.573] CoGetContextToken (in: pToken=0x19e5f8 | out: pToken=0x19e5f8) returned 0x0 [0288.573] WbemLocator:IUnknown:QueryInterface (in: This=0x60d478, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e688 | out: ppvObject=0x19e688*=0x60d45c) returned 0x0 [0288.573] WbemLocator:IRpcOptions:Query (in: This=0x60d45c, pPrx=0x60d478, dwProperty=2, pdwValue=0x19e6b0 | out: pdwValue=0x19e6b0) returned 0x80004002 [0288.573] WbemLocator:IUnknown:Release (This=0x60d45c) returned 0x3 [0288.573] WbemLocator:IUnknown:Release (This=0x60d478) returned 0x2 [0288.573] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0288.573] CoGetContextToken (in: pToken=0x19eb28 | out: pToken=0x19eb28) returned 0x0 [0288.573] WbemLocator:IUnknown:QueryInterface (in: This=0x60d478, riid=0x19ebf8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ebf4 | out: ppvObject=0x19ebf4*=0x5efa80) returned 0x0 [0288.573] IUnknown:AddRef (This=0x5efa80) returned 0x4 [0288.573] IUnknown:Release (This=0x5efa80) returned 0x3 [0288.573] IUnknown:Release (This=0x5efa80) returned 0x2 [0288.574] WbemLocator:IUnknown:Release (This=0x60cd18) returned 0x2 [0288.574] SysStringLen (param_1=0x0) returned 0x0 [0288.574] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19eec0 | out: puCount=0x19eec0*=0x2) returned 0x0 [0288.574] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eebc*=0x0, pszText=0x0 | out: puBuffLength=0x19eebc*=0xf, pszText=0x0) returned 0x0 [0288.574] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eebc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19eebc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.574] CoGetContextToken (in: pToken=0x19ed00 | out: pToken=0x19ed00) returned 0x0 [0288.574] IUnknown:AddRef (This=0x5efa80) returned 0x3 [0288.574] IEnumWbemClassObject:Clone (in: This=0x5efa80, ppEnum=0x19eebc | out: ppEnum=0x19eebc*=0x5efda0) returned 0x0 [0288.577] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed80 | out: ppvObject=0x19ed80*=0x5efda4) returned 0x0 [0288.577] IClientSecurity:QueryBlanket (in: This=0x5efda4, pProxy=0x5efda0, pAuthnSvc=0x19edd0, pAuthzSvc=0x19edcc, pServerPrincName=0x19edc4, pAuthnLevel=0x19edc8, pImpLevel=0x19edb8, pAuthInfo=0x19edbc, pCapabilites=0x19edc0 | out: pAuthnSvc=0x19edd0*=0xa, pAuthzSvc=0x19edcc*=0x0, pServerPrincName=0x19edc4, pAuthnLevel=0x19edc8*=0x6, pImpLevel=0x19edb8*=0x2, pAuthInfo=0x19edbc, pCapabilites=0x19edc0*=0x1) returned 0x0 [0288.577] IUnknown:Release (This=0x5efda4) returned 0x1 [0288.577] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x60d778) returned 0x0 [0288.577] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed70 | out: ppvObject=0x19ed70*=0x5efda4) returned 0x0 [0288.577] IClientSecurity:SetBlanket (This=0x5efda4, pProxy=0x5efda0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.581] IUnknown:Release (This=0x5efda4) returned 0x2 [0288.581] WbemLocator:IUnknown:Release (This=0x60d778) returned 0x1 [0288.581] CoTaskMemFree (pv=0x5fdc18) [0288.581] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e95c | out: ppvObject=0x19e95c*=0x60d778) returned 0x0 [0288.581] WbemLocator:IUnknown:QueryInterface (in: This=0x60d778, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e918 | out: ppvObject=0x19e918*=0x0) returned 0x80004002 [0288.583] WbemLocator:IUnknown:QueryInterface (in: This=0x60d778, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e734 | out: ppvObject=0x19e734*=0x0) returned 0x80004002 [0288.585] IUnknown:QueryInterface (in: This=0x5efda0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e50c | out: ppvObject=0x19e50c*=0x0) returned 0x80004002 [0288.587] WbemLocator:IUnknown:AddRef (This=0x60d778) returned 0x3 [0288.587] WbemLocator:IUnknown:QueryInterface (in: This=0x60d778, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e274 | out: ppvObject=0x19e274*=0x0) returned 0x80004002 [0288.587] WbemLocator:IUnknown:QueryInterface (in: This=0x60d778, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e224 | out: ppvObject=0x19e224*=0x0) returned 0x80004002 [0288.587] WbemLocator:IUnknown:QueryInterface (in: This=0x60d778, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e230 | out: ppvObject=0x19e230*=0x60d6d4) returned 0x0 [0288.587] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60d6d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e238 | out: pCid=0x19e238*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.587] WbemLocator:IUnknown:Release (This=0x60d6d4) returned 0x3 [0288.587] CoGetContextToken (in: pToken=0x19e290 | out: pToken=0x19e290) returned 0x0 [0288.587] CoGetContextToken (in: pToken=0x19e698 | out: pToken=0x19e698) returned 0x0 [0288.587] WbemLocator:IUnknown:QueryInterface (in: This=0x60d778, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e728 | out: ppvObject=0x19e728*=0x60d75c) returned 0x0 [0288.587] WbemLocator:IRpcOptions:Query (in: This=0x60d75c, pPrx=0x60d778, dwProperty=2, pdwValue=0x19e750 | out: pdwValue=0x19e750) returned 0x80004002 [0288.587] WbemLocator:IUnknown:Release (This=0x60d75c) returned 0x3 [0288.587] WbemLocator:IUnknown:Release (This=0x60d778) returned 0x2 [0288.587] CoGetContextToken (in: pToken=0x19ec70 | out: pToken=0x19ec70) returned 0x0 [0288.587] CoGetContextToken (in: pToken=0x19ebd0 | out: pToken=0x19ebd0) returned 0x0 [0288.587] WbemLocator:IUnknown:QueryInterface (in: This=0x60d778, riid=0x19eca0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x5efda0) returned 0x0 [0288.588] IUnknown:AddRef (This=0x5efda0) returned 0x4 [0288.588] IUnknown:Release (This=0x5efda0) returned 0x3 [0288.588] IUnknown:Release (This=0x5efda0) returned 0x2 [0288.588] IUnknown:Release (This=0x5efa80) returned 0x2 [0288.588] SysStringLen (param_1=0x0) returned 0x0 [0288.588] IEnumWbemClassObject:Reset (This=0x5efda0) returned 0x0 [0288.591] CoTaskMemAlloc (cb=0x4) returned 0x5f6c88 [0288.591] IEnumWbemClassObject:Next (in: This=0x5efda0, lTimeout=-1, uCount=0x1, apObjects=0x5f6c88, puReturned=0x238a89c | out: apObjects=0x5f6c88*=0x5f1b68, puReturned=0x238a89c*=0x1) returned 0x0 [0288.599] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e520 | out: ppvObject=0x19e520*=0x5f1b68) returned 0x0 [0288.599] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e4dc | out: ppvObject=0x19e4dc*=0x0) returned 0x80004002 [0288.599] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e2fc | out: ppvObject=0x19e2fc*=0x0) returned 0x80004002 [0288.599] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e0d4 | out: ppvObject=0x19e0d4*=0x0) returned 0x80004002 [0288.600] IUnknown:AddRef (This=0x5f1b68) returned 0x3 [0288.600] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19de3c | out: ppvObject=0x19de3c*=0x0) returned 0x80004002 [0288.600] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ddec | out: ppvObject=0x19ddec*=0x0) returned 0x80004002 [0288.600] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ddf8 | out: ppvObject=0x19ddf8*=0x5f1b6c) returned 0x0 [0288.600] IMarshal:GetUnmarshalClass (in: This=0x5f1b6c, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19de00 | out: pCid=0x19de00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0288.600] IUnknown:Release (This=0x5f1b6c) returned 0x3 [0288.600] CoGetContextToken (in: pToken=0x19de58 | out: pToken=0x19de58) returned 0x0 [0288.600] CoGetContextToken (in: pToken=0x19e260 | out: pToken=0x19e260) returned 0x0 [0288.600] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2f0 | out: ppvObject=0x19e2f0*=0x0) returned 0x80004002 [0288.600] IUnknown:Release (This=0x5f1b68) returned 0x2 [0288.600] CoGetContextToken (in: pToken=0x19e830 | out: pToken=0x19e830) returned 0x0 [0288.601] CoGetContextToken (in: pToken=0x19e790 | out: pToken=0x19e790) returned 0x0 [0288.601] IUnknown:QueryInterface (in: This=0x5f1b68, riid=0x19e860*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19e85c | out: ppvObject=0x19e85c*=0x5f1b68) returned 0x0 [0288.601] IUnknown:AddRef (This=0x5f1b68) returned 0x4 [0288.601] IUnknown:Release (This=0x5f1b68) returned 0x3 [0288.601] IUnknown:Release (This=0x5f1b68) returned 0x2 [0288.601] CoTaskMemFree (pv=0x5f6c88) [0288.601] CoGetContextToken (in: pToken=0x19eb98 | out: pToken=0x19eb98) returned 0x0 [0288.601] IUnknown:AddRef (This=0x5f1b68) returned 0x3 [0288.601] CoTaskMemAlloc (cb=0x4) returned 0x5f6aa8 [0288.601] IEnumWbemClassObject:Next (in: This=0x5efda0, lTimeout=-1, uCount=0x1, apObjects=0x5f6aa8, puReturned=0x238a89c | out: apObjects=0x5f6aa8*=0x0, puReturned=0x238a89c*=0x0) returned 0x1 [0288.603] CoTaskMemFree (pv=0x5f6aa8) [0288.603] CoGetContextToken (in: pToken=0x19ed10 | out: pToken=0x19ed10) returned 0x0 [0288.603] IUnknown:AddRef (This=0x5efa80) returned 0x3 [0288.604] IEnumWbemClassObject:Clone (in: This=0x5efa80, ppEnum=0x19eecc | out: ppEnum=0x19eecc*=0x5efb48) returned 0x0 [0288.606] IUnknown:QueryInterface (in: This=0x5efb48, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed90 | out: ppvObject=0x19ed90*=0x5efb4c) returned 0x0 [0288.606] IClientSecurity:QueryBlanket (in: This=0x5efb4c, pProxy=0x5efb48, pAuthnSvc=0x19ede0, pAuthzSvc=0x19eddc, pServerPrincName=0x19edd4, pAuthnLevel=0x19edd8, pImpLevel=0x19edc8, pAuthInfo=0x19edcc, pCapabilites=0x19edd0 | out: pAuthnSvc=0x19ede0*=0xa, pAuthzSvc=0x19eddc*=0x0, pServerPrincName=0x19edd4, pAuthnLevel=0x19edd8*=0x6, pImpLevel=0x19edc8*=0x2, pAuthInfo=0x19edcc, pCapabilites=0x19edd0*=0x1) returned 0x0 [0288.606] IUnknown:Release (This=0x5efb4c) returned 0x1 [0288.606] IUnknown:QueryInterface (in: This=0x5efb48, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed84 | out: ppvObject=0x19ed84*=0x60dc78) returned 0x0 [0288.606] IUnknown:QueryInterface (in: This=0x5efb48, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed80 | out: ppvObject=0x19ed80*=0x5efb4c) returned 0x0 [0288.606] IClientSecurity:SetBlanket (This=0x5efb4c, pProxy=0x5efb48, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.610] IUnknown:Release (This=0x5efb4c) returned 0x2 [0288.610] WbemLocator:IUnknown:Release (This=0x60dc78) returned 0x1 [0288.610] CoTaskMemFree (pv=0x5fdfa8) [0288.610] IUnknown:QueryInterface (in: This=0x5efb48, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e96c | out: ppvObject=0x19e96c*=0x60dc78) returned 0x0 [0288.611] WbemLocator:IUnknown:QueryInterface (in: This=0x60dc78, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e928 | out: ppvObject=0x19e928*=0x0) returned 0x80004002 [0288.612] WbemLocator:IUnknown:QueryInterface (in: This=0x60dc78, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002 [0288.614] IUnknown:QueryInterface (in: This=0x5efb48, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e51c | out: ppvObject=0x19e51c*=0x0) returned 0x80004002 [0288.616] WbemLocator:IUnknown:AddRef (This=0x60dc78) returned 0x3 [0288.616] WbemLocator:IUnknown:QueryInterface (in: This=0x60dc78, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e284 | out: ppvObject=0x19e284*=0x0) returned 0x80004002 [0288.616] WbemLocator:IUnknown:QueryInterface (in: This=0x60dc78, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e234 | out: ppvObject=0x19e234*=0x0) returned 0x80004002 [0288.616] WbemLocator:IUnknown:QueryInterface (in: This=0x60dc78, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e240 | out: ppvObject=0x19e240*=0x60dbd4) returned 0x0 [0288.616] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60dbd4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e248 | out: pCid=0x19e248*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.616] WbemLocator:IUnknown:Release (This=0x60dbd4) returned 0x3 [0288.616] CoGetContextToken (in: pToken=0x19e2a0 | out: pToken=0x19e2a0) returned 0x0 [0288.616] CoGetContextToken (in: pToken=0x19e6a8 | out: pToken=0x19e6a8) returned 0x0 [0288.616] WbemLocator:IUnknown:QueryInterface (in: This=0x60dc78, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e738 | out: ppvObject=0x19e738*=0x60dc5c) returned 0x0 [0288.616] WbemLocator:IRpcOptions:Query (in: This=0x60dc5c, pPrx=0x60dc78, dwProperty=2, pdwValue=0x19e760 | out: pdwValue=0x19e760) returned 0x80004002 [0288.616] WbemLocator:IUnknown:Release (This=0x60dc5c) returned 0x3 [0288.617] WbemLocator:IUnknown:Release (This=0x60dc78) returned 0x2 [0288.617] CoGetContextToken (in: pToken=0x19ec80 | out: pToken=0x19ec80) returned 0x0 [0288.617] CoGetContextToken (in: pToken=0x19ebe0 | out: pToken=0x19ebe0) returned 0x0 [0288.617] WbemLocator:IUnknown:QueryInterface (in: This=0x60dc78, riid=0x19ecb0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ecac | out: ppvObject=0x19ecac*=0x5efb48) returned 0x0 [0288.617] IUnknown:AddRef (This=0x5efb48) returned 0x4 [0288.617] IUnknown:Release (This=0x5efb48) returned 0x3 [0288.617] IUnknown:Release (This=0x5efb48) returned 0x2 [0288.617] IUnknown:Release (This=0x5efa80) returned 0x2 [0288.617] SysStringLen (param_1=0x0) returned 0x0 [0288.617] IEnumWbemClassObject:Reset (This=0x5efb48) returned 0x0 [0288.619] CoTaskMemAlloc (cb=0x4) returned 0x5f6b58 [0288.619] IEnumWbemClassObject:Next (in: This=0x5efb48, lTimeout=-1, uCount=0x1, apObjects=0x5f6b58, puReturned=0x238a980 | out: apObjects=0x5f6b58*=0x639be0, puReturned=0x238a980*=0x1) returned 0x0 [0288.624] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e530 | out: ppvObject=0x19e530*=0x639be0) returned 0x0 [0288.624] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e4ec | out: ppvObject=0x19e4ec*=0x0) returned 0x80004002 [0288.624] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e30c | out: ppvObject=0x19e30c*=0x0) returned 0x80004002 [0288.624] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e0e4 | out: ppvObject=0x19e0e4*=0x0) returned 0x80004002 [0288.625] IUnknown:AddRef (This=0x639be0) returned 0x3 [0288.625] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19de4c | out: ppvObject=0x19de4c*=0x0) returned 0x80004002 [0288.625] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ddfc | out: ppvObject=0x19ddfc*=0x0) returned 0x80004002 [0288.625] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19de08 | out: ppvObject=0x19de08*=0x639be4) returned 0x0 [0288.625] IMarshal:GetUnmarshalClass (in: This=0x639be4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19de10 | out: pCid=0x19de10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0288.625] IUnknown:Release (This=0x639be4) returned 0x3 [0288.625] CoGetContextToken (in: pToken=0x19de68 | out: pToken=0x19de68) returned 0x0 [0288.625] CoGetContextToken (in: pToken=0x19e270 | out: pToken=0x19e270) returned 0x0 [0288.625] IUnknown:QueryInterface (in: This=0x639be0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e300 | out: ppvObject=0x19e300*=0x0) returned 0x80004002 [0288.625] IUnknown:Release (This=0x639be0) returned 0x2 [0288.625] CoGetContextToken (in: pToken=0x19e840 | out: pToken=0x19e840) returned 0x0 [0288.625] CoGetContextToken (in: pToken=0x19e7a0 | out: pToken=0x19e7a0) returned 0x0 [0288.625] IUnknown:QueryInterface (in: This=0x639be0, riid=0x19e870*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19e86c | out: ppvObject=0x19e86c*=0x639be0) returned 0x0 [0288.625] IUnknown:AddRef (This=0x639be0) returned 0x4 [0288.625] IUnknown:Release (This=0x639be0) returned 0x3 [0288.625] IUnknown:Release (This=0x639be0) returned 0x2 [0288.625] CoTaskMemFree (pv=0x5f6b58) [0288.625] CoGetContextToken (in: pToken=0x19eba8 | out: pToken=0x19eba8) returned 0x0 [0288.625] IUnknown:AddRef (This=0x639be0) returned 0x3 [0288.626] IWbemClassObject:Get (in: This=0x639be0, wszName="__GENUS", lFlags=0, pVal=0x19eebc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ef3c*=0, plFlavor=0x19ef38*=0 | out: pVal=0x19eebc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19ef3c*=3, plFlavor=0x19ef38*=64) returned 0x0 [0288.626] IWbemClassObject:Get (in: This=0x639be0, wszName="__PATH", lFlags=0, pVal=0x19eea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ef24*=0, plFlavor=0x19ef20*=0 | out: pVal=0x19eea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"", varVal2=0x0), pType=0x19ef24*=8, plFlavor=0x19ef20*=64) returned 0x0 [0288.626] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0288.626] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0288.626] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418 [0288.626] SetEvent (hEvent=0x3e0) returned 1 [0288.627] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ee78*=0x418, lpdwindex=0x19ec94 | out: lpdwindex=0x19ec94) returned 0x0 [0288.630] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0288.630] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0288.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x19ed78*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5ec610) returned 0x0 [0288.630] WbemDefPath:IUnknown:AddRef (This=0x5ec610) returned 0x3 [0288.630] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x2 [0288.630] WbemDefPath:IWbemPath:SetText (This=0x5ec610, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x0 [0288.630] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19eef8 | out: puCount=0x19eef8*=0x2) returned 0x0 [0288.630] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eef4*=0x0, pszText=0x0 | out: puBuffLength=0x19eef4*=0xf, pszText=0x0) returned 0x0 [0288.630] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eef4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19eef4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.630] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19eeec | out: puCount=0x19eeec*=0x2) returned 0x0 [0288.630] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eee8*=0x0, pszText=0x0 | out: puBuffLength=0x19eee8*=0xf, pszText=0x0) returned 0x0 [0288.630] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eee8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19eee8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.630] IWbemClassObject:Get (in: This=0x639be0, wszName="Name", lFlags=0, pVal=0x19eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x238b1dc*=0, plFlavor=0x238b1e0*=0 | out: pVal=0x19eee8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x238b1dc*=8, plFlavor=0x238b1e0*=0) returned 0x0 [0288.631] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0288.631] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0288.631] IWbemClassObject:Get (in: This=0x639be0, wszName="Name", lFlags=0, pVal=0x19eef0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x238b1dc*=8, plFlavor=0x238b1e0*=0 | out: pVal=0x19eef0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x238b1dc*=8, plFlavor=0x238b1e0*=0) returned 0x0 [0288.631] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0288.631] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0288.668] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19ef04 | out: puCount=0x19ef04*=0x2) returned 0x0 [0288.668] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19ef00*=0x0, pszText=0x0 | out: puBuffLength=0x19ef00*=0xf, pszText=0x0) returned 0x0 [0288.668] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19ef00*=0xf, pszText="00000000000000" | out: puBuffLength=0x19ef00*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.676] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19edb0*=0x490, lpdwindex=0x19ec64 | out: lpdwindex=0x19ec64) returned 0x0 [0288.709] CoGetContextToken (in: pToken=0x19eb70 | out: pToken=0x19eb70) returned 0x0 [0288.709] CoGetContextToken (in: pToken=0x19eb18 | out: pToken=0x19eb18) returned 0x0 [0288.709] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b368724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaf8 | out: ppvObject=0x19eaf8*=0x5a0148) returned 0x0 [0288.709] CObjectContext::ContextCallback () returned 0x0 [0288.711] IUnknown:Release (This=0x5a0148) returned 0x1 [0288.711] CoUnmarshalInterface (in: pStm=0x62f238, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb60 | out: ppv=0x19eb60*=0x60e578) returned 0x0 [0288.711] CoMarshalInterface (pStm=0x62f238, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60e578, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0288.712] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea04 | out: ppvObject=0x19ea04*=0x60e578) returned 0x0 [0288.712] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x0) returned 0x80004002 [0288.713] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002 [0288.713] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0288.713] WbemLocator:IUnknown:AddRef (This=0x60e578) returned 0x3 [0288.713] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e31c | out: ppvObject=0x19e31c*=0x0) returned 0x80004002 [0288.713] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2cc | out: ppvObject=0x19e2cc*=0x0) returned 0x80004002 [0288.714] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2d8 | out: ppvObject=0x19e2d8*=0x60e4d4) returned 0x0 [0288.714] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60e4d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e2e0 | out: pCid=0x19e2e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.714] WbemLocator:IUnknown:Release (This=0x60e4d4) returned 0x3 [0288.714] CoGetContextToken (in: pToken=0x19e338 | out: pToken=0x19e338) returned 0x0 [0288.714] CoGetContextToken (in: pToken=0x19e740 | out: pToken=0x19e740) returned 0x0 [0288.714] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7d0 | out: ppvObject=0x19e7d0*=0x60e55c) returned 0x0 [0288.714] WbemLocator:IRpcOptions:Query (in: This=0x60e55c, pPrx=0x60e578, dwProperty=2, pdwValue=0x19e7f8 | out: pdwValue=0x19e7f8) returned 0x0 [0288.714] WbemLocator:IUnknown:Release (This=0x60e55c) returned 0x3 [0288.714] WbemLocator:IUnknown:Release (This=0x60e578) returned 0x2 [0288.714] WbemLocator:IUnknown:Release (This=0x60e578) returned 0x1 [0288.714] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0288.714] WbemLocator:IUnknown:AddRef (This=0x60e578) returned 0x2 [0288.714] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed68 | out: ppvObject=0x19ed68*=0x60e554) returned 0x0 [0288.714] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60e554, pProxy=0x60e578, pAuthnSvc=0x19edb8, pAuthzSvc=0x19edb4, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0, pImpLevel=0x19eda0, pAuthInfo=0x19eda4, pCapabilites=0x19eda8 | out: pAuthnSvc=0x19edb8*=0xa, pAuthzSvc=0x19edb4*=0x0, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0*=0x6, pImpLevel=0x19eda0*=0x2, pAuthInfo=0x19eda4, pCapabilites=0x19eda8*=0x1) returned 0x0 [0288.714] WbemLocator:IUnknown:Release (This=0x60e554) returned 0x2 [0288.714] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed5c | out: ppvObject=0x19ed5c*=0x60e578) returned 0x0 [0288.715] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed58 | out: ppvObject=0x19ed58*=0x60e554) returned 0x0 [0288.715] WbemLocator:IClientSecurity:SetBlanket (This=0x60e554, pProxy=0x60e578, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.715] WbemLocator:IUnknown:Release (This=0x60e554) returned 0x3 [0288.716] WbemLocator:IUnknown:Release (This=0x60e578) returned 0x2 [0288.716] CoTaskMemFree (pv=0x5fe008) [0288.716] WbemLocator:IUnknown:Release (This=0x60e578) returned 0x1 [0288.716] SysStringLen (param_1=0x0) returned 0x0 [0288.716] CoGetContextToken (in: pToken=0x19ed20 | out: pToken=0x19ed20) returned 0x0 [0288.716] CoGetContextToken (in: pToken=0x19ec80 | out: pToken=0x19ec80) returned 0x0 [0288.716] WbemLocator:IUnknown:QueryInterface (in: This=0x60e578, riid=0x19ed50*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ed4c | out: ppvObject=0x19ed4c*=0x60c098) returned 0x0 [0288.717] WbemLocator:IUnknown:AddRef (This=0x60c098) returned 0x3 [0288.717] WbemLocator:IUnknown:Release (This=0x60c098) returned 0x2 [0288.717] CoGetContextToken (in: pToken=0x19ece0 | out: pToken=0x19ece0) returned 0x0 [0288.717] WbemLocator:IUnknown:AddRef (This=0x60c098) returned 0x3 [0288.717] WbemLocator:IUnknown:QueryInterface (in: This=0x60c098, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed68 | out: ppvObject=0x19ed68*=0x60e554) returned 0x0 [0288.717] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60e554, pProxy=0x60c098, pAuthnSvc=0x19edb8, pAuthzSvc=0x19edb4, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0, pImpLevel=0x19eda0, pAuthInfo=0x19eda4, pCapabilites=0x19eda8 | out: pAuthnSvc=0x19edb8*=0xa, pAuthzSvc=0x19edb4*=0x0, pServerPrincName=0x19edac, pAuthnLevel=0x19edb0*=0x6, pImpLevel=0x19eda0*=0x2, pAuthInfo=0x19eda4, pCapabilites=0x19eda8*=0x1) returned 0x0 [0288.717] WbemLocator:IUnknown:Release (This=0x60e554) returned 0x3 [0288.717] WbemLocator:IUnknown:QueryInterface (in: This=0x60c098, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed5c | out: ppvObject=0x19ed5c*=0x60e578) returned 0x0 [0288.717] WbemLocator:IUnknown:QueryInterface (in: This=0x60c098, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed58 | out: ppvObject=0x19ed58*=0x60e554) returned 0x0 [0288.717] WbemLocator:IClientSecurity:SetBlanket (This=0x60e554, pProxy=0x60c098, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.718] WbemLocator:IUnknown:Release (This=0x60e554) returned 0x4 [0288.718] WbemLocator:IUnknown:Release (This=0x60e578) returned 0x3 [0288.718] CoTaskMemFree (pv=0x5fdf78) [0288.718] WbemLocator:IUnknown:Release (This=0x60c098) returned 0x2 [0288.718] SysStringLen (param_1=0x0) returned 0x0 [0288.718] CoGetContextToken (in: pToken=0x19ec68 | out: pToken=0x19ec68) returned 0x0 [0288.718] WbemLocator:IUnknown:AddRef (This=0x60c098) returned 0x3 [0288.718] IWbemServices:ExecQuery (in: This=0x60c098, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x19ee74 | out: ppEnum=0x19ee74*=0x5efe68) returned 0x0 [0288.784] IUnknown:QueryInterface (in: This=0x5efe68, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecd8 | out: ppvObject=0x19ecd8*=0x5efe6c) returned 0x0 [0288.784] IClientSecurity:QueryBlanket (in: This=0x5efe6c, pProxy=0x5efe68, pAuthnSvc=0x19ed28, pAuthzSvc=0x19ed24, pServerPrincName=0x19ed1c, pAuthnLevel=0x19ed20, pImpLevel=0x19ed10, pAuthInfo=0x19ed14, pCapabilites=0x19ed18 | out: pAuthnSvc=0x19ed28*=0xa, pAuthzSvc=0x19ed24*=0x0, pServerPrincName=0x19ed1c, pAuthnLevel=0x19ed20*=0x6, pImpLevel=0x19ed10*=0x2, pAuthInfo=0x19ed14, pCapabilites=0x19ed18*=0x1) returned 0x0 [0288.784] IUnknown:Release (This=0x5efe6c) returned 0x1 [0288.784] IUnknown:QueryInterface (in: This=0x5efe68, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eccc | out: ppvObject=0x19eccc*=0x60ed78) returned 0x0 [0288.784] IUnknown:QueryInterface (in: This=0x5efe68, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecc8 | out: ppvObject=0x19ecc8*=0x5efe6c) returned 0x0 [0288.784] IClientSecurity:SetBlanket (This=0x5efe6c, pProxy=0x5efe68, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.786] IUnknown:Release (This=0x5efe6c) returned 0x2 [0288.786] WbemLocator:IUnknown:Release (This=0x60ed78) returned 0x1 [0288.786] CoTaskMemFree (pv=0x5fdfa8) [0288.786] IUnknown:QueryInterface (in: This=0x5efe68, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8c4 | out: ppvObject=0x19e8c4*=0x60ed78) returned 0x0 [0288.787] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed78, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e880 | out: ppvObject=0x19e880*=0x0) returned 0x80004002 [0288.787] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed78, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e69c | out: ppvObject=0x19e69c*=0x0) returned 0x80004002 [0288.788] IUnknown:QueryInterface (in: This=0x5efe68, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e474 | out: ppvObject=0x19e474*=0x0) returned 0x80004002 [0288.788] WbemLocator:IUnknown:AddRef (This=0x60ed78) returned 0x3 [0288.788] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed78, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1dc | out: ppvObject=0x19e1dc*=0x0) returned 0x80004002 [0288.788] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed78, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e18c | out: ppvObject=0x19e18c*=0x0) returned 0x80004002 [0288.789] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed78, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e198 | out: ppvObject=0x19e198*=0x60ecd4) returned 0x0 [0288.789] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60ecd4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e1a0 | out: pCid=0x19e1a0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.789] WbemLocator:IUnknown:Release (This=0x60ecd4) returned 0x3 [0288.789] CoGetContextToken (in: pToken=0x19e1f8 | out: pToken=0x19e1f8) returned 0x0 [0288.789] CoGetContextToken (in: pToken=0x19e600 | out: pToken=0x19e600) returned 0x0 [0288.789] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed78, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e690 | out: ppvObject=0x19e690*=0x60ed5c) returned 0x0 [0288.789] WbemLocator:IRpcOptions:Query (in: This=0x60ed5c, pPrx=0x60ed78, dwProperty=2, pdwValue=0x19e6b8 | out: pdwValue=0x19e6b8) returned 0x80004002 [0288.789] WbemLocator:IUnknown:Release (This=0x60ed5c) returned 0x3 [0288.789] WbemLocator:IUnknown:Release (This=0x60ed78) returned 0x2 [0288.789] CoGetContextToken (in: pToken=0x19ebd8 | out: pToken=0x19ebd8) returned 0x0 [0288.790] CoGetContextToken (in: pToken=0x19eb38 | out: pToken=0x19eb38) returned 0x0 [0288.790] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed78, riid=0x19ec08*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ec04 | out: ppvObject=0x19ec04*=0x5efe68) returned 0x0 [0288.790] IUnknown:AddRef (This=0x5efe68) returned 0x4 [0288.790] IUnknown:Release (This=0x5efe68) returned 0x3 [0288.790] IUnknown:Release (This=0x5efe68) returned 0x2 [0288.790] WbemLocator:IUnknown:Release (This=0x60c098) returned 0x2 [0288.790] SysStringLen (param_1=0x0) returned 0x0 [0288.790] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19eec0 | out: puCount=0x19eec0*=0x2) returned 0x0 [0288.790] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eebc*=0x0, pszText=0x0 | out: puBuffLength=0x19eebc*=0xf, pszText=0x0) returned 0x0 [0288.790] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eebc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19eebc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.790] CoGetContextToken (in: pToken=0x19ed10 | out: pToken=0x19ed10) returned 0x0 [0288.790] IUnknown:AddRef (This=0x5efe68) returned 0x3 [0288.790] IEnumWbemClassObject:Clone (in: This=0x5efe68, ppEnum=0x19eecc | out: ppEnum=0x19eecc*=0x5efc10) returned 0x0 [0288.792] IUnknown:QueryInterface (in: This=0x5efc10, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed90 | out: ppvObject=0x19ed90*=0x5efc14) returned 0x0 [0288.792] IClientSecurity:QueryBlanket (in: This=0x5efc14, pProxy=0x5efc10, pAuthnSvc=0x19ede0, pAuthzSvc=0x19eddc, pServerPrincName=0x19edd4, pAuthnLevel=0x19edd8, pImpLevel=0x19edc8, pAuthInfo=0x19edcc, pCapabilites=0x19edd0 | out: pAuthnSvc=0x19ede0*=0xa, pAuthzSvc=0x19eddc*=0x0, pServerPrincName=0x19edd4, pAuthnLevel=0x19edd8*=0x6, pImpLevel=0x19edc8*=0x2, pAuthInfo=0x19edcc, pCapabilites=0x19edd0*=0x1) returned 0x0 [0288.792] IUnknown:Release (This=0x5efc14) returned 0x1 [0288.792] IUnknown:QueryInterface (in: This=0x5efc10, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed84 | out: ppvObject=0x19ed84*=0x60dd78) returned 0x0 [0288.792] IUnknown:QueryInterface (in: This=0x5efc10, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed80 | out: ppvObject=0x19ed80*=0x5efc14) returned 0x0 [0288.792] IClientSecurity:SetBlanket (This=0x5efc14, pProxy=0x5efc10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.884] IUnknown:Release (This=0x5efc14) returned 0x2 [0288.884] WbemLocator:IUnknown:Release (This=0x60dd78) returned 0x1 [0288.884] CoTaskMemFree (pv=0x5fdfa8) [0288.884] IUnknown:QueryInterface (in: This=0x5efc10, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e96c | out: ppvObject=0x19e96c*=0x60dd78) returned 0x0 [0288.884] WbemLocator:IUnknown:QueryInterface (in: This=0x60dd78, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e928 | out: ppvObject=0x19e928*=0x0) returned 0x80004002 [0288.909] WbemLocator:IUnknown:QueryInterface (in: This=0x60dd78, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002 [0288.947] IUnknown:QueryInterface (in: This=0x5efc10, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e51c | out: ppvObject=0x19e51c*=0x0) returned 0x80004002 [0288.976] WbemLocator:IUnknown:AddRef (This=0x60dd78) returned 0x3 [0288.976] WbemLocator:IUnknown:QueryInterface (in: This=0x60dd78, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e284 | out: ppvObject=0x19e284*=0x0) returned 0x80004002 [0288.976] WbemLocator:IUnknown:QueryInterface (in: This=0x60dd78, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e234 | out: ppvObject=0x19e234*=0x0) returned 0x80004002 [0288.976] WbemLocator:IUnknown:QueryInterface (in: This=0x60dd78, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e240 | out: ppvObject=0x19e240*=0x60dcd4) returned 0x0 [0288.976] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60dcd4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e248 | out: pCid=0x19e248*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.976] WbemLocator:IUnknown:Release (This=0x60dcd4) returned 0x3 [0288.976] CoGetContextToken (in: pToken=0x19e2a0 | out: pToken=0x19e2a0) returned 0x0 [0288.976] CoGetContextToken (in: pToken=0x19e6a8 | out: pToken=0x19e6a8) returned 0x0 [0288.976] WbemLocator:IUnknown:QueryInterface (in: This=0x60dd78, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e738 | out: ppvObject=0x19e738*=0x60dd5c) returned 0x0 [0288.977] WbemLocator:IRpcOptions:Query (in: This=0x60dd5c, pPrx=0x60dd78, dwProperty=2, pdwValue=0x19e760 | out: pdwValue=0x19e760) returned 0x80004002 [0288.977] WbemLocator:IUnknown:Release (This=0x60dd5c) returned 0x3 [0288.977] WbemLocator:IUnknown:Release (This=0x60dd78) returned 0x2 [0288.977] CoGetContextToken (in: pToken=0x19ec80 | out: pToken=0x19ec80) returned 0x0 [0288.977] CoGetContextToken (in: pToken=0x19ebe0 | out: pToken=0x19ebe0) returned 0x0 [0288.977] WbemLocator:IUnknown:QueryInterface (in: This=0x60dd78, riid=0x19ecb0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ecac | out: ppvObject=0x19ecac*=0x5efc10) returned 0x0 [0288.977] IUnknown:AddRef (This=0x5efc10) returned 0x4 [0288.977] IUnknown:Release (This=0x5efc10) returned 0x3 [0288.977] IUnknown:Release (This=0x5efc10) returned 0x2 [0288.977] IUnknown:Release (This=0x5efe68) returned 0x2 [0288.977] SysStringLen (param_1=0x0) returned 0x0 [0288.977] IEnumWbemClassObject:Reset (This=0x5efc10) returned 0x0 [0288.980] CoTaskMemAlloc (cb=0x4) returned 0x5cd050 [0288.980] IEnumWbemClassObject:Next (in: This=0x5efc10, lTimeout=-1, uCount=0x1, apObjects=0x5cd050, puReturned=0x238bef4 | out: apObjects=0x5cd050*=0x5f27f0, puReturned=0x238bef4*=0x1) returned 0x0 [0290.017] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e530 | out: ppvObject=0x19e530*=0x5f27f0) returned 0x0 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e4ec | out: ppvObject=0x19e4ec*=0x0) returned 0x80004002 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e30c | out: ppvObject=0x19e30c*=0x0) returned 0x80004002 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e0e4 | out: ppvObject=0x19e0e4*=0x0) returned 0x80004002 [0290.018] IUnknown:AddRef (This=0x5f27f0) returned 0x3 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19de4c | out: ppvObject=0x19de4c*=0x0) returned 0x80004002 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19ddfc | out: ppvObject=0x19ddfc*=0x0) returned 0x80004002 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19de08 | out: ppvObject=0x19de08*=0x5f27f4) returned 0x0 [0290.018] IMarshal:GetUnmarshalClass (in: This=0x5f27f4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19de10 | out: pCid=0x19de10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0290.018] IUnknown:Release (This=0x5f27f4) returned 0x3 [0290.018] CoGetContextToken (in: pToken=0x19de68 | out: pToken=0x19de68) returned 0x0 [0290.018] CoGetContextToken (in: pToken=0x19e270 | out: pToken=0x19e270) returned 0x0 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e300 | out: ppvObject=0x19e300*=0x0) returned 0x80004002 [0290.018] IUnknown:Release (This=0x5f27f0) returned 0x2 [0290.018] CoGetContextToken (in: pToken=0x19e840 | out: pToken=0x19e840) returned 0x0 [0290.018] CoGetContextToken (in: pToken=0x19e7a0 | out: pToken=0x19e7a0) returned 0x0 [0290.018] IUnknown:QueryInterface (in: This=0x5f27f0, riid=0x19e870*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19e86c | out: ppvObject=0x19e86c*=0x5f27f0) returned 0x0 [0290.018] IUnknown:AddRef (This=0x5f27f0) returned 0x4 [0290.018] IUnknown:Release (This=0x5f27f0) returned 0x3 [0290.019] IUnknown:Release (This=0x5f27f0) returned 0x2 [0290.019] CoTaskMemFree (pv=0x5cd050) [0290.019] CoGetContextToken (in: pToken=0x19eba8 | out: pToken=0x19eba8) returned 0x0 [0290.019] IUnknown:AddRef (This=0x5f27f0) returned 0x3 [0290.019] IWbemClassObject:Get (in: This=0x5f27f0, wszName="__GENUS", lFlags=0, pVal=0x19eebc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ef3c*=0, plFlavor=0x19ef38*=0 | out: pVal=0x19eebc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19ef3c*=3, plFlavor=0x19ef38*=64) returned 0x0 [0290.019] IWbemClassObject:Get (in: This=0x5f27f0, wszName="__PATH", lFlags=0, pVal=0x19eea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ef24*=0, plFlavor=0x19ef20*=0 | out: pVal=0x19eea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19ef24*=8, plFlavor=0x19ef20*=64) returned 0x0 [0290.019] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0290.019] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0290.020] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x288 [0290.020] SetEvent (hEvent=0x3e0) returned 1 [0290.020] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ee78*=0x288, lpdwindex=0x19ec94 | out: lpdwindex=0x19ec94) returned 0x0 [0290.023] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0290.023] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0290.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x19ed78*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5ec680) returned 0x0 [0290.023] WbemDefPath:IUnknown:AddRef (This=0x5ec680) returned 0x3 [0290.023] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x2 [0290.023] WbemDefPath:IWbemPath:SetText (This=0x5ec680, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0290.024] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19eef8 | out: puCount=0x19eef8*=0x2) returned 0x0 [0290.024] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eef4*=0x0, pszText=0x0 | out: puBuffLength=0x19eef4*=0xf, pszText=0x0) returned 0x0 [0290.024] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eef4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19eef4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0290.024] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19eec8 | out: puCount=0x19eec8*=0x2) returned 0x0 [0290.024] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eec4*=0x0, pszText=0x0 | out: puBuffLength=0x19eec4*=0xf, pszText=0x0) returned 0x0 [0290.024] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19eec4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19eec4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0290.024] IWbemClassObject:Get (in: This=0x5f27f0, wszName="Name", lFlags=0, pVal=0x19eec4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x238c744*=0, plFlavor=0x238c748*=0 | out: pVal=0x19eec4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x238c744*=8, plFlavor=0x238c748*=0) returned 0x0 [0290.024] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0290.024] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0290.024] IWbemClassObject:Get (in: This=0x5f27f0, wszName="Name", lFlags=0, pVal=0x19eecc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x238c744*=8, plFlavor=0x238c748*=0 | out: pVal=0x19eecc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x238c744*=8, plFlavor=0x238c748*=0) returned 0x0 [0290.024] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0290.024] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0290.024] CoTaskMemAlloc (cb=0x4) returned 0x5cd050 [0290.024] IEnumWbemClassObject:Next (in: This=0x5efc10, lTimeout=-1, uCount=0x1, apObjects=0x5cd050, puReturned=0x238bef4 | out: apObjects=0x5cd050*=0x0, puReturned=0x238bef4*=0x0) returned 0x1 [0290.026] CoTaskMemFree (pv=0x5cd050) [0290.026] CoGetContextToken (in: pToken=0x19edf8 | out: pToken=0x19edf8) returned 0x0 [0290.026] WbemLocator:IUnknown:Release (This=0x60dd78) returned 0x1 [0290.026] IUnknown:Release (This=0x5efc10) returned 0x0 [0290.031] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x19ef04 | out: puCount=0x19ef04*=0x2) returned 0x0 [0290.031] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19ef00*=0x0, pszText=0x0 | out: puBuffLength=0x19ef00*=0xf, pszText=0x0) returned 0x0 [0290.031] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=4, puBuffLength=0x19ef00*=0xf, pszText="00000000000000" | out: puBuffLength=0x19ef00*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0290.053] GlobalMemoryStatusEx (in: lpBuffer=0x238c980 | out: lpBuffer=0x238c980) returned 1 [0290.157] GetCurrentProcess () returned 0xffffffff [0290.157] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eae8 | out: TokenHandle=0x19eae8*=0x464) returned 1 [0290.164] GetCurrentProcess () returned 0xffffffff [0290.164] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eafc | out: TokenHandle=0x19eafc*=0x28c) returned 1 [0290.344] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19ee60 | out: pFixedInfo=0x0, pOutBufLen=0x19ee60) returned 0x6f [0291.240] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x5fd620 [0291.240] GetNetworkParams (in: pFixedInfo=0x5fd620, pOutBufLen=0x19ee60 | out: pFixedInfo=0x5fd620, pOutBufLen=0x19ee60) returned 0x0 [0291.252] LocalFree (hMem=0x5fd620) returned 0x0 [0291.521] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0291.521] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x238e9d8, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0291.532] SystemFunction041 (in: Memory=0x5c97b4, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x5c97b4) returned 0x0 [0291.534] SysStringLen (param_1="HUSTLE2021tSet") returned 0x10 [0291.534] SystemFunction040 (in: Memory=0x5c9c4c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x5c9c4c) returned 0x0 [0291.598] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19ee40 | out: UnbiasedTime=0x19ee40) returned 1 [0291.598] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19ee30 | out: UnbiasedTime=0x19ee30) returned 1 [0291.604] GetCurrentProcess () returned 0xffffffff [0291.604] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea34 | out: TokenHandle=0x19ea34*=0x540) returned 1 [0291.605] GetCurrentProcess () returned 0xffffffff [0291.605] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea48 | out: TokenHandle=0x19ea48*=0x2a0) returned 1 [0291.614] SetEvent (hEvent=0x27c) returned 1 [0291.633] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19eb98 | out: lpWSAData=0x19eb98) returned 0 [0291.642] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x570 [0291.980] setsockopt (s=0x570, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0291.981] closesocket (s=0x570) returned 0 [0291.981] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x570 [0291.982] setsockopt (s=0x570, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0291.983] closesocket (s=0x570) returned 0 [0291.985] GetCurrentProcess () returned 0xffffffff [0291.985] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e94c | out: TokenHandle=0x19e94c*=0x570) returned 1 [0291.987] GetCurrentProcess () returned 0xffffffff [0291.987] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e960 | out: TokenHandle=0x19e960*=0x574) returned 1 [0291.998] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x578 [0291.998] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x57c [0291.999] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x580 [0292.000] SetEvent (hEvent=0x27c) returned 1 [0292.000] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19ecd0*=0x578, lpdwindex=0x19eb8c | out: lpdwindex=0x19eb8c) returned 0x0 [0292.001] ReleaseMutex (hMutex=0x580) returned 1 [0292.002] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x584 [0292.002] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x588 [0292.004] GetAddrInfoW (in: pNodeName="smtp.vern-group.com", pServiceName=0x0, pHints=0x19ec8c*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19ec34 | out: ppResult=0x19ec34*=0x5e8fc8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="us2.smtp.mailhostbox.com", ai_addr=0x5f3178*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.223"), ai_next=0x5e9158*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f3358*(sa_family=2, sin_port=0x0, sin_addr="208.91.198.143"), ai_next=0x5e8d70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f32c8*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.224"), ai_next=0x5f0d78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f32f8*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.225"), ai_next=0x0))))) returned 0 [0292.412] FreeAddrInfoW (pAddrInfo=0x5e8fc8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="us2.smtp.mailhostbox.com", ai_addr=0x5f3178*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.223"), ai_next=0x5e9158*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f3358*(sa_family=2, sin_port=0x0, sin_addr="208.91.198.143"), ai_next=0x5e8d70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f32c8*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.224"), ai_next=0x5f0d78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f32f8*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.225"), ai_next=0x0))))) [0292.416] GetAddrInfoW (in: pNodeName="smtp.vern-group.com", pServiceName=0x0, pHints=0x19ec8c*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19ec34 | out: ppResult=0x19ec34*=0x5f0f80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="smtp.vern-group.com", ai_addr=0x5f3070*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.223"), ai_next=0x5f0c88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f3358*(sa_family=2, sin_port=0x0, sin_addr="208.91.198.143"), ai_next=0x5f0d78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f3088*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.224"), ai_next=0x5f0f08*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f30a0*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.225"), ai_next=0x0))))) returned 0 [0292.421] FreeAddrInfoW (pAddrInfo=0x5f0f80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="smtp.vern-group.com", ai_addr=0x5f3070*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.223"), ai_next=0x5f0c88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f3358*(sa_family=2, sin_port=0x0, sin_addr="208.91.198.143"), ai_next=0x5f0d78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f3088*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.224"), ai_next=0x5f0f08*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5f30a0*(sa_family=2, sin_port=0x0, sin_addr="208.91.199.225"), ai_next=0x0))))) [0292.422] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x594 [0292.423] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x598 [0292.423] ioctlsocket (in: s=0x594, cmd=-2147195266, argp=0x19ec64 | out: argp=0x19ec64) returned 0 [0292.423] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x59c [0292.424] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5a0 [0292.424] ioctlsocket (in: s=0x59c, cmd=-2147195266, argp=0x19ec64 | out: argp=0x19ec64) returned 0 [0292.425] WSAIoctl (in: s=0x594, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ec4c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ec4c, lpOverlapped=0x0) returned -1 [0292.426] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19e97c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0292.428] WSAEventSelect (s=0x594, hEventObject=0x598, lNetworkEvents=512) returned 0 [0292.429] WSAIoctl (in: s=0x59c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ec4c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ec4c, lpOverlapped=0x0) returned -1 [0292.429] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19e97c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0292.429] WSAEventSelect (s=0x59c, hEventObject=0x5a0, lNetworkEvents=512) returned 0 [0292.429] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19ec48*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19ec48*=0xa78) returned 0x6f [0292.436] LocalAlloc (uFlags=0x0, uBytes=0xa78) returned 0x623820 [0292.436] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x623820, SizePointer=0x19ec48*=0xa78 | out: AdapterAddresses=0x623820*(Alignment=0x500000178, Length=0x178, IfIndex=0x5, Next=0x623ac8, AdapterName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", FirstUnicastAddress=0x623a3c, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x0, [1]=0x0, [2]=0x8f, [3]=0x80, [4]=0x4a, [5]=0xb8, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008000000000, Dhcpv4Server.lpSockaddr=0x623998*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x300053a, FirstDnsSuffix=0x0), SizePointer=0x19ec48*=0xa78) returned 0x0 [0292.447] LocalFree (hMem=0x623820) returned 0x0 [0292.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ec58 | out: phkResult=0x19ec58*=0x5a4) returned 0x0 [0292.449] RegQueryValueExW (in: hKey=0x5a4, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19ec74, lpData=0x0, lpcbData=0x19ec70*=0x0 | out: lpType=0x19ec74*=0x0, lpData=0x0, lpcbData=0x19ec70*=0x0) returned 0x2 [0292.449] RegCloseKey (hKey=0x5a4) returned 0x0 [0292.450] WSAConnect (in: s=0x584, name=0x2397910*(sa_family=2, sin_port=0x24b, sin_addr="208.91.199.223"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0292.616] closesocket (s=0x588) returned 0 [0292.617] setsockopt (s=0x584, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0292.620] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 48 [0292.782] send (s=0x584, buf=0x2390544*, len=13, flags=0) returned 13 [0292.783] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 195 [0293.002] send (s=0x584, buf=0x2390544*, len=53, flags=0) returned 53 [0293.003] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 18 [0293.165] SysStringLen (param_1="尃쟂ᣰ찉昷ꇆ禮騡뗮䵸속削久쑈揀") returned 0x10 [0293.165] SystemFunction041 (in: Memory=0x5c9c4c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x5c9c4c) returned 0x0 [0293.165] SysStringLen (param_1="HUSTLE2021tSet") returned 0x10 [0293.165] SystemFunction040 (in: Memory=0x5c9c4c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x5c9c4c) returned 0x0 [0293.166] SysStringLen (param_1="HUSTLE2021") returned 0xa [0293.166] SysStringLen (param_1="HUSTLE2021") returned 0xa [0293.166] send (s=0x584, buf=0x2390544*, len=18, flags=0) returned 18 [0293.167] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 37 [0293.334] send (s=0x584, buf=0x2390544*, len=42, flags=0) returned 42 [0293.334] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 14 [0293.497] send (s=0x584, buf=0x2390544*, len=40, flags=0) returned 40 [0293.498] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 14 [0293.661] send (s=0x584, buf=0x2390544*, len=6, flags=0) returned 6 [0293.662] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 37 [0293.860] send (s=0x584, buf=0x2399b98*, len=246, flags=0) returned 246 [0293.864] send (s=0x584, buf=0x23a0490*, len=336, flags=0) returned 336 [0293.865] send (s=0x584, buf=0x2399b98*, len=2, flags=0) returned 2 [0293.865] send (s=0x584, buf=0x2390544*, len=5, flags=0) returned 5 [0293.866] recv (in: s=0x584, buf=0x2397a04, len=256, flags=0 | out: buf=0x2397a04*) returned 37 [0294.147] ReleaseSemaphore (in: hSemaphore=0x578, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0294.190] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3fc | out: UnbiasedTime=0x19f3fc) returned 1 [0294.190] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3ec | out: UnbiasedTime=0x19f3ec) returned 1 [0294.269] SetWindowsHookExW (idHook=13, lpfn=0x4740726, hmod=0x400000, dwThreadId=0x0) returned 0x201b7 [0294.276] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1dc [0294.277] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1dd [0294.280] GetSystemMetrics (nIndex=75) returned 1 [0294.296] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0294.309] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x68440000 [0294.337] GetStockObject (i=5) returned 0x1900015 [0294.337] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0294.338] CoTaskMemAlloc (cb=0x5c) returned 0x5eb198 [0294.338] RegisterClassW (lpWndClass=0x19f1f8) returned 0xc1de [0294.339] CoTaskMemFree (pv=0x5eb198) [0294.339] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0294.339] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xd01d4 [0294.344] SetWindowLongW (hWnd=0xd01d4, nIndex=-4, dwNewLong=2006429408) returned 74715334 [0294.345] GetWindowLongW (hWnd=0xd01d4, nIndex=-4) returned 2006429408 [0294.345] SetWindowLongW (hWnd=0xd01d4, nIndex=-4, dwNewLong=74715374) returned 2006429408 [0294.345] GetWindowLongW (hWnd=0xd01d4, nIndex=-4) returned 74715374 [0294.345] GetWindowLongW (hWnd=0xd01d4, nIndex=-16) returned 113311744 [0294.346] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1b9 [0294.346] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0xd01d4, Msg=0x24, wParam=0x0, lParam=0x19ed6c) returned 0x0 [0294.346] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0xd01d4, Msg=0x81, wParam=0x0, lParam=0x19ed60) returned 0x1 [0294.349] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0xd01d4, Msg=0x83, wParam=0x0, lParam=0x19ed4c) returned 0x0 [0294.349] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0xd01d4, Msg=0x1, wParam=0x0, lParam=0x19ed60) returned 0x0 [0294.350] GetClientRect (in: hWnd=0xd01d4, lpRect=0x19ea8c | out: lpRect=0x19ea8c) returned 1 [0294.350] GetWindowRect (in: hWnd=0xd01d4, lpRect=0x19ea8c | out: lpRect=0x19ea8c) returned 1 [0294.352] GetParent (hWnd=0xd01d4) returned 0x0 [0294.353] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f418 | out: lplpMessageFilter=0x19f418*=0x0) returned 0x0 [0294.354] PeekMessageW (in: lpMsg=0x19f3ec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3ec) returned 1 [0294.355] IsWindowUnicode (hWnd=0x502b0) returned 1 [0294.355] GetMessageW (in: lpMsg=0x19f3ec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3ec) returned 1 [0294.358] TranslateMessage (lpMsg=0x19f3ec) returned 0 [0294.359] DispatchMessageW (lpMsg=0x19f3ec) returned 0x0 [0294.359] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502b0, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0294.359] PeekMessageW (in: lpMsg=0x19f3ec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3ec) returned 0 [0294.359] PeekMessageW (in: lpMsg=0x19f3ec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3ec) returned 0 [0294.359] WaitMessage () Thread: id = 10 os_tid = 0x1210 Thread: id = 12 os_tid = 0x12f0 Thread: id = 13 os_tid = 0x1278 [0165.657] CoGetContextToken (in: pToken=0x225fc3c | out: pToken=0x225fc3c) returned 0x800401f0 [0165.657] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0165.657] RoInitialize () returned 0x1 [0165.657] RoUninitialize () returned 0x0 [0283.296] CoGetContextToken (in: pToken=0x225fc30 | out: pToken=0x225fc30) returned 0x0 [0283.296] CoGetContextToken (in: pToken=0x225fbb8 | out: pToken=0x225fbb8) returned 0x0 [0283.296] WbemDefPath:IUnknown:Release (This=0x5ecbc0) returned 0x1 [0283.296] WbemDefPath:IUnknown:Release (This=0x5ecbc0) returned 0x0 [0283.297] CoGetContextToken (in: pToken=0x225fbb8 | out: pToken=0x225fbb8) returned 0x0 [0283.297] WbemDefPath:IUnknown:Release (This=0x5eca70) returned 0x1 [0283.297] WbemDefPath:IUnknown:Release (This=0x5eca70) returned 0x0 [0283.297] CoGetContextToken (in: pToken=0x225fbb8 | out: pToken=0x225fbb8) returned 0x0 [0283.297] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x1 [0283.297] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x0 [0283.297] CoGetContextToken (in: pToken=0x225fbb8 | out: pToken=0x225fbb8) returned 0x0 [0283.297] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x1 [0283.297] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x0 [0283.297] CoGetContextToken (in: pToken=0x225fc30 | out: pToken=0x225fc30) returned 0x0 [0283.297] CoGetContextToken (in: pToken=0x225fbb8 | out: pToken=0x225fbb8) returned 0x0 [0283.297] WbemLocator:IUnknown:Release (This=0x5f6a98) returned 0x1 [0283.297] WbemLocator:IUnknown:Release (This=0x5f6a98) returned 0x0 [0283.297] CoGetContextToken (in: pToken=0x225fbb8 | out: pToken=0x225fbb8) returned 0x0 [0283.297] WbemLocator:IUnknown:Release (This=0x5f6b08) returned 0x1 [0283.297] WbemLocator:IUnknown:Release (This=0x5f6b08) returned 0x0 [0283.297] CoGetContextToken (in: pToken=0x225fc30 | out: pToken=0x225fc30) returned 0x0 [0283.298] IUnknown:QueryInterface (in: This=0x5a0080, riid=0x6b368724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x225fbd8 | out: ppvObject=0x225fbd8*=0x5a0090) returned 0x0 [0283.298] CObjectContext::ContextCallback () returned 0x0 [0287.463] IUnknown:Release (This=0x5a0090) returned 0x1 [0287.464] IUnknown:Release (This=0x62cf10) returned 0x0 [0287.464] CoGetContextToken (in: pToken=0x225fa50 | out: pToken=0x225fa50) returned 0x0 [0287.464] IUnknown:QueryInterface (in: This=0x5a0080, riid=0x6b368724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x225f9f8 | out: ppvObject=0x225f9f8*=0x5a0090) returned 0x0 [0287.464] CObjectContext::ContextCallback () returned 0x0 [0287.476] IUnknown:Release (This=0x5a0090) returned 0x1 [0287.476] IUnknown:Release (This=0x5d4328) returned 0x0 [0287.478] IUnknown:Release (This=0x5fd680) returned 0x0 [0287.478] CoGetContextToken (in: pToken=0x225fa50 | out: pToken=0x225fa50) returned 0x0 [0287.478] IUnknown:QueryInterface (in: This=0x5a0080, riid=0x6b368724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x225f9f8 | out: ppvObject=0x225f9f8*=0x5a0090) returned 0x0 [0287.478] CObjectContext::ContextCallback () returned 0x0 [0287.483] IUnknown:Release (This=0x5a0090) returned 0x1 [0287.483] IUnknown:Release (This=0x5fd488) returned 0x0 [0287.484] IUnknown:Release (This=0x633b80) returned 0x0 [0287.484] CloseHandle (hObject=0x488) returned 1 [0287.484] CloseHandle (hObject=0x45c) returned 1 [0287.484] CloseHandle (hObject=0x410) returned 1 [0287.484] CloseHandle (hObject=0x40c) returned 1 [0287.485] CloseHandle (hObject=0x3d0) returned 1 [0287.485] CloseHandle (hObject=0x484) returned 1 [0287.485] CloseHandle (hObject=0x494) returned 1 [0287.485] CloseHandle (hObject=0x2a0) returned 1 [0287.486] CloseHandle (hObject=0x29c) returned 1 [0287.486] CloseHandle (hObject=0x480) returned 1 [0287.486] CloseHandle (hObject=0x298) returned 1 [0287.486] CloseHandle (hObject=0x294) returned 1 [0287.486] CloseHandle (hObject=0x290) returned 1 [0287.487] CloseHandle (hObject=0x468) returned 1 [0287.487] CloseHandle (hObject=0x28c) returned 1 [0287.487] CloseHandle (hObject=0x464) returned 1 [0287.487] CloseHandle (hObject=0x288) returned 1 [0287.487] CloseHandle (hObject=0x490) returned 1 [0287.487] CloseHandle (hObject=0x460) returned 1 [0287.488] CloseHandle (hObject=0x284) returned 1 Thread: id = 14 os_tid = 0x12a8 Thread: id = 15 os_tid = 0xf68 Thread: id = 16 os_tid = 0x6e4 Thread: id = 131 os_tid = 0xd08 [0187.756] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0187.757] RoInitialize () returned 0x1 [0187.757] RoUninitialize () returned 0x0 [0187.787] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x4eef5b4 | out: lpiid=0x4eef5b4) returned 0x0 [0187.789] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6c78) returned 0x0 [0187.789] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6c78, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0187.789] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6c78, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ecbc0) returned 0x0 [0187.790] WbemDefPath:IUnknown:Release (This=0x5f6c78) returned 0x0 [0187.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ecbc0) returned 0x0 [0187.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0187.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0187.791] WbemDefPath:IUnknown:AddRef (This=0x5ecbc0) returned 0x3 [0187.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0187.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0187.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5f9268) returned 0x0 [0187.791] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5f9268, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0187.791] WbemDefPath:IUnknown:Release (This=0x5f9268) returned 0x3 [0187.791] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0187.797] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0187.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecbc0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0187.797] WbemDefPath:IUnknown:Release (This=0x5ecbc0) returned 0x2 [0187.797] WbemDefPath:IUnknown:Release (This=0x5ecbc0) returned 0x1 [0187.797] SetEvent (hEvent=0x3d0) returned 1 [0187.808] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6a98) returned 0x0 [0187.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0187.808] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6a98, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec840) returned 0x0 [0187.809] WbemDefPath:IUnknown:Release (This=0x5f6a98) returned 0x0 [0187.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec840) returned 0x0 [0187.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0187.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0187.809] WbemDefPath:IUnknown:AddRef (This=0x5ec840) returned 0x3 [0187.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0187.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0187.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5f91f0) returned 0x0 [0187.809] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5f91f0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0187.809] WbemDefPath:IUnknown:Release (This=0x5f91f0) returned 0x3 [0187.809] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0187.809] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0187.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec840, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0187.810] WbemDefPath:IUnknown:Release (This=0x5ec840) returned 0x2 [0187.810] WbemDefPath:IUnknown:Release (This=0x5ec840) returned 0x1 [0187.810] SetEvent (hEvent=0x40c) returned 1 [0187.812] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6b48) returned 0x0 [0187.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6b48, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0187.812] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6b48, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec990) returned 0x0 [0187.812] WbemDefPath:IUnknown:Release (This=0x5f6b48) returned 0x0 [0187.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec990) returned 0x0 [0187.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0187.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0187.813] WbemDefPath:IUnknown:AddRef (This=0x5ec990) returned 0x3 [0187.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0187.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0187.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5f9448) returned 0x0 [0187.813] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5f9448, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0187.813] WbemDefPath:IUnknown:Release (This=0x5f9448) returned 0x3 [0187.813] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0187.813] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0187.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec990, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0187.813] WbemDefPath:IUnknown:Release (This=0x5ec990) returned 0x2 [0187.813] WbemDefPath:IUnknown:Release (This=0x5ec990) returned 0x1 [0187.813] SetEvent (hEvent=0x410) returned 1 [0188.859] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6b08) returned 0x0 [0188.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0188.859] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6b08, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ecc30) returned 0x0 [0188.859] WbemDefPath:IUnknown:Release (This=0x5f6b08) returned 0x0 [0188.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ecc30) returned 0x0 [0188.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0188.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0188.859] WbemDefPath:IUnknown:AddRef (This=0x5ecc30) returned 0x3 [0188.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0188.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0188.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5f9070) returned 0x0 [0188.860] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5f9070, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0188.860] WbemDefPath:IUnknown:Release (This=0x5f9070) returned 0x3 [0188.860] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0188.860] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0188.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecc30, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0188.860] WbemDefPath:IUnknown:Release (This=0x5ecc30) returned 0x2 [0188.860] WbemDefPath:IUnknown:Release (This=0x5ecc30) returned 0x1 [0188.860] SetEvent (hEvent=0x45c) returned 1 [0200.069] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6ab8) returned 0x0 [0200.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6ab8, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.071] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6ab8, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec6f0) returned 0x0 [0200.071] WbemDefPath:IUnknown:Release (This=0x5f6ab8) returned 0x0 [0200.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec6f0) returned 0x0 [0200.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.071] WbemDefPath:IUnknown:AddRef (This=0x5ec6f0) returned 0x3 [0200.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5f9148) returned 0x0 [0200.072] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5f9148, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.072] WbemDefPath:IUnknown:Release (This=0x5f9148) returned 0x3 [0200.072] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.072] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec6f0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.072] WbemDefPath:IUnknown:Release (This=0x5ec6f0) returned 0x2 [0200.072] WbemDefPath:IUnknown:Release (This=0x5ec6f0) returned 0x1 [0200.072] SetEvent (hEvent=0x460) returned 1 [0200.136] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6b38) returned 0x0 [0200.136] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6b38, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.136] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6b38, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5eca70) returned 0x0 [0200.137] WbemDefPath:IUnknown:Release (This=0x5f6b38) returned 0x0 [0200.137] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5eca70) returned 0x0 [0200.137] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.137] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.137] WbemDefPath:IUnknown:AddRef (This=0x5eca70) returned 0x3 [0200.137] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.137] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.137] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5d3c98) returned 0x0 [0200.137] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5d3c98, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.137] WbemDefPath:IUnknown:Release (This=0x5d3c98) returned 0x3 [0200.138] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.138] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.138] WbemDefPath:IUnknown:QueryInterface (in: This=0x5eca70, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.138] WbemDefPath:IUnknown:Release (This=0x5eca70) returned 0x2 [0200.138] WbemDefPath:IUnknown:Release (This=0x5eca70) returned 0x1 [0200.138] SetEvent (hEvent=0x464) returned 1 [0200.141] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6af8) returned 0x0 [0200.141] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6af8, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.141] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6af8, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ecae0) returned 0x0 [0200.141] WbemDefPath:IUnknown:Release (This=0x5f6af8) returned 0x0 [0200.141] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ecae0) returned 0x0 [0200.141] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.141] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.141] WbemDefPath:IUnknown:AddRef (This=0x5ecae0) returned 0x3 [0200.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5d3cf8) returned 0x0 [0200.142] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5d3cf8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.142] WbemDefPath:IUnknown:Release (This=0x5d3cf8) returned 0x3 [0200.142] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.142] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecae0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.142] WbemDefPath:IUnknown:Release (This=0x5ecae0) returned 0x2 [0200.142] WbemDefPath:IUnknown:Release (This=0x5ecae0) returned 0x1 [0200.142] SetEvent (hEvent=0x468) returned 1 [0200.252] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6b18) returned 0x0 [0200.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6b18, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.252] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6b18, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec5a0) returned 0x0 [0200.252] WbemDefPath:IUnknown:Release (This=0x5f6b18) returned 0x0 [0200.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec5a0) returned 0x0 [0200.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.253] WbemDefPath:IUnknown:AddRef (This=0x5ec5a0) returned 0x3 [0200.253] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.253] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.253] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5d3e18) returned 0x0 [0200.253] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5d3e18, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.253] WbemDefPath:IUnknown:Release (This=0x5d3e18) returned 0x3 [0200.253] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.253] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.253] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec5a0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.253] WbemDefPath:IUnknown:Release (This=0x5ec5a0) returned 0x2 [0200.253] WbemDefPath:IUnknown:Release (This=0x5ec5a0) returned 0x1 [0200.253] SetEvent (hEvent=0x480) returned 1 [0200.546] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6d08) returned 0x0 [0200.546] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6d08, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.546] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6d08, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec610) returned 0x0 [0200.546] WbemDefPath:IUnknown:Release (This=0x5f6d08) returned 0x0 [0200.546] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec610) returned 0x0 [0200.546] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.546] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.547] WbemDefPath:IUnknown:AddRef (This=0x5ec610) returned 0x3 [0200.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5d3728) returned 0x0 [0200.547] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5d3728, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.547] WbemDefPath:IUnknown:Release (This=0x5d3728) returned 0x3 [0200.547] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.547] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.547] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x2 [0200.547] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x1 [0200.547] SetEvent (hEvent=0x484) returned 1 [0200.596] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6d88) returned 0x0 [0200.596] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6d88, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.596] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6d88, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec680) returned 0x0 [0200.596] WbemDefPath:IUnknown:Release (This=0x5f6d88) returned 0x0 [0200.596] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec680) returned 0x0 [0200.596] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.596] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.597] WbemDefPath:IUnknown:AddRef (This=0x5ec680) returned 0x3 [0200.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5d3890) returned 0x0 [0200.597] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5d3890, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.597] WbemDefPath:IUnknown:Release (This=0x5d3890) returned 0x3 [0200.597] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.597] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.597] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x2 [0200.597] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x1 [0200.597] SetEvent (hEvent=0x488) returned 1 [0200.606] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6d78) returned 0x0 [0200.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6d78, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.607] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6d78, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec7d0) returned 0x0 [0200.607] WbemDefPath:IUnknown:Release (This=0x5f6d78) returned 0x0 [0200.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec7d0) returned 0x0 [0200.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.607] WbemDefPath:IUnknown:AddRef (This=0x5ec7d0) returned 0x3 [0200.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x633720) returned 0x0 [0200.607] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x633720, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.607] WbemDefPath:IUnknown:Release (This=0x633720) returned 0x3 [0200.607] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.607] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec7d0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.607] WbemDefPath:IUnknown:Release (This=0x5ec7d0) returned 0x2 [0200.607] WbemDefPath:IUnknown:Release (This=0x5ec7d0) returned 0x1 [0200.607] SetEvent (hEvent=0x490) returned 1 [0200.613] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6cc8) returned 0x0 [0200.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6cc8, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0200.613] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6cc8, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec8b0) returned 0x0 [0200.613] WbemDefPath:IUnknown:Release (This=0x5f6cc8) returned 0x0 [0200.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec8b0) returned 0x0 [0200.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0200.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0200.614] WbemDefPath:IUnknown:AddRef (This=0x5ec8b0) returned 0x3 [0200.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0200.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0200.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x6337b0) returned 0x0 [0200.614] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6337b0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.614] WbemDefPath:IUnknown:Release (This=0x6337b0) returned 0x3 [0200.614] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0200.614] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0200.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec8b0, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0200.614] WbemDefPath:IUnknown:Release (This=0x5ec8b0) returned 0x2 [0200.614] WbemDefPath:IUnknown:Release (This=0x5ec8b0) returned 0x1 [0200.614] SetEvent (hEvent=0x494) returned 1 [0288.223] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6cc8) returned 0x0 [0288.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6cc8, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0288.225] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6cc8, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ecb50) returned 0x0 [0288.226] WbemDefPath:IUnknown:Release (This=0x5f6cc8) returned 0x0 [0288.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ecb50) returned 0x0 [0288.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0288.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0288.226] WbemDefPath:IUnknown:AddRef (This=0x5ecb50) returned 0x3 [0288.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0288.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0288.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5d3ad0) returned 0x0 [0288.226] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5d3ad0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.226] WbemDefPath:IUnknown:Release (This=0x5d3ad0) returned 0x3 [0288.226] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0288.226] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0288.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ecb50, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0288.226] WbemDefPath:IUnknown:Release (This=0x5ecb50) returned 0x2 [0288.226] WbemDefPath:IUnknown:Release (This=0x5ecb50) returned 0x1 [0288.226] SetEvent (hEvent=0x454) returned 1 [0288.628] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5f6be8) returned 0x0 [0288.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0288.628] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5f6be8, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec610) returned 0x0 [0288.629] WbemDefPath:IUnknown:Release (This=0x5f6be8) returned 0x0 [0288.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec610) returned 0x0 [0288.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0288.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0288.629] WbemDefPath:IUnknown:AddRef (This=0x5ec610) returned 0x3 [0288.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0288.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0288.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5f9538) returned 0x0 [0288.629] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5f9538, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.629] WbemDefPath:IUnknown:Release (This=0x5f9538) returned 0x3 [0288.629] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0288.629] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0288.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec610, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0288.629] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x2 [0288.629] WbemDefPath:IUnknown:Release (This=0x5ec610) returned 0x1 [0288.629] SetEvent (hEvent=0x418) returned 1 [0290.022] CoGetClassObject (in: rclsid=0x5e9bc4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x5cd180) returned 0x0 [0290.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x5cd180, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0290.022] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5cd180, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x5ec680) returned 0x0 [0290.022] WbemDefPath:IUnknown:Release (This=0x5cd180) returned 0x0 [0290.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x5ec680) returned 0x0 [0290.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0290.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0290.023] WbemDefPath:IUnknown:AddRef (This=0x5ec680) returned 0x3 [0290.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0290.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0290.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x5ce668) returned 0x0 [0290.023] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ce668, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0290.023] WbemDefPath:IUnknown:Release (This=0x5ce668) returned 0x3 [0290.023] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0290.023] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0290.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ec680, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0290.023] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x2 [0290.023] WbemDefPath:IUnknown:Release (This=0x5ec680) returned 0x1 [0290.023] SetEvent (hEvent=0x288) returned 1 Thread: id = 132 os_tid = 0x834 [0187.819] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0187.819] RoInitialize () returned 0x1 [0187.820] RoUninitialize () returned 0x0 [0187.820] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x502f7fc | out: lpiid=0x502f7fc) returned 0x0 [0187.821] CoGetClassObject (in: rclsid=0x5e9dd4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x502f510 | out: ppv=0x502f510*=0x5f94f0) returned 0x0 [0187.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5f94f0, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x502f728 | out: ppvObject=0x502f728*=0x0) returned 0x80004002 [0187.821] WbemLocator:IClassFactory:CreateInstance (in: This=0x5f94f0, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f73c | out: ppvObject=0x502f73c*=0x5f6a98) returned 0x0 [0187.821] WbemLocator:IUnknown:Release (This=0x5f94f0) returned 0x0 [0187.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f35c | out: ppvObject=0x502f35c*=0x5f6a98) returned 0x0 [0187.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x502f318 | out: ppvObject=0x502f318*=0x0) returned 0x80004002 [0187.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x502ef0c | out: ppvObject=0x502ef0c*=0x0) returned 0x80004002 [0187.822] WbemLocator:IUnknown:AddRef (This=0x5f6a98) returned 0x3 [0187.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x502ec74 | out: ppvObject=0x502ec74*=0x0) returned 0x80004002 [0187.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x502ec24 | out: ppvObject=0x502ec24*=0x0) returned 0x80004002 [0187.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502ec30 | out: ppvObject=0x502ec30*=0x0) returned 0x80004002 [0187.822] CoGetContextToken (in: pToken=0x502ec90 | out: pToken=0x502ec90) returned 0x0 [0187.822] CoGetObjectContext (in: riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5f9614 | out: ppv=0x5f9614*=0x5a0138) returned 0x0 [0187.824] CoGetContextToken (in: pToken=0x502f098 | out: pToken=0x502f098) returned 0x0 [0187.824] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f128 | out: ppvObject=0x502f128*=0x0) returned 0x80004002 [0187.824] WbemLocator:IUnknown:Release (This=0x5f6a98) returned 0x2 [0187.824] WbemLocator:IUnknown:Release (This=0x5f6a98) returned 0x1 [0187.825] CoGetContextToken (in: pToken=0x502f708 | out: pToken=0x502f708) returned 0x0 [0187.825] CoGetContextToken (in: pToken=0x502f668 | out: pToken=0x502f668) returned 0x0 [0187.825] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6a98, riid=0x502f738*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x502f734 | out: ppvObject=0x502f734*=0x5f6a98) returned 0x0 [0187.825] WbemLocator:IUnknown:AddRef (This=0x5f6a98) returned 0x3 [0187.825] WbemLocator:IUnknown:Release (This=0x5f6a98) returned 0x2 [0187.829] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec990, puCount=0x502f8cc | out: puCount=0x502f8cc*=0x2) returned 0x0 [0187.829] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=8, puBuffLength=0x502f8c8*=0x0, pszText=0x0 | out: puBuffLength=0x502f8c8*=0xf, pszText=0x0) returned 0x0 [0187.829] WbemDefPath:IWbemPath:GetText (in: This=0x5ec990, lFlags=8, puBuffLength=0x502f8c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x502f8c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x502eb4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0187.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x502f050, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x02ò\x18´k\x97ãÜ\x14 «*kHó\x02\x05@!_", lpUsedDefaultChar=0x0) returned 63 [0187.838] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6ba70000 [0188.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a´k\x97ãÜ\x14 «*kHó\x02\x05@!_", lpUsedDefaultChar=0x0) returned 13 [0188.003] GetProcAddress (hModule=0x6ba70000, lpProcName="ResetSecurity") returned 0x6ba726fe [0188.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x502f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 11 [0188.014] GetProcAddress (hModule=0x6ba70000, lpProcName="SetSecurity") returned 0x6ba72740 [0188.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0188.027] GetProcAddress (hModule=0x6ba70000, lpProcName="BlessIWbemServices") returned 0x6ba71e89 [0188.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0188.067] GetProcAddress (hModule=0x6ba70000, lpProcName="BlessIWbemServicesObject") returned 0x6ba71edb [0188.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0188.104] GetProcAddress (hModule=0x6ba70000, lpProcName="GetPropertyHandle") returned 0x6ba723d4 [0188.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0188.122] GetProcAddress (hModule=0x6ba70000, lpProcName="WritePropertyValue") returned 0x6ba72837 [0188.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x502f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 5 [0188.138] GetProcAddress (hModule=0x6ba70000, lpProcName="Clone") returned 0x6ba71f2d [0188.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 15 [0188.151] GetProcAddress (hModule=0x6ba70000, lpProcName="VerifyClientKey") returned 0x6ba727d4 [0188.159] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 15 [0188.159] GetProcAddress (hModule=0x6ba70000, lpProcName="GetQualifierSet") returned 0x6ba72435 [0188.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x502f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 3 [0188.162] GetProcAddress (hModule=0x6ba70000, lpProcName="Get") returned 0x6ba722f4 [0188.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x502f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 3 [0188.186] GetProcAddress (hModule=0x6ba70000, lpProcName="Put") returned 0x6ba724de [0188.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x502f08c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 6 [0188.209] GetProcAddress (hModule=0x6ba70000, lpProcName="Delete") returned 0x6ba72151 [0188.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x502f088, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 8 [0188.225] GetProcAddress (hModule=0x6ba70000, lpProcName="GetNames") returned 0x6ba723a2 [0188.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0188.256] GetProcAddress (hModule=0x6ba70000, lpProcName="BeginEnumeration") returned 0x6ba71e63 [0188.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x502f08c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 4 [0188.267] GetProcAddress (hModule=0x6ba70000, lpProcName="Next") returned 0x6ba724a3 [0188.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x502f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 14 [0188.292] GetProcAddress (hModule=0x6ba70000, lpProcName="EndEnumeration") returned 0x6ba721e2 [0188.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x502f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 23 [0188.305] GetProcAddress (hModule=0x6ba70000, lpProcName="GetPropertyQualifierSet") returned 0x6ba7241f [0188.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x502f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 5 [0188.322] GetProcAddress (hModule=0x6ba70000, lpProcName="Clone") returned 0x6ba71f2d [0188.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 13 [0188.323] GetProcAddress (hModule=0x6ba70000, lpProcName="GetObjectText") returned 0x6ba723be [0188.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0188.342] GetProcAddress (hModule=0x6ba70000, lpProcName="SpawnDerivedClass") returned 0x6ba72786 [0188.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 13 [0188.356] GetProcAddress (hModule=0x6ba70000, lpProcName="SpawnInstance") returned 0x6ba7279c [0188.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0188.358] GetProcAddress (hModule=0x6ba70000, lpProcName="CompareTo") returned 0x6ba71fad [0188.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0188.374] GetProcAddress (hModule=0x6ba70000, lpProcName="GetPropertyOrigin") returned 0x6ba72409 [0188.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0188.397] GetProcAddress (hModule=0x6ba70000, lpProcName="InheritsFrom") returned 0x6ba72448 [0188.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0188.399] GetProcAddress (hModule=0x6ba70000, lpProcName="GetMethod") returned 0x6ba7235a [0188.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0188.419] GetProcAddress (hModule=0x6ba70000, lpProcName="PutMethod") returned 0x6ba725fa [0188.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0188.442] GetProcAddress (hModule=0x6ba70000, lpProcName="DeleteMethod") returned 0x6ba72164 [0188.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x502f07c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 22 [0188.444] GetProcAddress (hModule=0x6ba70000, lpProcName="BeginMethodEnumeration") returned 0x6ba71e76 [0188.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x502f088, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 10 [0188.446] GetProcAddress (hModule=0x6ba70000, lpProcName="NextMethod") returned 0x6ba724c2 [0188.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x502f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 20 [0188.466] GetProcAddress (hModule=0x6ba70000, lpProcName="EndMethodEnumeration") returned 0x6ba721f2 [0188.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0188.469] GetProcAddress (hModule=0x6ba70000, lpProcName="GetMethodQualifierSet") returned 0x6ba7238c [0188.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 15 [0188.471] GetProcAddress (hModule=0x6ba70000, lpProcName="GetMethodOrigin") returned 0x6ba72376 [0188.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0188.473] GetProcAddress (hModule=0x6ba70000, lpProcName="QualifierSet_Get") returned 0x6ba7264c [0188.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0188.497] GetProcAddress (hModule=0x6ba70000, lpProcName="QualifierSet_Put") returned 0x6ba7269a [0188.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x502f07c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 19 [0188.529] GetProcAddress (hModule=0x6ba70000, lpProcName="QualifierSet_Delete") returned 0x6ba72629 [0188.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0188.534] GetProcAddress (hModule=0x6ba70000, lpProcName="QualifierSet_GetNames") returned 0x6ba72668 [0188.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x502f074, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 29 [0188.555] GetProcAddress (hModule=0x6ba70000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6ba72616 [0188.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0188.557] GetProcAddress (hModule=0x6ba70000, lpProcName="QualifierSet_Next") returned 0x6ba7267e [0188.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x502f074, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 27 [0188.575] GetProcAddress (hModule=0x6ba70000, lpProcName="QualifierSet_EndEnumeration") returned 0x6ba7263c [0188.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x502f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 23 [0188.576] GetProcAddress (hModule=0x6ba70000, lpProcName="GetCurrentApartmentType") returned 0x6ba72435 [0188.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x502f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 20 [0188.590] GetProcAddress (hModule=0x6ba70000, lpProcName="GetDemultiplexedStub") returned 0x6ba72313 [0188.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0188.614] GetProcAddress (hModule=0x6ba70000, lpProcName="CreateInstanceEnumWmi") returned 0x6ba720db [0188.634] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0188.635] GetProcAddress (hModule=0x6ba70000, lpProcName="CreateClassEnumWmi") returned 0x6ba72065 [0188.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0188.637] GetProcAddress (hModule=0x6ba70000, lpProcName="ExecQueryWmi") returned 0x6ba7227b [0188.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0188.654] GetProcAddress (hModule=0x6ba70000, lpProcName="ExecNotificationQueryWmi") returned 0x6ba72202 [0188.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x502f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 14 [0188.657] GetProcAddress (hModule=0x6ba70000, lpProcName="PutInstanceWmi") returned 0x6ba7257a [0188.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x502f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi\x02D\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 11 [0188.663] GetProcAddress (hModule=0x6ba70000, lpProcName="PutClassWmi") returned 0x6ba724fa [0188.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0188.664] GetProcAddress (hModule=0x6ba70000, lpProcName="CloneEnumWbemClassObject") returned 0x6ba71f40 [0188.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1a´k\x97ãÜ\x14 «*kHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0188.668] GetProcAddress (hModule=0x6ba70000, lpProcName="ConnectServerWmi") returned 0x6ba71fc3 [0188.671] CoCreateInstance (in: rclsid=0x6ba71284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6ba712e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x502f7a4 | out: ppv=0x502f7a4*=0x5f6c58) returned 0x0 [0188.671] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5f6c58, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x502f838 | out: ppNamespace=0x502f838*=0x592e88) returned 0x0 [0188.705] WbemLocator:IUnknown:QueryInterface (in: This=0x592e88, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6d4 | out: ppvObject=0x502f6d4*=0x5bb444) returned 0x0 [0188.705] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5bb444, pProxy=0x592e88, pAuthnSvc=0x502f724, pAuthzSvc=0x502f720, pServerPrincName=0x502f718, pAuthnLevel=0x502f71c, pImpLevel=0x502f70c, pAuthInfo=0x502f710, pCapabilites=0x502f714 | out: pAuthnSvc=0x502f724*=0xa, pAuthzSvc=0x502f720*=0x0, pServerPrincName=0x502f718, pAuthnLevel=0x502f71c*=0x6, pImpLevel=0x502f70c*=0x2, pAuthInfo=0x502f710, pCapabilites=0x502f714*=0x1) returned 0x0 [0188.706] WbemLocator:IUnknown:Release (This=0x5bb444) returned 0x1 [0188.706] WbemLocator:IUnknown:QueryInterface (in: This=0x592e88, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6c8 | out: ppvObject=0x502f6c8*=0x5bb468) returned 0x0 [0188.706] WbemLocator:IUnknown:QueryInterface (in: This=0x592e88, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6c4 | out: ppvObject=0x502f6c4*=0x5bb444) returned 0x0 [0188.706] WbemLocator:IClientSecurity:SetBlanket (This=0x5bb444, pProxy=0x592e88, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.706] WbemLocator:IUnknown:Release (This=0x5bb444) returned 0x2 [0188.706] WbemLocator:IUnknown:Release (This=0x5bb468) returned 0x1 [0188.706] CoTaskMemFree (pv=0x5fddf8) [0188.706] WbemLocator:IUnknown:Release (This=0x5f6c58) returned 0x0 [0188.707] WbemLocator:IUnknown:QueryInterface (in: This=0x592e88, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f2c4 | out: ppvObject=0x502f2c4*=0x5bb468) returned 0x0 [0188.707] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb468, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x502f280 | out: ppvObject=0x502f280*=0x0) returned 0x80004002 [0188.708] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb468, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x502f09c | out: ppvObject=0x502f09c*=0x0) returned 0x80004002 [0188.709] WbemLocator:IUnknown:QueryInterface (in: This=0x592e88, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x502ee74 | out: ppvObject=0x502ee74*=0x0) returned 0x80004002 [0188.709] WbemLocator:IUnknown:AddRef (This=0x5bb468) returned 0x3 [0188.709] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb468, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x502ebdc | out: ppvObject=0x502ebdc*=0x0) returned 0x80004002 [0188.709] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb468, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x502eb8c | out: ppvObject=0x502eb8c*=0x0) returned 0x80004002 [0188.709] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb468, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502eb98 | out: ppvObject=0x502eb98*=0x5bb3c4) returned 0x0 [0188.710] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5bb3c4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x502eba0 | out: pCid=0x502eba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0188.710] WbemLocator:IUnknown:Release (This=0x5bb3c4) returned 0x3 [0188.710] CoGetContextToken (in: pToken=0x502ebf8 | out: pToken=0x502ebf8) returned 0x0 [0188.710] CoGetContextToken (in: pToken=0x502f000 | out: pToken=0x502f000) returned 0x0 [0188.710] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb468, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f090 | out: ppvObject=0x502f090*=0x5bb44c) returned 0x0 [0188.710] WbemLocator:IRpcOptions:Query (in: This=0x5bb44c, pPrx=0x5bb468, dwProperty=2, pdwValue=0x502f0b8 | out: pdwValue=0x502f0b8) returned 0x80004002 [0188.710] WbemLocator:IUnknown:Release (This=0x5bb44c) returned 0x3 [0188.710] WbemLocator:IUnknown:Release (This=0x5bb468) returned 0x2 [0188.710] CoGetContextToken (in: pToken=0x502f5d8 | out: pToken=0x502f5d8) returned 0x0 [0188.710] CoGetContextToken (in: pToken=0x502f538 | out: pToken=0x502f538) returned 0x0 [0188.711] WbemLocator:IUnknown:QueryInterface (in: This=0x5bb468, riid=0x502f608*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x502f604 | out: ppvObject=0x502f604*=0x592e88) returned 0x0 [0188.711] WbemLocator:IUnknown:AddRef (This=0x592e88) returned 0x4 [0188.711] WbemLocator:IUnknown:Release (This=0x592e88) returned 0x3 [0188.711] WbemLocator:IUnknown:Release (This=0x592e88) returned 0x2 [0188.720] SysStringLen (param_1=0x0) returned 0x0 [0188.721] CoUninitialize () Thread: id = 133 os_tid = 0x4d8 [0188.742] CoGetContextToken (in: pToken=0x502f26c | out: pToken=0x502f26c) returned 0x0 [0188.742] CoGetContextToken (in: pToken=0x502f25c | out: pToken=0x502f25c) returned 0x0 [0188.742] CoGetMarshalSizeMax (in: pulSize=0x502f218, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5bb468, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x502f218) returned 0x0 [0188.743] CoMarshalInterface (pStm=0x5d91d8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5bb468, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0200.201] CoGetContextToken (in: pToken=0x502f26c | out: pToken=0x502f26c) returned 0x0 [0200.201] CoGetContextToken (in: pToken=0x502f25c | out: pToken=0x502f25c) returned 0x0 [0200.201] CoGetMarshalSizeMax (in: pulSize=0x502f218, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60e278, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x502f218) returned 0x0 [0200.201] CoMarshalInterface (pStm=0x5d9278, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60e278, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0259.572] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x502fc6c | out: pperrinfo=0x502fc6c*=0x0) returned 0x1 Thread: id = 134 os_tid = 0xfd8 [0200.154] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0200.154] RoInitialize () returned 0x1 [0200.154] RoUninitialize () returned 0x0 [0200.155] CoGetClassObject (in: rclsid=0x5e9dd4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x516f490 | out: ppv=0x516f490*=0x5d3cb0) returned 0x0 [0200.156] WbemLocator:IUnknown:QueryInterface (in: This=0x5d3cb0, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x516f6a8 | out: ppvObject=0x516f6a8*=0x0) returned 0x80004002 [0200.156] WbemLocator:IClassFactory:CreateInstance (in: This=0x5d3cb0, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f6bc | out: ppvObject=0x516f6bc*=0x5f6b08) returned 0x0 [0200.156] WbemLocator:IUnknown:Release (This=0x5d3cb0) returned 0x0 [0200.156] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f2dc | out: ppvObject=0x516f2dc*=0x5f6b08) returned 0x0 [0200.156] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x516f298 | out: ppvObject=0x516f298*=0x0) returned 0x80004002 [0200.156] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x516ee8c | out: ppvObject=0x516ee8c*=0x0) returned 0x80004002 [0200.156] WbemLocator:IUnknown:AddRef (This=0x5f6b08) returned 0x3 [0200.156] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x516ebf4 | out: ppvObject=0x516ebf4*=0x0) returned 0x80004002 [0200.157] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x516eba4 | out: ppvObject=0x516eba4*=0x0) returned 0x80004002 [0200.157] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516ebb0 | out: ppvObject=0x516ebb0*=0x0) returned 0x80004002 [0200.157] CoGetContextToken (in: pToken=0x516ec10 | out: pToken=0x516ec10) returned 0x0 [0200.158] CoGetContextToken (in: pToken=0x516f018 | out: pToken=0x516f018) returned 0x0 [0200.158] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f0a8 | out: ppvObject=0x516f0a8*=0x0) returned 0x80004002 [0200.158] WbemLocator:IUnknown:Release (This=0x5f6b08) returned 0x2 [0200.158] WbemLocator:IUnknown:Release (This=0x5f6b08) returned 0x1 [0200.159] CoGetContextToken (in: pToken=0x516f688 | out: pToken=0x516f688) returned 0x0 [0200.159] CoGetContextToken (in: pToken=0x516f5e8 | out: pToken=0x516f5e8) returned 0x0 [0200.159] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6b08, riid=0x516f6b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x516f6b4 | out: ppvObject=0x516f6b4*=0x5f6b08) returned 0x0 [0200.159] WbemLocator:IUnknown:AddRef (This=0x5f6b08) returned 0x3 [0200.159] WbemLocator:IUnknown:Release (This=0x5f6b08) returned 0x2 [0200.159] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ecae0, puCount=0x516f84c | out: puCount=0x516f84c*=0x2) returned 0x0 [0200.159] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=8, puBuffLength=0x516f848*=0x0, pszText=0x0 | out: puBuffLength=0x516f848*=0xf, pszText=0x0) returned 0x0 [0200.159] WbemDefPath:IWbemPath:GetText (in: This=0x5ecae0, lFlags=8, puBuffLength=0x516f848*=0xf, pszText="00000000000000" | out: puBuffLength=0x516f848*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.159] CoCreateInstance (in: rclsid=0x6ba71284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6ba712e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x516f724 | out: ppv=0x516f724*=0x5f6b18) returned 0x0 [0200.159] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5f6b18, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x516f7b8 | out: ppNamespace=0x516f7b8*=0x60c908) returned 0x0 [0200.186] WbemLocator:IUnknown:QueryInterface (in: This=0x60c908, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f654 | out: ppvObject=0x516f654*=0x60e254) returned 0x0 [0200.186] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60e254, pProxy=0x60c908, pAuthnSvc=0x516f6a4, pAuthzSvc=0x516f6a0, pServerPrincName=0x516f698, pAuthnLevel=0x516f69c, pImpLevel=0x516f68c, pAuthInfo=0x516f690, pCapabilites=0x516f694 | out: pAuthnSvc=0x516f6a4*=0xa, pAuthzSvc=0x516f6a0*=0x0, pServerPrincName=0x516f698, pAuthnLevel=0x516f69c*=0x6, pImpLevel=0x516f68c*=0x2, pAuthInfo=0x516f690, pCapabilites=0x516f694*=0x1) returned 0x0 [0200.186] WbemLocator:IUnknown:Release (This=0x60e254) returned 0x1 [0200.186] WbemLocator:IUnknown:QueryInterface (in: This=0x60c908, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f648 | out: ppvObject=0x516f648*=0x60e278) returned 0x0 [0200.186] WbemLocator:IUnknown:QueryInterface (in: This=0x60c908, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f644 | out: ppvObject=0x516f644*=0x60e254) returned 0x0 [0200.186] WbemLocator:IClientSecurity:SetBlanket (This=0x60e254, pProxy=0x60c908, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.187] WbemLocator:IUnknown:Release (This=0x60e254) returned 0x2 [0200.187] WbemLocator:IUnknown:Release (This=0x60e278) returned 0x1 [0200.187] CoTaskMemFree (pv=0x5fdca8) [0200.187] WbemLocator:IUnknown:Release (This=0x5f6b18) returned 0x0 [0200.187] WbemLocator:IUnknown:QueryInterface (in: This=0x60c908, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f244 | out: ppvObject=0x516f244*=0x60e278) returned 0x0 [0200.187] WbemLocator:IUnknown:QueryInterface (in: This=0x60e278, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x516f200 | out: ppvObject=0x516f200*=0x0) returned 0x80004002 [0200.189] WbemLocator:IUnknown:QueryInterface (in: This=0x60e278, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x516f01c | out: ppvObject=0x516f01c*=0x0) returned 0x80004002 [0200.190] WbemLocator:IUnknown:QueryInterface (in: This=0x60c908, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x516edf4 | out: ppvObject=0x516edf4*=0x0) returned 0x80004002 [0200.190] WbemLocator:IUnknown:AddRef (This=0x60e278) returned 0x3 [0200.190] WbemLocator:IUnknown:QueryInterface (in: This=0x60e278, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x516eb5c | out: ppvObject=0x516eb5c*=0x0) returned 0x80004002 [0200.190] WbemLocator:IUnknown:QueryInterface (in: This=0x60e278, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x516eb0c | out: ppvObject=0x516eb0c*=0x0) returned 0x80004002 [0200.190] WbemLocator:IUnknown:QueryInterface (in: This=0x60e278, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516eb18 | out: ppvObject=0x516eb18*=0x60e1d4) returned 0x0 [0200.190] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60e1d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x516eb20 | out: pCid=0x516eb20*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.190] WbemLocator:IUnknown:Release (This=0x60e1d4) returned 0x3 [0200.190] CoGetContextToken (in: pToken=0x516eb78 | out: pToken=0x516eb78) returned 0x0 [0200.191] CoGetContextToken (in: pToken=0x516ef80 | out: pToken=0x516ef80) returned 0x0 [0200.191] WbemLocator:IUnknown:QueryInterface (in: This=0x60e278, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f010 | out: ppvObject=0x516f010*=0x60e25c) returned 0x0 [0200.191] WbemLocator:IRpcOptions:Query (in: This=0x60e25c, pPrx=0x60e278, dwProperty=2, pdwValue=0x516f038 | out: pdwValue=0x516f038) returned 0x80004002 [0200.191] WbemLocator:IUnknown:Release (This=0x60e25c) returned 0x3 [0200.191] WbemLocator:IUnknown:Release (This=0x60e278) returned 0x2 [0200.191] CoGetContextToken (in: pToken=0x516f558 | out: pToken=0x516f558) returned 0x0 [0200.191] CoGetContextToken (in: pToken=0x516f4b8 | out: pToken=0x516f4b8) returned 0x0 [0200.191] WbemLocator:IUnknown:QueryInterface (in: This=0x60e278, riid=0x516f588*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x516f584 | out: ppvObject=0x516f584*=0x60c908) returned 0x0 [0200.191] WbemLocator:IUnknown:AddRef (This=0x60c908) returned 0x4 [0200.191] WbemLocator:IUnknown:Release (This=0x60c908) returned 0x3 [0200.191] WbemLocator:IUnknown:Release (This=0x60c908) returned 0x2 [0200.191] SysStringLen (param_1=0x0) returned 0x0 [0200.192] CoUninitialize () Thread: id = 136 os_tid = 0x1264 [0200.691] CoGetContextToken (in: pToken=0x50afebc | out: pToken=0x50afebc) returned 0x0 [0200.691] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x50afee0 | out: ppvObject=0x50afee0*=0x5a0144) returned 0x0 [0200.693] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x50aff0c | out: pThreadType=0x50aff0c*=0) returned 0x0 [0200.693] IUnknown:Release (This=0x5a0144) returned 0x1 [0200.693] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0200.693] RoInitialize () returned 0x1 [0200.693] RoUninitialize () returned 0x0 Thread: id = 137 os_tid = 0x124c [0200.798] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0200.799] CoGetContextToken (in: pToken=0x51efbc4 | out: pToken=0x51efbc4) returned 0x0 [0200.799] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x51efbe8 | out: ppvObject=0x51efbe8*=0x5a0144) returned 0x0 [0200.799] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x51efc14 | out: pThreadType=0x51efc14*=0) returned 0x0 [0200.799] IUnknown:Release (This=0x5a0144) returned 0x1 [0200.799] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0200.799] CoUninitialize () [0200.799] RoInitialize () returned 0x1 [0200.799] RoUninitialize () returned 0x0 [0200.799] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x51ef8d4 | out: UnbiasedTime=0x51ef8d4) returned 1 [0200.800] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x51ef8c4 | out: UnbiasedTime=0x51ef8c4) returned 1 [0220.871] CoUninitialize () Thread: id = 138 os_tid = 0x1288 Thread: id = 139 os_tid = 0x8a4 [0230.705] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0230.706] CoGetContextToken (in: pToken=0x53afb44 | out: pToken=0x53afb44) returned 0x0 [0230.706] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x53afb68 | out: ppvObject=0x53afb68*=0x5a0144) returned 0x0 [0230.707] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x53afb94 | out: pThreadType=0x53afb94*=0) returned 0x0 [0230.707] IUnknown:Release (This=0x5a0144) returned 0x1 [0230.707] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0230.707] CoUninitialize () [0230.707] RoInitialize () returned 0x1 [0230.707] RoUninitialize () returned 0x0 [0230.707] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x53af854 | out: UnbiasedTime=0x53af854) returned 1 [0230.707] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x53af844 | out: UnbiasedTime=0x53af844) returned 1 [0230.711] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x53af748 | out: lpSystemTimeAsFileTime=0x53af748*(dwLowDateTime=0x8259528c, dwHighDateTime=0x1d7b3a6)) [0230.732] GetLastInputInfo (in: plii=0x22a28f8 | out: plii=0x22a28f8*(cbSize=0x8, dwTime=0x1545212)) returned 1 [0250.772] CoUninitialize () Thread: id = 140 os_tid = 0x14c Thread: id = 141 os_tid = 0xe90 [0230.738] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0230.739] CoGetContextToken (in: pToken=0x51afac4 | out: pToken=0x51afac4) returned 0x0 [0230.739] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x51afae8 | out: ppvObject=0x51afae8*=0x5a0144) returned 0x0 [0230.739] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x51afb14 | out: pThreadType=0x51afb14*=0) returned 0x0 [0230.739] IUnknown:Release (This=0x5a0144) returned 0x1 [0230.739] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0230.739] CoUninitialize () [0230.739] RoInitialize () returned 0x1 [0230.739] RoUninitialize () returned 0x0 [0250.764] CoUninitialize () Thread: id = 142 os_tid = 0xe48 Thread: id = 144 os_tid = 0x1030 [0260.755] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0260.756] CoGetContextToken (in: pToken=0x4fefa44 | out: pToken=0x4fefa44) returned 0x0 [0260.756] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4fefa68 | out: ppvObject=0x4fefa68*=0x5a0144) returned 0x0 [0260.756] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x4fefa94 | out: pThreadType=0x4fefa94*=0) returned 0x0 [0260.756] IUnknown:Release (This=0x5a0144) returned 0x1 [0260.756] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0260.757] CoUninitialize () [0260.757] RoInitialize () returned 0x1 [0260.757] RoUninitialize () returned 0x0 [0260.757] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x4fef754 | out: UnbiasedTime=0x4fef754) returned 1 [0260.757] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x4fef744 | out: UnbiasedTime=0x4fef744) returned 1 [0260.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x4fef648 | out: lpSystemTimeAsFileTime=0x4fef648*(dwLowDateTime=0x9440de12, dwHighDateTime=0x1d7b3a6)) [0260.759] GetLastInputInfo (in: plii=0x22a28f8 | out: plii=0x22a28f8*(cbSize=0x8, dwTime=0x154c7de)) returned 1 [0280.791] CoUninitialize () Thread: id = 145 os_tid = 0x1034 Thread: id = 146 os_tid = 0x1048 [0260.765] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0260.766] CoGetContextToken (in: pToken=0x51ef9c4 | out: pToken=0x51ef9c4) returned 0x0 [0260.766] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x51ef9e8 | out: ppvObject=0x51ef9e8*=0x5a0144) returned 0x0 [0260.766] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x51efa14 | out: pThreadType=0x51efa14*=0) returned 0x0 [0260.766] IUnknown:Release (This=0x5a0144) returned 0x1 [0260.766] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0260.766] CoUninitialize () [0260.766] RoInitialize () returned 0x1 [0260.767] RoUninitialize () returned 0x0 [0280.797] CoUninitialize () Thread: id = 147 os_tid = 0x10a8 Thread: id = 149 os_tid = 0x10c4 [0288.238] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0288.238] RoInitialize () returned 0x1 [0288.238] RoUninitialize () returned 0x0 [0288.240] CoGetClassObject (in: rclsid=0x5e9dd4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x56af190 | out: ppv=0x56af190*=0x5d3ce0) returned 0x0 [0288.240] WbemLocator:IUnknown:QueryInterface (in: This=0x5d3ce0, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x56af3a8 | out: ppvObject=0x56af3a8*=0x0) returned 0x80004002 [0288.240] WbemLocator:IClassFactory:CreateInstance (in: This=0x5d3ce0, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56af3bc | out: ppvObject=0x56af3bc*=0x5f6ce8) returned 0x0 [0288.240] WbemLocator:IUnknown:Release (This=0x5d3ce0) returned 0x0 [0288.240] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56aefdc | out: ppvObject=0x56aefdc*=0x5f6ce8) returned 0x0 [0288.240] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x56aef98 | out: ppvObject=0x56aef98*=0x0) returned 0x80004002 [0288.240] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x56aeb8c | out: ppvObject=0x56aeb8c*=0x0) returned 0x80004002 [0288.240] WbemLocator:IUnknown:AddRef (This=0x5f6ce8) returned 0x3 [0288.240] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x56ae8f4 | out: ppvObject=0x56ae8f4*=0x0) returned 0x80004002 [0288.241] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x56ae8a4 | out: ppvObject=0x56ae8a4*=0x0) returned 0x80004002 [0288.241] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56ae8b0 | out: ppvObject=0x56ae8b0*=0x0) returned 0x80004002 [0288.241] CoGetContextToken (in: pToken=0x56ae910 | out: pToken=0x56ae910) returned 0x0 [0288.242] CoGetContextToken (in: pToken=0x56aed18 | out: pToken=0x56aed18) returned 0x0 [0288.242] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56aeda8 | out: ppvObject=0x56aeda8*=0x0) returned 0x80004002 [0288.242] WbemLocator:IUnknown:Release (This=0x5f6ce8) returned 0x2 [0288.242] WbemLocator:IUnknown:Release (This=0x5f6ce8) returned 0x1 [0288.242] CoGetContextToken (in: pToken=0x56af388 | out: pToken=0x56af388) returned 0x0 [0288.242] CoGetContextToken (in: pToken=0x56af2e8 | out: pToken=0x56af2e8) returned 0x0 [0288.242] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6ce8, riid=0x56af3b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x56af3b4 | out: ppvObject=0x56af3b4*=0x5f6ce8) returned 0x0 [0288.242] WbemLocator:IUnknown:AddRef (This=0x5f6ce8) returned 0x3 [0288.243] WbemLocator:IUnknown:Release (This=0x5f6ce8) returned 0x2 [0288.243] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x56af54c | out: puCount=0x56af54c*=0x2) returned 0x0 [0288.243] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=8, puBuffLength=0x56af548*=0x0, pszText=0x0 | out: puBuffLength=0x56af548*=0xf, pszText=0x0) returned 0x0 [0288.243] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=8, puBuffLength=0x56af548*=0xf, pszText="00000000000000" | out: puBuffLength=0x56af548*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.288] CoCreateInstance (in: rclsid=0x6ba71284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6ba712e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x56af424 | out: ppv=0x56af424*=0x5f6cf8) returned 0x0 [0288.288] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5f6cf8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x56af4b8 | out: ppNamespace=0x56af4b8*=0x60cdb8) returned 0x0 [0288.322] WbemLocator:IUnknown:QueryInterface (in: This=0x60cdb8, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56af354 | out: ppvObject=0x56af354*=0x60d554) returned 0x0 [0288.322] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60d554, pProxy=0x60cdb8, pAuthnSvc=0x56af3a4, pAuthzSvc=0x56af3a0, pServerPrincName=0x56af398, pAuthnLevel=0x56af39c, pImpLevel=0x56af38c, pAuthInfo=0x56af390, pCapabilites=0x56af394 | out: pAuthnSvc=0x56af3a4*=0xa, pAuthzSvc=0x56af3a0*=0x0, pServerPrincName=0x56af398, pAuthnLevel=0x56af39c*=0x6, pImpLevel=0x56af38c*=0x2, pAuthInfo=0x56af390, pCapabilites=0x56af394*=0x1) returned 0x0 [0288.322] WbemLocator:IUnknown:Release (This=0x60d554) returned 0x1 [0288.322] WbemLocator:IUnknown:QueryInterface (in: This=0x60cdb8, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56af348 | out: ppvObject=0x56af348*=0x60d578) returned 0x0 [0288.322] WbemLocator:IUnknown:QueryInterface (in: This=0x60cdb8, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56af344 | out: ppvObject=0x56af344*=0x60d554) returned 0x0 [0288.322] WbemLocator:IClientSecurity:SetBlanket (This=0x60d554, pProxy=0x60cdb8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.323] WbemLocator:IUnknown:Release (This=0x60d554) returned 0x2 [0288.323] WbemLocator:IUnknown:Release (This=0x60d578) returned 0x1 [0288.323] CoTaskMemFree (pv=0x5fd8e8) [0288.323] WbemLocator:IUnknown:Release (This=0x5f6cf8) returned 0x0 [0288.323] WbemLocator:IUnknown:QueryInterface (in: This=0x60cdb8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56aef44 | out: ppvObject=0x56aef44*=0x60d578) returned 0x0 [0288.323] WbemLocator:IUnknown:QueryInterface (in: This=0x60d578, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x56aef00 | out: ppvObject=0x56aef00*=0x0) returned 0x80004002 [0288.324] WbemLocator:IUnknown:QueryInterface (in: This=0x60d578, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x56aed1c | out: ppvObject=0x56aed1c*=0x0) returned 0x80004002 [0288.324] WbemLocator:IUnknown:QueryInterface (in: This=0x60cdb8, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x56aeaf4 | out: ppvObject=0x56aeaf4*=0x0) returned 0x80004002 [0288.324] WbemLocator:IUnknown:AddRef (This=0x60d578) returned 0x3 [0288.324] WbemLocator:IUnknown:QueryInterface (in: This=0x60d578, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x56ae85c | out: ppvObject=0x56ae85c*=0x0) returned 0x80004002 [0288.324] WbemLocator:IUnknown:QueryInterface (in: This=0x60d578, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x56ae80c | out: ppvObject=0x56ae80c*=0x0) returned 0x80004002 [0288.324] WbemLocator:IUnknown:QueryInterface (in: This=0x60d578, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56ae818 | out: ppvObject=0x56ae818*=0x60d4d4) returned 0x0 [0288.325] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60d4d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x56ae820 | out: pCid=0x56ae820*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.325] WbemLocator:IUnknown:Release (This=0x60d4d4) returned 0x3 [0288.325] CoGetContextToken (in: pToken=0x56ae878 | out: pToken=0x56ae878) returned 0x0 [0288.325] CoGetContextToken (in: pToken=0x56aec80 | out: pToken=0x56aec80) returned 0x0 [0288.325] WbemLocator:IUnknown:QueryInterface (in: This=0x60d578, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56aed10 | out: ppvObject=0x56aed10*=0x60d55c) returned 0x0 [0288.325] WbemLocator:IRpcOptions:Query (in: This=0x60d55c, pPrx=0x60d578, dwProperty=2, pdwValue=0x56aed38 | out: pdwValue=0x56aed38) returned 0x80004002 [0288.325] WbemLocator:IUnknown:Release (This=0x60d55c) returned 0x3 [0288.325] WbemLocator:IUnknown:Release (This=0x60d578) returned 0x2 [0288.325] CoGetContextToken (in: pToken=0x56af258 | out: pToken=0x56af258) returned 0x0 [0288.325] CoGetContextToken (in: pToken=0x56af1b8 | out: pToken=0x56af1b8) returned 0x0 [0288.325] WbemLocator:IUnknown:QueryInterface (in: This=0x60d578, riid=0x56af288*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x56af284 | out: ppvObject=0x56af284*=0x60cdb8) returned 0x0 [0288.325] WbemLocator:IUnknown:AddRef (This=0x60cdb8) returned 0x4 [0288.325] WbemLocator:IUnknown:Release (This=0x60cdb8) returned 0x3 [0288.325] WbemLocator:IUnknown:Release (This=0x60cdb8) returned 0x2 [0288.325] SysStringLen (param_1=0x0) returned 0x0 [0288.325] CoUninitialize () Thread: id = 150 os_tid = 0x10d8 [0288.336] CoGetContextToken (in: pToken=0x56af26c | out: pToken=0x56af26c) returned 0x0 [0288.336] CoGetContextToken (in: pToken=0x56af25c | out: pToken=0x56af25c) returned 0x0 [0288.336] CoGetMarshalSizeMax (in: pulSize=0x56af218, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60d578, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x56af218) returned 0x0 [0288.336] CoMarshalInterface (pStm=0x62f438, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60d578, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0288.710] CoGetContextToken (in: pToken=0x56af26c | out: pToken=0x56af26c) returned 0x0 [0288.710] CoGetContextToken (in: pToken=0x56af25c | out: pToken=0x56af25c) returned 0x0 [0288.710] CoGetMarshalSizeMax (in: pulSize=0x56af218, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60d678, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x56af218) returned 0x0 [0288.710] CoMarshalInterface (pStm=0x62f238, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60d678, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 154 os_tid = 0x1100 [0288.672] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0288.672] RoInitialize () returned 0x1 [0288.672] RoUninitialize () returned 0x0 [0288.673] CoGetClassObject (in: rclsid=0x5e9dd4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b3654e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x57af110 | out: ppv=0x57af110*=0x5dba50) returned 0x0 [0288.674] WbemLocator:IUnknown:QueryInterface (in: This=0x5dba50, riid=0x6b3195e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x57af328 | out: ppvObject=0x57af328*=0x0) returned 0x80004002 [0288.674] WbemLocator:IClassFactory:CreateInstance (in: This=0x5dba50, pUnkOuter=0x0, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57af33c | out: ppvObject=0x57af33c*=0x5f6be8) returned 0x0 [0288.674] WbemLocator:IUnknown:Release (This=0x5dba50) returned 0x0 [0288.674] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57aef5c | out: ppvObject=0x57aef5c*=0x5f6be8) returned 0x0 [0288.674] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x57aef18 | out: ppvObject=0x57aef18*=0x0) returned 0x80004002 [0288.674] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x57aeb0c | out: ppvObject=0x57aeb0c*=0x0) returned 0x80004002 [0288.674] WbemLocator:IUnknown:AddRef (This=0x5f6be8) returned 0x3 [0288.674] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x57ae874 | out: ppvObject=0x57ae874*=0x0) returned 0x80004002 [0288.674] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x57ae824 | out: ppvObject=0x57ae824*=0x0) returned 0x80004002 [0288.674] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57ae830 | out: ppvObject=0x57ae830*=0x0) returned 0x80004002 [0288.674] CoGetContextToken (in: pToken=0x57ae890 | out: pToken=0x57ae890) returned 0x0 [0288.675] CoGetContextToken (in: pToken=0x57aec98 | out: pToken=0x57aec98) returned 0x0 [0288.675] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57aed28 | out: ppvObject=0x57aed28*=0x0) returned 0x80004002 [0288.675] WbemLocator:IUnknown:Release (This=0x5f6be8) returned 0x2 [0288.675] WbemLocator:IUnknown:Release (This=0x5f6be8) returned 0x1 [0288.675] CoGetContextToken (in: pToken=0x57af308 | out: pToken=0x57af308) returned 0x0 [0288.675] CoGetContextToken (in: pToken=0x57af268 | out: pToken=0x57af268) returned 0x0 [0288.675] WbemLocator:IUnknown:QueryInterface (in: This=0x5f6be8, riid=0x57af338*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x57af334 | out: ppvObject=0x57af334*=0x5f6be8) returned 0x0 [0288.675] WbemLocator:IUnknown:AddRef (This=0x5f6be8) returned 0x3 [0288.675] WbemLocator:IUnknown:Release (This=0x5f6be8) returned 0x2 [0288.675] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5ec840, puCount=0x57af4cc | out: puCount=0x57af4cc*=0x2) returned 0x0 [0288.675] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=8, puBuffLength=0x57af4c8*=0x0, pszText=0x0 | out: puBuffLength=0x57af4c8*=0xf, pszText=0x0) returned 0x0 [0288.675] WbemDefPath:IWbemPath:GetText (in: This=0x5ec840, lFlags=8, puBuffLength=0x57af4c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x57af4c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0288.675] CoCreateInstance (in: rclsid=0x6ba71284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6ba712e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x57af3a4 | out: ppv=0x57af3a4*=0x5f6b78) returned 0x0 [0288.675] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5f6b78, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x57af438 | out: ppNamespace=0x57af438*=0x60c278) returned 0x0 [0288.703] WbemLocator:IUnknown:QueryInterface (in: This=0x60c278, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57af2d4 | out: ppvObject=0x57af2d4*=0x60d654) returned 0x0 [0288.703] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60d654, pProxy=0x60c278, pAuthnSvc=0x57af324, pAuthzSvc=0x57af320, pServerPrincName=0x57af318, pAuthnLevel=0x57af31c, pImpLevel=0x57af30c, pAuthInfo=0x57af310, pCapabilites=0x57af314 | out: pAuthnSvc=0x57af324*=0xa, pAuthzSvc=0x57af320*=0x0, pServerPrincName=0x57af318, pAuthnLevel=0x57af31c*=0x6, pImpLevel=0x57af30c*=0x2, pAuthInfo=0x57af310, pCapabilites=0x57af314*=0x1) returned 0x0 [0288.703] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x1 [0288.703] WbemLocator:IUnknown:QueryInterface (in: This=0x60c278, riid=0x6ba710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57af2c8 | out: ppvObject=0x57af2c8*=0x60d678) returned 0x0 [0288.703] WbemLocator:IUnknown:QueryInterface (in: This=0x60c278, riid=0x6ba71104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57af2c4 | out: ppvObject=0x57af2c4*=0x60d654) returned 0x0 [0288.704] WbemLocator:IClientSecurity:SetBlanket (This=0x60d654, pProxy=0x60c278, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0288.704] WbemLocator:IUnknown:Release (This=0x60d654) returned 0x2 [0288.704] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x1 [0288.704] CoTaskMemFree (pv=0x5fdeb8) [0288.704] WbemLocator:IUnknown:Release (This=0x5f6b78) returned 0x0 [0288.704] WbemLocator:IUnknown:QueryInterface (in: This=0x60c278, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57aeec4 | out: ppvObject=0x57aeec4*=0x60d678) returned 0x0 [0288.704] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3efdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x57aee80 | out: ppvObject=0x57aee80*=0x0) returned 0x80004002 [0288.705] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3efb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x57aec9c | out: ppvObject=0x57aec9c*=0x0) returned 0x80004002 [0288.705] WbemLocator:IUnknown:QueryInterface (in: This=0x60c278, riid=0x6b3f056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x57aea74 | out: ppvObject=0x57aea74*=0x0) returned 0x80004002 [0288.706] WbemLocator:IUnknown:AddRef (This=0x60d678) returned 0x3 [0288.706] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3f0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x57ae7dc | out: ppvObject=0x57ae7dc*=0x0) returned 0x80004002 [0288.706] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3f015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x57ae78c | out: ppvObject=0x57ae78c*=0x0) returned 0x80004002 [0288.706] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b2c40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57ae798 | out: ppvObject=0x57ae798*=0x60d5d4) returned 0x0 [0288.706] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60d5d4, riid=0x6b2b6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x57ae7a0 | out: pCid=0x57ae7a0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0288.706] WbemLocator:IUnknown:Release (This=0x60d5d4) returned 0x3 [0288.706] CoGetContextToken (in: pToken=0x57ae7f8 | out: pToken=0x57ae7f8) returned 0x0 [0288.706] CoGetContextToken (in: pToken=0x57aec00 | out: pToken=0x57aec00) returned 0x0 [0288.706] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x6b3f0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57aec90 | out: ppvObject=0x57aec90*=0x60d65c) returned 0x0 [0288.706] WbemLocator:IRpcOptions:Query (in: This=0x60d65c, pPrx=0x60d678, dwProperty=2, pdwValue=0x57aecb8 | out: pdwValue=0x57aecb8) returned 0x80004002 [0288.706] WbemLocator:IUnknown:Release (This=0x60d65c) returned 0x3 [0288.706] WbemLocator:IUnknown:Release (This=0x60d678) returned 0x2 [0288.706] CoGetContextToken (in: pToken=0x57af1d8 | out: pToken=0x57af1d8) returned 0x0 [0288.706] CoGetContextToken (in: pToken=0x57af138 | out: pToken=0x57af138) returned 0x0 [0288.706] WbemLocator:IUnknown:QueryInterface (in: This=0x60d678, riid=0x57af208*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57af204 | out: ppvObject=0x57af204*=0x60c278) returned 0x0 [0288.706] WbemLocator:IUnknown:AddRef (This=0x60c278) returned 0x4 [0288.706] WbemLocator:IUnknown:Release (This=0x60c278) returned 0x3 [0288.706] WbemLocator:IUnknown:Release (This=0x60c278) returned 0x2 [0288.706] SysStringLen (param_1=0x0) returned 0x0 [0288.707] CoUninitialize () Thread: id = 155 os_tid = 0x1118 [0291.083] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0291.085] CoGetContextToken (in: pToken=0x57af844 | out: pToken=0x57af844) returned 0x0 [0291.085] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57af868 | out: ppvObject=0x57af868*=0x5a0144) returned 0x0 [0291.085] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x57af894 | out: pThreadType=0x57af894*=0) returned 0x0 [0291.085] IUnknown:Release (This=0x5a0144) returned 0x1 [0291.085] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0291.085] CoUninitialize () [0291.085] RoInitialize () returned 0x1 [0291.085] RoUninitialize () returned 0x0 [0291.086] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x57af554 | out: UnbiasedTime=0x57af554) returned 1 [0291.087] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x57af544 | out: UnbiasedTime=0x57af544) returned 1 [0291.088] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x57af448 | out: lpSystemTimeAsFileTime=0x57af448*(dwLowDateTime=0xa6560bb4, dwHighDateTime=0x1d7b3a6)) [0291.088] GetLastInputInfo (in: plii=0x22a2484 | out: plii=0x22a2484*(cbSize=0x8, dwTime=0x1553d5c)) returned 1 [0311.268] CoUninitialize () Thread: id = 156 os_tid = 0x1124 Thread: id = 157 os_tid = 0x1128 [0291.618] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0291.618] RoInitialize () returned 0x1 [0291.618] RoUninitialize () returned 0x0 [0291.620] ResetEvent (hEvent=0x27c) returned 1 Thread: id = 158 os_tid = 0x1150 [0294.156] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0294.157] RoInitialize () returned 0x1 [0294.157] RoUninitialize () returned 0x0 [0294.231] CoTaskMemAlloc (cb=0x20c) returned 0x648e28 [0294.231] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x648e28 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0294.231] CoTaskMemFree (pv=0x648e28) [0294.231] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x5a2d654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0294.232] CoTaskMemAlloc (cb=0x20c) returned 0x649278 [0294.232] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x649278 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0294.232] CoTaskMemFree (pv=0x649278) [0294.232] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x5a2d654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0294.474] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x41 [0294.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.475] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0294.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.475] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0294.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.476] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3e [0294.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.476] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0294.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.476] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0294.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.477] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0294.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.477] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0294.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.478] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0294.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.478] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0294.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.478] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0294.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0294.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x33 [0294.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0294.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0294.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0294.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.481] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0294.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.481] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0294.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.482] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x59 [0294.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.482] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0294.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0294.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0294.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0294.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.484] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0294.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.484] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0294.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0294.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0294.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0294.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.486] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x5a2ed58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0294.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f1b4) returned 1 [0294.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5a2f230 | out: lpFileInformation=0x5a2f230*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f1b0) returned 1 [0294.545] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.545] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.545] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.545] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.548] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.548] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.549] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.549] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.549] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.549] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.549] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.549] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a2f178, nSize=0x80 | out: lpBuffer="") returned 0x25 [0294.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\", lpFilePart=0x0) returned 0x36 [0294.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.550] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\", lpFilePart=0x0) returned 0x35 [0294.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.551] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", lpFilePart=0x0) returned 0x46 [0294.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.551] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", lpFilePart=0x0) returned 0x38 [0294.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.551] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\", lpFilePart=0x0) returned 0x34 [0294.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flock\\browser"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", lpFilePart=0x0) returned 0x2f [0294.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\", lpFilePart=0x0) returned 0x2e [0294.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\", lpFilePart=0x0) returned 0x32 [0294.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\", lpFilePart=0x0) returned 0x37 [0294.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.554] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\", lpFilePart=0x0) returned 0x2f [0294.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.554] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", lpFilePart=0x0) returned 0x45 [0294.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.554] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", nBufferLength=0x105, lpBuffer=0x5a2edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", lpFilePart=0x0) returned 0x3c [0294.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f230) returned 1 [0294.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox"), fInfoLevelId=0x0, lpFileInformation=0x5a2f2ac | out: lpFileInformation=0x5a2f2ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0294.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f22c) returned 1 [0294.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a2f2a4) returned 1 [0294.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\14mpcgrs.5kf", nBufferLength=0x105, lpBuffer=0x5a2edac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\14mpcgrs.5kf", lpFilePart=0x0) returned 0x32 [0294.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\14mpcgrs.5kf\\", nBufferLength=0x105, lpBuffer=0x5a2ed80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\14mpcgrs.5kf\\", lpFilePart=0x0) returned 0x33 [0294.636] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\14mpcgrs.5kf\\*", lpFindFileData=0x5a2efcc | out: lpFindFileData=0x5a2efcc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0294.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a2f268) returned 1 [0294.717] CoUninitialize () Thread: id = 159 os_tid = 0x119c [0321.135] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0321.136] CoGetContextToken (in: pToken=0x57af6c4 | out: pToken=0x57af6c4) returned 0x0 [0321.136] IUnknown:QueryInterface (in: This=0x5a0138, riid=0x6b334564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57af6e8 | out: ppvObject=0x57af6e8*=0x5a0144) returned 0x0 [0321.136] IComThreadingInfo:GetCurrentThreadType (in: This=0x5a0144, pThreadType=0x57af714 | out: pThreadType=0x57af714*=0) returned 0x0 [0321.136] IUnknown:Release (This=0x5a0144) returned 0x1 [0321.136] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0321.136] CoUninitialize () [0321.136] RoInitialize () returned 0x1 [0321.136] RoUninitialize () returned 0x0 [0321.137] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x57af3d4 | out: UnbiasedTime=0x57af3d4) returned 1 [0321.137] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x57af3c4 | out: UnbiasedTime=0x57af3c4) returned 1 [0321.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x57af2c8 | out: lpSystemTimeAsFileTime=0x57af2c8*(dwLowDateTime=0xb83d5bdb, dwHighDateTime=0x1d7b3a6)) [0321.139] GetLastInputInfo (in: plii=0x22a2484 | out: plii=0x22a2484*(cbSize=0x8, dwTime=0x155b4fd)) returned 1 Thread: id = 160 os_tid = 0x11b0 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7369f000" os_pid = "0x60" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x218" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cdd2" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 664 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 665 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 666 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 667 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 668 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 669 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 670 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 671 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 672 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 673 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 674 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 675 start_va = 0x1f0000 end_va = 0x1f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 676 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 677 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 678 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 679 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 680 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 681 start_va = 0x530000 end_va = 0x530fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 682 start_va = 0x540000 end_va = 0x541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 683 start_va = 0x550000 end_va = 0x551fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 684 start_va = 0x580000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 685 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 686 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 687 start_va = 0x660000 end_va = 0x666fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 688 start_va = 0x670000 end_va = 0x670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 689 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 690 start_va = 0x690000 end_va = 0x691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 691 start_va = 0x6a0000 end_va = 0x6a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 692 start_va = 0x6b0000 end_va = 0x6b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 693 start_va = 0x6c0000 end_va = 0x6c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 694 start_va = 0x6d0000 end_va = 0x6d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 695 start_va = 0x700000 end_va = 0x706fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 696 start_va = 0x710000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 697 start_va = 0x7b0000 end_va = 0x7c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 698 start_va = 0x7d0000 end_va = 0x7d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 699 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 700 start_va = 0x900000 end_va = 0xa87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 701 start_va = 0xa90000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 702 start_va = 0xc20000 end_va = 0x101afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 703 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 704 start_va = 0x10a0000 end_va = 0x10e4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 705 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 706 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 707 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 708 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 709 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 710 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 711 start_va = 0x1730000 end_va = 0x177efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001730000" filename = "" Region: id = 712 start_va = 0x17e0000 end_va = 0x17e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017e0000" filename = "" Region: id = 713 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 714 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 715 start_va = 0x1a00000 end_va = 0x1d36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 716 start_va = 0x1d40000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 717 start_va = 0x1e40000 end_va = 0x1f1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 718 start_va = 0x1f40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 719 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 720 start_va = 0x2140000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 721 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 722 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 723 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 724 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 725 start_va = 0x2600000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 726 start_va = 0x2680000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 727 start_va = 0x2780000 end_va = 0x287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 728 start_va = 0x2880000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 729 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 730 start_va = 0x2a00000 end_va = 0x2a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 731 start_va = 0x2ac0000 end_va = 0x2ac6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 732 start_va = 0x2b00000 end_va = 0x2b8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 733 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 734 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d00000" filename = "" Region: id = 735 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 736 start_va = 0x2f00000 end_va = 0x2f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 737 start_va = 0x2f80000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f80000" filename = "" Region: id = 738 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 739 start_va = 0x3400000 end_va = 0x347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 740 start_va = 0x34b0000 end_va = 0x34b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 741 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 742 start_va = 0x3600000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 743 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 744 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 745 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 746 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 747 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 748 start_va = 0x3c00000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 749 start_va = 0x3d00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 750 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 751 start_va = 0x4000000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 752 start_va = 0x4080000 end_va = 0x417ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 753 start_va = 0x4380000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004380000" filename = "" Region: id = 754 start_va = 0x4400000 end_va = 0x447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 755 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 756 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 757 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 758 start_va = 0x48d0000 end_va = 0x48d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 759 start_va = 0x48e0000 end_va = 0x48e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048e0000" filename = "" Region: id = 760 start_va = 0x49f0000 end_va = 0x49f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 761 start_va = 0x4bd0000 end_va = 0x4bd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 762 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 763 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 764 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 765 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 766 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 767 start_va = 0x5400000 end_va = 0x547ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 768 start_va = 0x54f0000 end_va = 0x55effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054f0000" filename = "" Region: id = 769 start_va = 0x55f0000 end_va = 0x55f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 770 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 771 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 772 start_va = 0x5800000 end_va = 0x587ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 773 start_va = 0x5880000 end_va = 0x597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005880000" filename = "" Region: id = 774 start_va = 0x5a00000 end_va = 0x5a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 775 start_va = 0x5a80000 end_va = 0x5b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a80000" filename = "" Region: id = 776 start_va = 0x5b80000 end_va = 0x5c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b80000" filename = "" Region: id = 777 start_va = 0x5c80000 end_va = 0x5d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c80000" filename = "" Region: id = 778 start_va = 0x5e80000 end_va = 0x5f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 779 start_va = 0x5f80000 end_va = 0x607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f80000" filename = "" Region: id = 780 start_va = 0x6080000 end_va = 0x617ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 781 start_va = 0x6180000 end_va = 0x627ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006180000" filename = "" Region: id = 782 start_va = 0x63c0000 end_va = 0x64bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063c0000" filename = "" Region: id = 783 start_va = 0x6560000 end_va = 0x6564fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 784 start_va = 0x6570000 end_va = 0x657ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 785 start_va = 0x6590000 end_va = 0x6596fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006590000" filename = "" Region: id = 786 start_va = 0x65a0000 end_va = 0x669ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065a0000" filename = "" Region: id = 787 start_va = 0x66a0000 end_va = 0x66b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 788 start_va = 0x66c0000 end_va = 0x66d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 789 start_va = 0x66e0000 end_va = 0x66f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 790 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 791 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 792 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 793 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 794 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 795 start_va = 0x6ef0000 end_va = 0x6ef6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ef0000" filename = "" Region: id = 796 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 797 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 798 start_va = 0x7100000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 799 start_va = 0x7200000 end_va = 0x72fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 800 start_va = 0x7300000 end_va = 0x7310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 801 start_va = 0x7320000 end_va = 0x7330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 802 start_va = 0x7340000 end_va = 0x7350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 803 start_va = 0x7360000 end_va = 0x7370fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 804 start_va = 0x7380000 end_va = 0x73a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 805 start_va = 0x73b0000 end_va = 0x73e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 806 start_va = 0x73f0000 end_va = 0x7400fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 807 start_va = 0x7410000 end_va = 0x7420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 808 start_va = 0x7430000 end_va = 0x7460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 809 start_va = 0x7470000 end_va = 0x74a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 810 start_va = 0x74b0000 end_va = 0x75affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074b0000" filename = "" Region: id = 811 start_va = 0x75b0000 end_va = 0x76affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000075b0000" filename = "" Region: id = 812 start_va = 0x76b0000 end_va = 0x77affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076b0000" filename = "" Region: id = 813 start_va = 0x77b0000 end_va = 0x78affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077b0000" filename = "" Region: id = 814 start_va = 0x79a0000 end_va = 0x7a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000079a0000" filename = "" Region: id = 815 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 816 start_va = 0x7c00000 end_va = 0x7cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 817 start_va = 0x7d00000 end_va = 0x7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d00000" filename = "" Region: id = 818 start_va = 0x7e00000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 819 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 820 start_va = 0x8000000 end_va = 0x80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 821 start_va = 0x8100000 end_va = 0x81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Region: id = 822 start_va = 0x8200000 end_va = 0x82fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008200000" filename = "" Region: id = 823 start_va = 0x8300000 end_va = 0x83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 824 start_va = 0x85a0000 end_va = 0x869ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085a0000" filename = "" Region: id = 825 start_va = 0x87a0000 end_va = 0x889ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087a0000" filename = "" Region: id = 826 start_va = 0x88a0000 end_va = 0x899ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088a0000" filename = "" Region: id = 827 start_va = 0x89a0000 end_va = 0x8a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089a0000" filename = "" Region: id = 828 start_va = 0x8aa0000 end_va = 0x8b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008aa0000" filename = "" Region: id = 829 start_va = 0x8ba0000 end_va = 0x8c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ba0000" filename = "" Region: id = 830 start_va = 0x8ca0000 end_va = 0x8d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ca0000" filename = "" Region: id = 831 start_va = 0x8da0000 end_va = 0x8e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008da0000" filename = "" Region: id = 832 start_va = 0x8ea0000 end_va = 0x8f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ea0000" filename = "" Region: id = 833 start_va = 0x8fa0000 end_va = 0x909ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008fa0000" filename = "" Region: id = 834 start_va = 0x90a0000 end_va = 0x919ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090a0000" filename = "" Region: id = 835 start_va = 0x91a0000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000091a0000" filename = "" Region: id = 836 start_va = 0x92a0000 end_va = 0x939ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092a0000" filename = "" Region: id = 837 start_va = 0x93a0000 end_va = 0x949ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093a0000" filename = "" Region: id = 838 start_va = 0x94a0000 end_va = 0x959ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000094a0000" filename = "" Region: id = 839 start_va = 0x95a0000 end_va = 0x969ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000095a0000" filename = "" Region: id = 840 start_va = 0x96a0000 end_va = 0x979ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000096a0000" filename = "" Region: id = 841 start_va = 0x97a0000 end_va = 0x989ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000097a0000" filename = "" Region: id = 842 start_va = 0x9fa0000 end_va = 0xa09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fa0000" filename = "" Region: id = 843 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 844 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 845 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 846 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 847 start_va = 0x7ff6bac60000 end_va = 0x7ff6bac6cfff monitored = 0 entry_point = 0x7ff6bac63980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 848 start_va = 0x7ffb0c2c0000 end_va = 0x7ffb0c303fff monitored = 0 entry_point = 0x7ffb0c2e83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 849 start_va = 0x7ffb0c9d0000 end_va = 0x7ffb0cc7ffff monitored = 0 entry_point = 0x7ffb0c9d1cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 850 start_va = 0x7ffb0cc90000 end_va = 0x7ffb0cc97fff monitored = 0 entry_point = 0x7ffb0cc913b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 851 start_va = 0x7ffb0ccb0000 end_va = 0x7ffb0cd0cfff monitored = 0 entry_point = 0x7ffb0ccde510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 852 start_va = 0x7ffb0cd40000 end_va = 0x7ffb0cd51fff monitored = 0 entry_point = 0x7ffb0cd41a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 853 start_va = 0x7ffb0dbc0000 end_va = 0x7ffb0dbfefff monitored = 0 entry_point = 0x7ffb0dbe82d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 854 start_va = 0x7ffb0dd90000 end_va = 0x7ffb0dda0fff monitored = 0 entry_point = 0x7ffb0dd928d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 855 start_va = 0x7ffb0deb0000 end_va = 0x7ffb0dee1fff monitored = 0 entry_point = 0x7ffb0debb0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 856 start_va = 0x7ffb0e100000 end_va = 0x7ffb0e117fff monitored = 0 entry_point = 0x7ffb0e101b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 857 start_va = 0x7ffb0e120000 end_va = 0x7ffb0e13cfff monitored = 0 entry_point = 0x7ffb0e124f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 858 start_va = 0x7ffb0e540000 end_va = 0x7ffb0e64efff monitored = 0 entry_point = 0x7ffb0e57c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 859 start_va = 0x7ffb0e650000 end_va = 0x7ffb0e666fff monitored = 0 entry_point = 0x7ffb0e657520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 860 start_va = 0x7ffb0f5b0000 end_va = 0x7ffb0f6ccfff monitored = 0 entry_point = 0x7ffb0f5dfe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 861 start_va = 0x7ffb0f830000 end_va = 0x7ffb0f896fff monitored = 0 entry_point = 0x7ffb0f83b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 862 start_va = 0x7ffb10ae0000 end_va = 0x7ffb10b15fff monitored = 0 entry_point = 0x7ffb10ae27f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 863 start_va = 0x7ffb10e10000 end_va = 0x7ffb10e20fff monitored = 0 entry_point = 0x7ffb10e17480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 864 start_va = 0x7ffb10e30000 end_va = 0x7ffb10eb3fff monitored = 0 entry_point = 0x7ffb10e48d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 865 start_va = 0x7ffb10f40000 end_va = 0x7ffb10f55fff monitored = 0 entry_point = 0x7ffb10f455e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 866 start_va = 0x7ffb10f60000 end_va = 0x7ffb11035fff monitored = 0 entry_point = 0x7ffb10f8a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 867 start_va = 0x7ffb11040000 end_va = 0x7ffb110a3fff monitored = 0 entry_point = 0x7ffb1105bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 868 start_va = 0x7ffb110b0000 end_va = 0x7ffb110d4fff monitored = 0 entry_point = 0x7ffb110b9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 869 start_va = 0x7ffb110e0000 end_va = 0x7ffb110f3fff monitored = 0 entry_point = 0x7ffb110e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 870 start_va = 0x7ffb11100000 end_va = 0x7ffb111f5fff monitored = 0 entry_point = 0x7ffb11139590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 871 start_va = 0x7ffb11200000 end_va = 0x7ffb11273fff monitored = 0 entry_point = 0x7ffb11215eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 872 start_va = 0x7ffb11280000 end_va = 0x7ffb113b6fff monitored = 0 entry_point = 0x7ffb112c0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 873 start_va = 0x7ffb11470000 end_va = 0x7ffb11485fff monitored = 0 entry_point = 0x7ffb11471af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 874 start_va = 0x7ffb11490000 end_va = 0x7ffb114a9fff monitored = 0 entry_point = 0x7ffb11492330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 875 start_va = 0x7ffb114b0000 end_va = 0x7ffb114bcfff monitored = 0 entry_point = 0x7ffb114b1420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 876 start_va = 0x7ffb115e0000 end_va = 0x7ffb115eefff monitored = 0 entry_point = 0x7ffb115e4960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 877 start_va = 0x7ffb11680000 end_va = 0x7ffb11690fff monitored = 0 entry_point = 0x7ffb11682fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 878 start_va = 0x7ffb116a0000 end_va = 0x7ffb116bdfff monitored = 0 entry_point = 0x7ffb116a3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 879 start_va = 0x7ffb116c0000 end_va = 0x7ffb11741fff monitored = 0 entry_point = 0x7ffb116c2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 880 start_va = 0x7ffb12610000 end_va = 0x7ffb12651fff monitored = 0 entry_point = 0x7ffb12613670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 881 start_va = 0x7ffb12660000 end_va = 0x7ffb126a5fff monitored = 0 entry_point = 0x7ffb126679a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 882 start_va = 0x7ffb126b0000 end_va = 0x7ffb126effff monitored = 0 entry_point = 0x7ffb126bcbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 883 start_va = 0x7ffb126f0000 end_va = 0x7ffb12736fff monitored = 0 entry_point = 0x7ffb126f1d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 884 start_va = 0x7ffb12740000 end_va = 0x7ffb1275efff monitored = 0 entry_point = 0x7ffb127437e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 885 start_va = 0x7ffb12760000 end_va = 0x7ffb127d8fff monitored = 0 entry_point = 0x7ffb127676a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 886 start_va = 0x7ffb127f0000 end_va = 0x7ffb12807fff monitored = 0 entry_point = 0x7ffb127f4e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 887 start_va = 0x7ffb12810000 end_va = 0x7ffb12834fff monitored = 0 entry_point = 0x7ffb12815ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 888 start_va = 0x7ffb12850000 end_va = 0x7ffb12890fff monitored = 0 entry_point = 0x7ffb12853750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 889 start_va = 0x7ffb128a0000 end_va = 0x7ffb12992fff monitored = 0 entry_point = 0x7ffb128c5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 890 start_va = 0x7ffb12a60000 end_va = 0x7ffb12a77fff monitored = 0 entry_point = 0x7ffb12a62000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 891 start_va = 0x7ffb12a80000 end_va = 0x7ffb12c01fff monitored = 0 entry_point = 0x7ffb12a982a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 892 start_va = 0x7ffb12c10000 end_va = 0x7ffb12cb2fff monitored = 0 entry_point = 0x7ffb12c12c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 893 start_va = 0x7ffb12cc0000 end_va = 0x7ffb12d11fff monitored = 0 entry_point = 0x7ffb12cc5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 894 start_va = 0x7ffb12d40000 end_va = 0x7ffb12d6dfff monitored = 1 entry_point = 0x7ffb12d42300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 895 start_va = 0x7ffb12d70000 end_va = 0x7ffb12dcdfff monitored = 0 entry_point = 0x7ffb12d75080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 896 start_va = 0x7ffb12dd0000 end_va = 0x7ffb12deffff monitored = 0 entry_point = 0x7ffb12dd1f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 897 start_va = 0x7ffb12df0000 end_va = 0x7ffb12df8fff monitored = 0 entry_point = 0x7ffb12df18f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 898 start_va = 0x7ffb12e00000 end_va = 0x7ffb12e10fff monitored = 0 entry_point = 0x7ffb12e01d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 899 start_va = 0x7ffb12f30000 end_va = 0x7ffb12faefff monitored = 0 entry_point = 0x7ffb12f47110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 900 start_va = 0x7ffb12fb0000 end_va = 0x7ffb12febfff monitored = 0 entry_point = 0x7ffb12fb6aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 901 start_va = 0x7ffb13040000 end_va = 0x7ffb1308bfff monitored = 0 entry_point = 0x7ffb13055310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 902 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 903 start_va = 0x7ffb14500000 end_va = 0x7ffb14534fff monitored = 0 entry_point = 0x7ffb1450a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 904 start_va = 0x7ffb16be0000 end_va = 0x7ffb16beffff monitored = 0 entry_point = 0x7ffb16be1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 905 start_va = 0x7ffb16bf0000 end_va = 0x7ffb16e69fff monitored = 0 entry_point = 0x7ffb16c0a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 906 start_va = 0x7ffb180e0000 end_va = 0x7ffb180f3fff monitored = 0 entry_point = 0x7ffb180e2a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 907 start_va = 0x7ffb19500000 end_va = 0x7ffb19521fff monitored = 0 entry_point = 0x7ffb19512540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 908 start_va = 0x7ffb19530000 end_va = 0x7ffb19604fff monitored = 0 entry_point = 0x7ffb1954cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 909 start_va = 0x7ffb196d0000 end_va = 0x7ffb1970ffff monitored = 0 entry_point = 0x7ffb196e6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 910 start_va = 0x7ffb1a000000 end_va = 0x7ffb1a009fff monitored = 0 entry_point = 0x7ffb1a001350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 911 start_va = 0x7ffb1a350000 end_va = 0x7ffb1a358fff monitored = 0 entry_point = 0x7ffb1a3521d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 912 start_va = 0x7ffb1a510000 end_va = 0x7ffb1a521fff monitored = 0 entry_point = 0x7ffb1a513580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 913 start_va = 0x7ffb1a590000 end_va = 0x7ffb1a5a3fff monitored = 0 entry_point = 0x7ffb1a593710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 914 start_va = 0x7ffb1a5b0000 end_va = 0x7ffb1a5d7fff monitored = 0 entry_point = 0x7ffb1a5befc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 915 start_va = 0x7ffb1a640000 end_va = 0x7ffb1a65dfff monitored = 0 entry_point = 0x7ffb1a64ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 916 start_va = 0x7ffb1a9b0000 end_va = 0x7ffb1aa2ffff monitored = 0 entry_point = 0x7ffb1a9dd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 917 start_va = 0x7ffb1aa70000 end_va = 0x7ffb1aa85fff monitored = 0 entry_point = 0x7ffb1aa71d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 918 start_va = 0x7ffb1c710000 end_va = 0x7ffb1c719fff monitored = 0 entry_point = 0x7ffb1c7114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 919 start_va = 0x7ffb1cb20000 end_va = 0x7ffb1cb34fff monitored = 0 entry_point = 0x7ffb1cb22dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 920 start_va = 0x7ffb1d1d0000 end_va = 0x7ffb1d1dffff monitored = 0 entry_point = 0x7ffb1d1d1700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 921 start_va = 0x7ffb1d1e0000 end_va = 0x7ffb1d1e8fff monitored = 0 entry_point = 0x7ffb1d1e1ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 922 start_va = 0x7ffb1d1f0000 end_va = 0x7ffb1d21cfff monitored = 0 entry_point = 0x7ffb1d1f2290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 923 start_va = 0x7ffb1d220000 end_va = 0x7ffb1d271fff monitored = 0 entry_point = 0x7ffb1d2238e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 924 start_va = 0x7ffb1d3f0000 end_va = 0x7ffb1d40afff monitored = 0 entry_point = 0x7ffb1d3f1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 925 start_va = 0x7ffb1d700000 end_va = 0x7ffb1d70dfff monitored = 0 entry_point = 0x7ffb1d701460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 926 start_va = 0x7ffb1d850000 end_va = 0x7ffb1d86efff monitored = 0 entry_point = 0x7ffb1d854960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 927 start_va = 0x7ffb1d8c0000 end_va = 0x7ffb1d959fff monitored = 0 entry_point = 0x7ffb1d8dada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 928 start_va = 0x7ffb1d960000 end_va = 0x7ffb1d974fff monitored = 0 entry_point = 0x7ffb1d963460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 929 start_va = 0x7ffb1da70000 end_va = 0x7ffb1dab0fff monitored = 0 entry_point = 0x7ffb1da74840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 930 start_va = 0x7ffb1dac0000 end_va = 0x7ffb1db26fff monitored = 0 entry_point = 0x7ffb1dac63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 931 start_va = 0x7ffb1dc60000 end_va = 0x7ffb1dd1ffff monitored = 0 entry_point = 0x7ffb1dc8fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 932 start_va = 0x7ffb1dd20000 end_va = 0x7ffb1dd39fff monitored = 0 entry_point = 0x7ffb1dd22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 933 start_va = 0x7ffb1dd40000 end_va = 0x7ffb1dd55fff monitored = 0 entry_point = 0x7ffb1dd419f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 934 start_va = 0x7ffb1dd60000 end_va = 0x7ffb1dd97fff monitored = 0 entry_point = 0x7ffb1dd78cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 935 start_va = 0x7ffb1dda0000 end_va = 0x7ffb1ddaafff monitored = 0 entry_point = 0x7ffb1dda1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 936 start_va = 0x7ffb1ddb0000 end_va = 0x7ffb1de95fff monitored = 0 entry_point = 0x7ffb1ddccf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 937 start_va = 0x7ffb1dff0000 end_va = 0x7ffb1e01dfff monitored = 0 entry_point = 0x7ffb1dff7550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 938 start_va = 0x7ffb1e020000 end_va = 0x7ffb1e02cfff monitored = 0 entry_point = 0x7ffb1e022ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 939 start_va = 0x7ffb1e030000 end_va = 0x7ffb1e05efff monitored = 0 entry_point = 0x7ffb1e038910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 940 start_va = 0x7ffb1e070000 end_va = 0x7ffb1e085fff monitored = 0 entry_point = 0x7ffb1e071b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 941 start_va = 0x7ffb1e130000 end_va = 0x7ffb1e13ffff monitored = 0 entry_point = 0x7ffb1e132c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 942 start_va = 0x7ffb1e140000 end_va = 0x7ffb1e153fff monitored = 0 entry_point = 0x7ffb1e142d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 943 start_va = 0x7ffb1e440000 end_va = 0x7ffb1e4d2fff monitored = 0 entry_point = 0x7ffb1e449680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 944 start_va = 0x7ffb1e5a0000 end_va = 0x7ffb1e5b7fff monitored = 0 entry_point = 0x7ffb1e5ab850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 945 start_va = 0x7ffb1e5f0000 end_va = 0x7ffb1e608fff monitored = 0 entry_point = 0x7ffb1e5f4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 946 start_va = 0x7ffb1e820000 end_va = 0x7ffb1e88dfff monitored = 0 entry_point = 0x7ffb1e827f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 947 start_va = 0x7ffb1e890000 end_va = 0x7ffb1e8a0fff monitored = 0 entry_point = 0x7ffb1e893320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 948 start_va = 0x7ffb1e8b0000 end_va = 0x7ffb1e8f0fff monitored = 0 entry_point = 0x7ffb1e8c7eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 949 start_va = 0x7ffb1e900000 end_va = 0x7ffb1e9fbfff monitored = 0 entry_point = 0x7ffb1e936df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 950 start_va = 0x7ffb1ea00000 end_va = 0x7ffb1eaadfff monitored = 0 entry_point = 0x7ffb1ea180c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 951 start_va = 0x7ffb1eab0000 end_va = 0x7ffb1eac1fff monitored = 0 entry_point = 0x7ffb1eab9260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 952 start_va = 0x7ffb1ead0000 end_va = 0x7ffb1eb80fff monitored = 0 entry_point = 0x7ffb1eb488b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 953 start_va = 0x7ffb1eb90000 end_va = 0x7ffb1ebb4fff monitored = 0 entry_point = 0x7ffb1eba2f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 954 start_va = 0x7ffb1ebc0000 end_va = 0x7ffb1ebd0fff monitored = 0 entry_point = 0x7ffb1ebc7ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 955 start_va = 0x7ffb1ebe0000 end_va = 0x7ffb1ebf9fff monitored = 0 entry_point = 0x7ffb1ebe2cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 956 start_va = 0x7ffb1ec00000 end_va = 0x7ffb1ec0bfff monitored = 0 entry_point = 0x7ffb1ec014d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 957 start_va = 0x7ffb1ec10000 end_va = 0x7ffb1ec64fff monitored = 0 entry_point = 0x7ffb1ec13fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 958 start_va = 0x7ffb1ec70000 end_va = 0x7ffb1eca6fff monitored = 0 entry_point = 0x7ffb1ec76020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 959 start_va = 0x7ffb1ecb0000 end_va = 0x7ffb1eccffff monitored = 0 entry_point = 0x7ffb1ecb39a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 960 start_va = 0x7ffb1f310000 end_va = 0x7ffb1f691fff monitored = 0 entry_point = 0x7ffb1f361220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 961 start_va = 0x7ffb1f6a0000 end_va = 0x7ffb1f7d5fff monitored = 0 entry_point = 0x7ffb1f6cf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 962 start_va = 0x7ffb208d0000 end_va = 0x7ffb209ddfff monitored = 0 entry_point = 0x7ffb2091eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 963 start_va = 0x7ffb20f80000 end_va = 0x7ffb2103efff monitored = 0 entry_point = 0x7ffb20fa1c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 964 start_va = 0x7ffb21040000 end_va = 0x7ffb21107fff monitored = 0 entry_point = 0x7ffb210813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 965 start_va = 0x7ffb21110000 end_va = 0x7ffb21170fff monitored = 0 entry_point = 0x7ffb21114b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 966 start_va = 0x7ffb21180000 end_va = 0x7ffb212fbfff monitored = 0 entry_point = 0x7ffb211d1650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 967 start_va = 0x7ffb21300000 end_va = 0x7ffb2130afff monitored = 0 entry_point = 0x7ffb21301770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 968 start_va = 0x7ffb21310000 end_va = 0x7ffb21326fff monitored = 0 entry_point = 0x7ffb21315630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 969 start_va = 0x7ffb21330000 end_va = 0x7ffb2136dfff monitored = 0 entry_point = 0x7ffb2133a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 970 start_va = 0x7ffb21370000 end_va = 0x7ffb21396fff monitored = 0 entry_point = 0x7ffb21373bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 971 start_va = 0x7ffb213a0000 end_va = 0x7ffb213f4fff monitored = 0 entry_point = 0x7ffb213afc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 972 start_va = 0x7ffb21400000 end_va = 0x7ffb21412fff monitored = 0 entry_point = 0x7ffb214057f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 973 start_va = 0x7ffb21420000 end_va = 0x7ffb2142bfff monitored = 0 entry_point = 0x7ffb21422830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 974 start_va = 0x7ffb21430000 end_va = 0x7ffb21439fff monitored = 0 entry_point = 0x7ffb21431660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 975 start_va = 0x7ffb21440000 end_va = 0x7ffb21457fff monitored = 0 entry_point = 0x7ffb21445910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 976 start_va = 0x7ffb21460000 end_va = 0x7ffb215acfff monitored = 0 entry_point = 0x7ffb214a3da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 977 start_va = 0x7ffb21640000 end_va = 0x7ffb216d1fff monitored = 0 entry_point = 0x7ffb2168a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 978 start_va = 0x7ffb21760000 end_va = 0x7ffb217d9fff monitored = 0 entry_point = 0x7ffb21787630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 979 start_va = 0x7ffb217f0000 end_va = 0x7ffb217fafff monitored = 0 entry_point = 0x7ffb217f1de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 980 start_va = 0x7ffb218f0000 end_va = 0x7ffb21953fff monitored = 0 entry_point = 0x7ffb21905ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 981 start_va = 0x7ffb21b50000 end_va = 0x7ffb21b85fff monitored = 0 entry_point = 0x7ffb21b60070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 982 start_va = 0x7ffb22640000 end_va = 0x7ffb22647fff monitored = 0 entry_point = 0x7ffb226413e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 983 start_va = 0x7ffb22ee0000 end_va = 0x7ffb22f58fff monitored = 0 entry_point = 0x7ffb22effb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 984 start_va = 0x7ffb23110000 end_va = 0x7ffb235a2fff monitored = 0 entry_point = 0x7ffb2311f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 985 start_va = 0x7ffb235b0000 end_va = 0x7ffb23616fff monitored = 0 entry_point = 0x7ffb235ce710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 986 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 987 start_va = 0x7ffb23800000 end_va = 0x7ffb2381bfff monitored = 0 entry_point = 0x7ffb238037a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 988 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 989 start_va = 0x7ffb239d0000 end_va = 0x7ffb23a0ffff monitored = 0 entry_point = 0x7ffb239e1960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 990 start_va = 0x7ffb23b60000 end_va = 0x7ffb23b86fff monitored = 0 entry_point = 0x7ffb23b67940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 991 start_va = 0x7ffb23b90000 end_va = 0x7ffb23c39fff monitored = 0 entry_point = 0x7ffb23bb7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 992 start_va = 0x7ffb23c40000 end_va = 0x7ffb23d3ffff monitored = 0 entry_point = 0x7ffb23c80f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 993 start_va = 0x7ffb23dd0000 end_va = 0x7ffb23ddbfff monitored = 0 entry_point = 0x7ffb23dd2480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 994 start_va = 0x7ffb23ea0000 end_va = 0x7ffb23ed1fff monitored = 0 entry_point = 0x7ffb23eb2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 995 start_va = 0x7ffb24110000 end_va = 0x7ffb2411bfff monitored = 0 entry_point = 0x7ffb24112790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 996 start_va = 0x7ffb24120000 end_va = 0x7ffb24143fff monitored = 0 entry_point = 0x7ffb24123260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 997 start_va = 0x7ffb242c0000 end_va = 0x7ffb243b3fff monitored = 0 entry_point = 0x7ffb242ca960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 998 start_va = 0x7ffb24410000 end_va = 0x7ffb24458fff monitored = 0 entry_point = 0x7ffb2441a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 999 start_va = 0x7ffb24530000 end_va = 0x7ffb2453bfff monitored = 0 entry_point = 0x7ffb245327e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1000 start_va = 0x7ffb24610000 end_va = 0x7ffb24640fff monitored = 0 entry_point = 0x7ffb24617d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1001 start_va = 0x7ffb24670000 end_va = 0x7ffb246e9fff monitored = 0 entry_point = 0x7ffb24691a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1002 start_va = 0x7ffb24730000 end_va = 0x7ffb24763fff monitored = 0 entry_point = 0x7ffb2474ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1003 start_va = 0x7ffb24770000 end_va = 0x7ffb24779fff monitored = 0 entry_point = 0x7ffb24771830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1004 start_va = 0x7ffb24880000 end_va = 0x7ffb2489efff monitored = 0 entry_point = 0x7ffb24885d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1005 start_va = 0x7ffb249f0000 end_va = 0x7ffb24a4bfff monitored = 0 entry_point = 0x7ffb24a06f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1006 start_va = 0x7ffb24aa0000 end_va = 0x7ffb24ab6fff monitored = 0 entry_point = 0x7ffb24aa79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1007 start_va = 0x7ffb24bc0000 end_va = 0x7ffb24bcafff monitored = 0 entry_point = 0x7ffb24bc19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1008 start_va = 0x7ffb24c00000 end_va = 0x7ffb24c20fff monitored = 0 entry_point = 0x7ffb24c10250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1009 start_va = 0x7ffb24c50000 end_va = 0x7ffb24c89fff monitored = 0 entry_point = 0x7ffb24c58d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1010 start_va = 0x7ffb24c90000 end_va = 0x7ffb24cb6fff monitored = 0 entry_point = 0x7ffb24ca0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1011 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1012 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1013 start_va = 0x7ffb24f90000 end_va = 0x7ffb24fa8fff monitored = 0 entry_point = 0x7ffb24f95e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 1014 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1015 start_va = 0x7ffb24fe0000 end_va = 0x7ffb25078fff monitored = 0 entry_point = 0x7ffb2500f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1016 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1017 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1018 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1019 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1020 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1021 start_va = 0x7ffb253a0000 end_va = 0x7ffb253b6fff monitored = 0 entry_point = 0x7ffb253a1390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1022 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1023 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1024 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1025 start_va = 0x7ffb25770000 end_va = 0x7ffb257f5fff monitored = 0 entry_point = 0x7ffb2577d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1026 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1027 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1028 start_va = 0x7ffb25ea0000 end_va = 0x7ffb25ef4fff monitored = 0 entry_point = 0x7ffb25eb7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1029 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1030 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1031 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1032 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1033 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1034 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1035 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1036 start_va = 0x7ffb26780000 end_va = 0x7ffb267dbfff monitored = 0 entry_point = 0x7ffb2679b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1037 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1038 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1039 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1040 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1041 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1042 start_va = 0x7ffb284c0000 end_va = 0x7ffb288e8fff monitored = 0 entry_point = 0x7ffb284e8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1043 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1044 start_va = 0x7ffb28a40000 end_va = 0x7ffb28a47fff monitored = 0 entry_point = 0x7ffb28a41ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1045 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1046 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1143 start_va = 0x5d80000 end_va = 0x5e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d80000" filename = "" Region: id = 1144 start_va = 0x6280000 end_va = 0x637ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006280000" filename = "" Region: id = 1145 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 1146 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 1270 start_va = 0x560000 end_va = 0x564fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1624 start_va = 0x560000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1635 start_va = 0x560000 end_va = 0x572fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1637 start_va = 0x560000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1638 start_va = 0x560000 end_va = 0x563fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1639 start_va = 0x560000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1654 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1676 start_va = 0x8400000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008400000" filename = "" Region: id = 1677 start_va = 0x560000 end_va = 0x564fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2034 start_va = 0x86a0000 end_va = 0x879ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000086a0000" filename = "" Region: id = 2071 start_va = 0x98a0000 end_va = 0x999ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000098a0000" filename = "" Region: id = 2072 start_va = 0x99a0000 end_va = 0x9a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099a0000" filename = "" Region: id = 2073 start_va = 0x9aa0000 end_va = 0x9b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009aa0000" filename = "" Region: id = 2080 start_va = 0x560000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2081 start_va = 0x560000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Thread: id = 17 os_tid = 0x7e4 Thread: id = 18 os_tid = 0x2e8 Thread: id = 19 os_tid = 0x4d0 Thread: id = 20 os_tid = 0x12d8 Thread: id = 21 os_tid = 0x12d4 Thread: id = 22 os_tid = 0x129c Thread: id = 23 os_tid = 0x1298 Thread: id = 24 os_tid = 0xfcc Thread: id = 25 os_tid = 0xdd0 Thread: id = 26 os_tid = 0x7f8 Thread: id = 27 os_tid = 0xac8 Thread: id = 28 os_tid = 0xcc4 Thread: id = 29 os_tid = 0x5d8 Thread: id = 30 os_tid = 0x598 Thread: id = 31 os_tid = 0x84 Thread: id = 32 os_tid = 0x66c Thread: id = 33 os_tid = 0x70c Thread: id = 34 os_tid = 0x470 Thread: id = 35 os_tid = 0x33c Thread: id = 36 os_tid = 0x2a0 Thread: id = 37 os_tid = 0xb90 Thread: id = 38 os_tid = 0xb74 Thread: id = 39 os_tid = 0x494 Thread: id = 40 os_tid = 0x4fc Thread: id = 41 os_tid = 0x8 Thread: id = 42 os_tid = 0xb2c Thread: id = 43 os_tid = 0xb70 Thread: id = 44 os_tid = 0x7dc Thread: id = 45 os_tid = 0x8b8 Thread: id = 46 os_tid = 0x864 Thread: id = 47 os_tid = 0x734 Thread: id = 48 os_tid = 0x720 Thread: id = 49 os_tid = 0x71c Thread: id = 50 os_tid = 0xf74 Thread: id = 51 os_tid = 0xc24 Thread: id = 52 os_tid = 0xc44 Thread: id = 53 os_tid = 0xf64 Thread: id = 54 os_tid = 0xf60 Thread: id = 55 os_tid = 0xf58 Thread: id = 56 os_tid = 0xf2c Thread: id = 57 os_tid = 0xf20 Thread: id = 58 os_tid = 0xf1c Thread: id = 59 os_tid = 0xf08 Thread: id = 60 os_tid = 0xef8 Thread: id = 61 os_tid = 0xe88 Thread: id = 62 os_tid = 0xe70 Thread: id = 63 os_tid = 0xe6c Thread: id = 64 os_tid = 0xe64 Thread: id = 65 os_tid = 0xe58 Thread: id = 66 os_tid = 0xe40 Thread: id = 67 os_tid = 0xe00 Thread: id = 68 os_tid = 0xd94 Thread: id = 69 os_tid = 0xb04 Thread: id = 70 os_tid = 0xb48 Thread: id = 71 os_tid = 0xb44 Thread: id = 72 os_tid = 0xb40 Thread: id = 73 os_tid = 0xaec Thread: id = 74 os_tid = 0xae4 Thread: id = 75 os_tid = 0xae0 Thread: id = 76 os_tid = 0xaa8 Thread: id = 77 os_tid = 0xa54 Thread: id = 78 os_tid = 0xa40 Thread: id = 79 os_tid = 0xa28 Thread: id = 80 os_tid = 0xa0c Thread: id = 81 os_tid = 0xa08 Thread: id = 82 os_tid = 0x9ec Thread: id = 83 os_tid = 0x9e4 Thread: id = 84 os_tid = 0x9e0 Thread: id = 85 os_tid = 0x9dc Thread: id = 86 os_tid = 0x9d8 Thread: id = 87 os_tid = 0x9d4 Thread: id = 88 os_tid = 0x950 Thread: id = 89 os_tid = 0x93c Thread: id = 90 os_tid = 0x91c Thread: id = 91 os_tid = 0x830 Thread: id = 92 os_tid = 0x520 Thread: id = 93 os_tid = 0x48c Thread: id = 94 os_tid = 0x630 Thread: id = 95 os_tid = 0x4a8 Thread: id = 96 os_tid = 0x49c Thread: id = 97 os_tid = 0x44c Thread: id = 98 os_tid = 0x434 Thread: id = 99 os_tid = 0x408 Thread: id = 100 os_tid = 0x404 Thread: id = 101 os_tid = 0x2b0 Thread: id = 102 os_tid = 0x294 Thread: id = 103 os_tid = 0x168 Thread: id = 104 os_tid = 0x170 Thread: id = 105 os_tid = 0x288 Thread: id = 106 os_tid = 0x284 Thread: id = 107 os_tid = 0x264 Thread: id = 108 os_tid = 0x274 Thread: id = 109 os_tid = 0x15c Thread: id = 110 os_tid = 0xf4 Thread: id = 127 os_tid = 0x388 Thread: id = 128 os_tid = 0x7bc Thread: id = 129 os_tid = 0xc90 Thread: id = 130 os_tid = 0xbc4 Thread: id = 143 os_tid = 0x101c Thread: id = 148 os_tid = 0x10c0 Thread: id = 151 os_tid = 0x10dc Thread: id = 152 os_tid = 0x10f0 Thread: id = 153 os_tid = 0x10f4 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x56c94000" os_pid = "0xb84" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x278" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xe], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cdd2" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1047 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1048 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1049 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1050 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1051 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1052 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1053 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1054 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1055 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1056 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1057 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1058 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1059 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1060 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1061 start_va = 0x410000 end_va = 0x414fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1062 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1063 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1064 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 1065 start_va = 0x470000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1066 start_va = 0x5f0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1067 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1068 start_va = 0x720000 end_va = 0xa56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1069 start_va = 0xa60000 end_va = 0xbe7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 1070 start_va = 0xbf0000 end_va = 0xd70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 1071 start_va = 0xd80000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 1072 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1073 start_va = 0xf00000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1074 start_va = 0xf80000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 1075 start_va = 0x1000000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1076 start_va = 0x1080000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 1077 start_va = 0x1100000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 1078 start_va = 0x1180000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1079 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1080 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1081 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1082 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1083 start_va = 0x7ff7ef980000 end_va = 0x7ff7ef9fffff monitored = 0 entry_point = 0x7ff7ef995f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1084 start_va = 0x7ffb0c900000 end_va = 0x7ffb0c94cfff monitored = 0 entry_point = 0x7ffb0c90b470 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1085 start_va = 0x7ffb0e6c0000 end_va = 0x7ffb0e6fcfff monitored = 0 entry_point = 0x7ffb0e6cb760 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 1086 start_va = 0x7ffb107c0000 end_va = 0x7ffb107e4fff monitored = 0 entry_point = 0x7ffb107d5dc0 region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 1087 start_va = 0x7ffb10f40000 end_va = 0x7ffb10f55fff monitored = 0 entry_point = 0x7ffb10f455e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1088 start_va = 0x7ffb110b0000 end_va = 0x7ffb110d4fff monitored = 0 entry_point = 0x7ffb110b9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1089 start_va = 0x7ffb110e0000 end_va = 0x7ffb110f3fff monitored = 0 entry_point = 0x7ffb110e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1090 start_va = 0x7ffb11100000 end_va = 0x7ffb111f5fff monitored = 0 entry_point = 0x7ffb11139590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1091 start_va = 0x7ffb11680000 end_va = 0x7ffb11690fff monitored = 0 entry_point = 0x7ffb11682fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1092 start_va = 0x7ffb12f30000 end_va = 0x7ffb12faefff monitored = 0 entry_point = 0x7ffb12f47110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1093 start_va = 0x7ffb1e890000 end_va = 0x7ffb1e8a0fff monitored = 0 entry_point = 0x7ffb1e893320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1094 start_va = 0x7ffb218f0000 end_va = 0x7ffb21953fff monitored = 0 entry_point = 0x7ffb21905ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1095 start_va = 0x7ffb24610000 end_va = 0x7ffb24640fff monitored = 0 entry_point = 0x7ffb24617d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1096 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1097 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1098 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1099 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1100 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1101 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1102 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1103 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1104 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1105 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1106 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1107 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1108 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1109 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1110 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1111 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 111 os_tid = 0xccc Thread: id = 112 os_tid = 0x3e8 Thread: id = 113 os_tid = 0x55c Thread: id = 114 os_tid = 0x698 Thread: id = 115 os_tid = 0xa88 Thread: id = 116 os_tid = 0x7cc Thread: id = 117 os_tid = 0xa7c Thread: id = 118 os_tid = 0x810 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x3842000" os_pid = "0xc6c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x278" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00035854" [0xc000000f] Region: id = 1147 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1148 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1149 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1150 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1151 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1152 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1153 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1154 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1155 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1156 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1157 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1158 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1159 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1160 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1161 start_va = 0x410000 end_va = 0x414fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1162 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1163 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1164 start_va = 0x440000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1165 start_va = 0x5c0000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1166 start_va = 0x700000 end_va = 0x700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1167 start_va = 0x710000 end_va = 0x712fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1168 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1169 start_va = 0x750000 end_va = 0xa86fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1170 start_va = 0xa90000 end_va = 0xc17fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1171 start_va = 0xc20000 end_va = 0xda0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 1172 start_va = 0xdb0000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 1173 start_va = 0xeb0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 1174 start_va = 0xfb0000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 1175 start_va = 0x1030000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1176 start_va = 0x10b0000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 1177 start_va = 0x11b0000 end_va = 0x122ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 1178 start_va = 0x1230000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 1179 start_va = 0x12b0000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 1180 start_va = 0x13b0000 end_va = 0x142ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1181 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1182 start_va = 0x180000000 end_va = 0x180002fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1183 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1184 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1185 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1186 start_va = 0x7ff7ef980000 end_va = 0x7ff7ef9fffff monitored = 0 entry_point = 0x7ff7ef995f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1187 start_va = 0x7ffb0f7a0000 end_va = 0x7ffb0f7adfff monitored = 0 entry_point = 0x7ffb0f7a1da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1188 start_va = 0x7ffb107f0000 end_va = 0x7ffb107fafff monitored = 0 entry_point = 0x7ffb107f12b0 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1189 start_va = 0x7ffb10800000 end_va = 0x7ffb109cefff monitored = 0 entry_point = 0x7ffb10827df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1190 start_va = 0x7ffb10f40000 end_va = 0x7ffb10f55fff monitored = 0 entry_point = 0x7ffb10f455e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1191 start_va = 0x7ffb110b0000 end_va = 0x7ffb110d4fff monitored = 0 entry_point = 0x7ffb110b9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1192 start_va = 0x7ffb110e0000 end_va = 0x7ffb110f3fff monitored = 0 entry_point = 0x7ffb110e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1193 start_va = 0x7ffb11100000 end_va = 0x7ffb111f5fff monitored = 0 entry_point = 0x7ffb11139590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1194 start_va = 0x7ffb12f30000 end_va = 0x7ffb12faefff monitored = 0 entry_point = 0x7ffb12f47110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1195 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1196 start_va = 0x7ffb1a510000 end_va = 0x7ffb1a521fff monitored = 0 entry_point = 0x7ffb1a513580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1197 start_va = 0x7ffb1ac60000 end_va = 0x7ffb1ac85fff monitored = 0 entry_point = 0x7ffb1ac61cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1198 start_va = 0x7ffb1e070000 end_va = 0x7ffb1e085fff monitored = 0 entry_point = 0x7ffb1e071b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1199 start_va = 0x7ffb1e2c0000 end_va = 0x7ffb1e2d3fff monitored = 0 entry_point = 0x7ffb1e2c1310 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1200 start_va = 0x7ffb1e2e0000 end_va = 0x7ffb1e32dfff monitored = 0 entry_point = 0x7ffb1e2f1ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1201 start_va = 0x7ffb1e5f0000 end_va = 0x7ffb1e608fff monitored = 0 entry_point = 0x7ffb1e5f4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1202 start_va = 0x7ffb21330000 end_va = 0x7ffb2136dfff monitored = 0 entry_point = 0x7ffb2133a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1203 start_va = 0x7ffb21430000 end_va = 0x7ffb21439fff monitored = 0 entry_point = 0x7ffb21431660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1204 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1205 start_va = 0x7ffb23b60000 end_va = 0x7ffb23b86fff monitored = 0 entry_point = 0x7ffb23b67940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1206 start_va = 0x7ffb24530000 end_va = 0x7ffb2453bfff monitored = 0 entry_point = 0x7ffb245327e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1207 start_va = 0x7ffb24670000 end_va = 0x7ffb246e9fff monitored = 0 entry_point = 0x7ffb24691a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1208 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1209 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1210 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1211 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1212 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1213 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1214 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1215 start_va = 0x7ffb253a0000 end_va = 0x7ffb253b6fff monitored = 0 entry_point = 0x7ffb253a1390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1216 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1217 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1218 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1219 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1220 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1221 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1222 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1223 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1224 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1225 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1226 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1227 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1228 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1229 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1230 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1231 start_va = 0x540000 end_va = 0x542fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1269 start_va = 0x540000 end_va = 0x541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1271 start_va = 0x550000 end_va = 0x554fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1272 start_va = 0x1430000 end_va = 0x152ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 1273 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1274 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1275 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1276 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1277 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1278 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1279 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1280 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1281 start_va = 0x550000 end_va = 0x569fff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1282 start_va = 0x570000 end_va = 0x575fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1283 start_va = 0x550000 end_va = 0x569fff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1284 start_va = 0x570000 end_va = 0x575fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1285 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1286 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1287 start_va = 0x15f0000 end_va = 0x19eafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015f0000" filename = "" Region: id = 1288 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1289 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1290 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1291 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1292 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1293 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1294 start_va = 0x550000 end_va = 0x578fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1295 start_va = 0x19f0000 end_va = 0x1ad3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1296 start_va = 0x550000 end_va = 0x578fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1297 start_va = 0x19f0000 end_va = 0x1ad3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1298 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1299 start_va = 0x1530000 end_va = 0x15c2fff monitored = 0 entry_point = 0x15a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1300 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1301 start_va = 0x1530000 end_va = 0x15c2fff monitored = 0 entry_point = 0x15a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1302 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1303 start_va = 0x1530000 end_va = 0x15d0fff monitored = 0 entry_point = 0x15c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1304 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1305 start_va = 0x1530000 end_va = 0x15d0fff monitored = 0 entry_point = 0x15c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1306 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1307 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1308 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1309 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1310 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1311 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1312 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1313 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1314 start_va = 0x550000 end_va = 0x55efff monitored = 0 entry_point = 0x5536e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1315 start_va = 0x560000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1316 start_va = 0x550000 end_va = 0x55efff monitored = 0 entry_point = 0x5536e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1317 start_va = 0x560000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1318 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1319 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1320 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1321 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1322 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1323 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1324 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1325 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1326 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1327 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1328 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1329 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1330 start_va = 0x550000 end_va = 0x551fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1331 start_va = 0x19f0000 end_va = 0x1afefff monitored = 0 entry_point = 0x1a2c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1332 start_va = 0x550000 end_va = 0x551fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1333 start_va = 0x19f0000 end_va = 0x1afefff monitored = 0 entry_point = 0x1a2c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1334 start_va = 0x550000 end_va = 0x566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1335 start_va = 0x19f0000 end_va = 0x1c46fff monitored = 0 entry_point = 0x1bfce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1336 start_va = 0x550000 end_va = 0x566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1337 start_va = 0x19f0000 end_va = 0x1c46fff monitored = 0 entry_point = 0x1bfce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1338 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1339 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1340 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1341 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1342 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1343 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1344 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1345 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1346 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1347 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1348 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1349 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1350 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1351 start_va = 0x560000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1352 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1353 start_va = 0x560000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1354 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1355 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1356 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1357 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1358 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1359 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1360 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1361 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1362 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1363 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1364 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1365 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1366 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1367 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1368 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1369 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1370 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1371 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1372 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1373 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1374 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1375 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1376 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1377 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1378 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1379 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1380 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1381 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1382 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1383 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1384 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1385 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1386 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1387 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1388 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1389 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1390 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1391 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1392 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1393 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1394 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1395 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1396 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1397 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1398 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1399 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1400 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1401 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1402 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1403 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1404 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1405 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1406 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1407 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1408 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1409 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1410 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1411 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1412 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1413 start_va = 0x19f0000 end_va = 0x1b0ffff monitored = 0 entry_point = 0x1aec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1414 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1415 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1416 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1417 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1418 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1419 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1420 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1421 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1422 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1423 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1424 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1425 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1426 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1427 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1428 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1429 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1430 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1431 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1432 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1433 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1434 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1435 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1436 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1437 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1438 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1439 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1440 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1441 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1442 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1443 start_va = 0x680000 end_va = 0x6f1fff monitored = 0 entry_point = 0x6d7000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1444 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1445 start_va = 0x680000 end_va = 0x6f1fff monitored = 0 entry_point = 0x6d7000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1446 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1447 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1448 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1449 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1450 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1451 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1452 start_va = 0x550000 end_va = 0x565fff monitored = 0 entry_point = 0x560420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1453 start_va = 0x570000 end_va = 0x572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1454 start_va = 0x550000 end_va = 0x569fff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1455 start_va = 0x570000 end_va = 0x575fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1456 start_va = 0x550000 end_va = 0x569fff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1457 start_va = 0x570000 end_va = 0x575fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1458 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1459 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1460 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1461 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1462 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1463 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1464 start_va = 0x550000 end_va = 0x57afff monitored = 0 entry_point = 0x56d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1465 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1466 start_va = 0x550000 end_va = 0x578fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1467 start_va = 0x19f0000 end_va = 0x1ad3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1468 start_va = 0x550000 end_va = 0x578fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1469 start_va = 0x19f0000 end_va = 0x1ad3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1470 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1471 start_va = 0x1530000 end_va = 0x15c2fff monitored = 0 entry_point = 0x15a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1472 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1473 start_va = 0x1530000 end_va = 0x15c2fff monitored = 0 entry_point = 0x15a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1474 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1475 start_va = 0x1530000 end_va = 0x15d0fff monitored = 0 entry_point = 0x15c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1476 start_va = 0x550000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1477 start_va = 0x1530000 end_va = 0x15d0fff monitored = 0 entry_point = 0x15c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1478 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1479 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1480 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1481 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1482 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1483 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1484 start_va = 0x550000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1485 start_va = 0x1530000 end_va = 0x15b5fff monitored = 0 entry_point = 0x15a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1486 start_va = 0x550000 end_va = 0x55efff monitored = 0 entry_point = 0x5536e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1487 start_va = 0x560000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1488 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1489 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1490 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1491 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1492 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1493 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1494 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1495 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1496 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1497 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1498 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1499 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1500 start_va = 0x550000 end_va = 0x56afff monitored = 1 entry_point = 0x551190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1501 start_va = 0x570000 end_va = 0x57bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1502 start_va = 0x550000 end_va = 0x551fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1503 start_va = 0x19f0000 end_va = 0x1afefff monitored = 0 entry_point = 0x1a2c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1504 start_va = 0x550000 end_va = 0x551fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1505 start_va = 0x19f0000 end_va = 0x1afefff monitored = 0 entry_point = 0x1a2c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1506 start_va = 0x550000 end_va = 0x566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1507 start_va = 0x19f0000 end_va = 0x1c46fff monitored = 0 entry_point = 0x1bfce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1508 start_va = 0x550000 end_va = 0x566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1509 start_va = 0x19f0000 end_va = 0x1c46fff monitored = 0 entry_point = 0x1bfce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1510 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1511 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1512 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1513 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1514 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1515 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1516 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1517 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1518 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1519 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1520 start_va = 0x550000 end_va = 0x559fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1521 start_va = 0x19f0000 end_va = 0x1b00fff monitored = 0 entry_point = 0x1ae1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1522 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1523 start_va = 0x560000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1524 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1525 start_va = 0x560000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1526 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1527 start_va = 0x560000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1528 start_va = 0x19f0000 end_va = 0x1beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 1529 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1530 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1531 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1532 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1533 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1534 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1535 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1536 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1537 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1538 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1539 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1540 start_va = 0x1530000 end_va = 0x15defff monitored = 0 entry_point = 0x15a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1541 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1542 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1543 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1544 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1545 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1546 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1547 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1548 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1549 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1550 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1551 start_va = 0x550000 end_va = 0x5b0fff monitored = 0 entry_point = 0x560770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1552 start_va = 0x680000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1553 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1554 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1555 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1556 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1557 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1558 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1559 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1560 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1561 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1562 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1563 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1564 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1565 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1566 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1567 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1568 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1569 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1570 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1571 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1572 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1573 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1574 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1575 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1576 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1577 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1578 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1579 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1580 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1581 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1582 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1583 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1584 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1585 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1586 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1587 start_va = 0x550000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1588 start_va = 0x1bf0000 end_va = 0x1d0ffff monitored = 0 entry_point = 0x1cec040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1589 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1590 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1591 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1592 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1593 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1594 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1595 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1596 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1597 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1598 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1599 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1600 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1601 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1602 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1603 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1604 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1605 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1606 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1607 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1608 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1609 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1610 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1611 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1612 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1613 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1614 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1615 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1616 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1617 start_va = 0x550000 end_va = 0x552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1618 start_va = 0x560000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1619 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1620 start_va = 0x680000 end_va = 0x6f1fff monitored = 0 entry_point = 0x6d7000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1621 start_va = 0x550000 end_va = 0x55ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1622 start_va = 0x680000 end_va = 0x6f1fff monitored = 0 entry_point = 0x6d7000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1623 start_va = 0x7ffb1e0b0000 end_va = 0x7ffb1e0bdfff monitored = 0 entry_point = 0x7ffb1e0b2b10 region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 1629 start_va = 0x550000 end_va = 0x552fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1630 start_va = 0x7ffb1dd60000 end_va = 0x7ffb1dd97fff monitored = 0 entry_point = 0x7ffb1dd78cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1631 start_va = 0x7ffb28a40000 end_va = 0x7ffb28a47fff monitored = 0 entry_point = 0x7ffb28a41ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1632 start_va = 0x1530000 end_va = 0x15affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001530000" filename = "" Region: id = 1633 start_va = 0x7ffb1dd40000 end_va = 0x7ffb1dd55fff monitored = 0 entry_point = 0x7ffb1dd419f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1634 start_va = 0x7ffb1dd20000 end_va = 0x7ffb1dd39fff monitored = 0 entry_point = 0x7ffb1dd22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1636 start_va = 0x7ffb23b90000 end_va = 0x7ffb23c39fff monitored = 0 entry_point = 0x7ffb23bb7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Thread: id = 119 os_tid = 0x12b0 Thread: id = 120 os_tid = 0xe68 Thread: id = 121 os_tid = 0xe4c Thread: id = 122 os_tid = 0xe30 Thread: id = 123 os_tid = 0xc88 Thread: id = 124 os_tid = 0xc84 Thread: id = 125 os_tid = 0xc7c Thread: id = 126 os_tid = 0xc70 Thread: id = 135 os_tid = 0x1248