# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 27.09.2021 09:18:02.334 Process: id = "1" image_name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" page_root = "0x40330000" os_pid = "0xed4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x45c" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 117 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 118 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 119 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 120 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 121 start_va = 0x90000 end_va = 0x93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0xa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x150000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 124 start_va = 0xf60000 end_va = 0x103bfff monitored = 1 entry_point = 0x101fade region_type = mapped_file name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe") Region: id = 125 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 126 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 127 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 128 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 129 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 130 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 131 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 132 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 133 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 272 start_va = 0x2e0000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 273 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 274 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 275 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 276 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 277 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 279 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 280 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 281 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 282 start_va = 0x360000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 283 start_va = 0x752a0000 end_va = 0x752e9fff monitored = 1 entry_point = 0x752a2e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 284 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 285 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 286 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 287 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 288 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 289 start_va = 0xb0000 end_va = 0x116fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 290 start_va = 0x4f0000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 291 start_va = 0x4f0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 292 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 293 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 294 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 295 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 296 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 297 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 298 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 299 start_va = 0x250000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 300 start_va = 0x75210000 end_va = 0x7529cfff monitored = 1 entry_point = 0x75222860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 301 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 302 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 303 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 304 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 305 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 306 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 307 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 308 start_va = 0x640000 end_va = 0x7c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 309 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 310 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 311 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 312 start_va = 0x7d0000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 313 start_va = 0x1040000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 314 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 315 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 316 start_va = 0x4f0000 end_va = 0x5c7fff monitored = 1 entry_point = 0x5afade region_type = mapped_file name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe") Region: id = 317 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 318 start_va = 0x4f0000 end_va = 0x5c7fff monitored = 1 entry_point = 0x5afade region_type = mapped_file name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe") Region: id = 319 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 320 start_va = 0x720f0000 end_va = 0x7289efff monitored = 1 entry_point = 0x7210d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 321 start_va = 0x71940000 end_va = 0x720eefff monitored = 1 entry_point = 0x7195d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 322 start_va = 0x720f0000 end_va = 0x7289efff monitored = 1 entry_point = 0x7210d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 323 start_va = 0x751f0000 end_va = 0x75203fff monitored = 0 entry_point = 0x751fac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 324 start_va = 0x72c00000 end_va = 0x72caafff monitored = 0 entry_point = 0x72c95f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 325 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 326 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 327 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 328 start_va = 0x250000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 329 start_va = 0x2d0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 330 start_va = 0x260000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 331 start_va = 0x270000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 332 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 333 start_va = 0x290000 end_va = 0x290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 334 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 335 start_va = 0x4f0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 336 start_va = 0x960000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 337 start_va = 0x9a0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 338 start_va = 0x9f0000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 339 start_va = 0xa90000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 340 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 341 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 342 start_va = 0x2440000 end_va = 0x443ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 343 start_va = 0xb90000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 344 start_va = 0xcd0000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 345 start_va = 0xe30000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 346 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 347 start_va = 0xd60000 end_va = 0xd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 348 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 349 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 350 start_va = 0x4600000 end_va = 0x48cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 351 start_va = 0x70ce0000 end_va = 0x720eafff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 352 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 353 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 354 start_va = 0xc30000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 355 start_va = 0x48d0000 end_va = 0x49aefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048d0000" filename = "" Region: id = 356 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 357 start_va = 0x2c0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 358 start_va = 0x751e0000 end_va = 0x751e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 359 start_va = 0x72b70000 end_va = 0x72bf8fff monitored = 1 entry_point = 0x72b71130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 360 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 361 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 362 start_va = 0x3f0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 363 start_va = 0x70280000 end_va = 0x70cd4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 364 start_va = 0x700d0000 end_va = 0x70272fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 365 start_va = 0x6f260000 end_va = 0x700c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 366 start_va = 0x6ecb0000 end_va = 0x6f253fff monitored = 1 entry_point = 0x6f23b692 region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 367 start_va = 0x370000 end_va = 0x371fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 368 start_va = 0x6ea40000 end_va = 0x6f257fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 369 start_va = 0x72a60000 end_va = 0x72b64fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 370 start_va = 0x6e2c0000 end_va = 0x6ea33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 371 start_va = 0x72a40000 end_va = 0x72a52fff monitored = 1 entry_point = 0x72a4d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 372 start_va = 0x49b0000 end_va = 0x4c81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 373 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 374 start_va = 0x380000 end_va = 0x380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 375 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 376 start_va = 0x4c90000 end_va = 0x4e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 377 start_va = 0x72a20000 end_va = 0x72a36fff monitored = 0 entry_point = 0x72a235fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 378 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 379 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 380 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 381 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 382 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 383 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 384 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 385 start_va = 0xda0000 end_va = 0xe21fff monitored = 0 entry_point = 0xda19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 386 start_va = 0xda0000 end_va = 0xe21fff monitored = 0 entry_point = 0xda19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 387 start_va = 0x6e230000 end_va = 0x6e2b3fff monitored = 0 entry_point = 0x6e2319a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 388 start_va = 0x4c90000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 389 start_va = 0x4e60000 end_va = 0x4e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 390 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 391 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 392 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 393 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 394 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 395 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 396 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 397 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 398 start_va = 0x560000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 399 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 400 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 401 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 402 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 403 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 404 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 405 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 406 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 407 start_va = 0x6e0a0000 end_va = 0x6e22ffff monitored = 0 entry_point = 0x6e13d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 408 start_va = 0x4c90000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 409 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 410 start_va = 0xa50000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 411 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 412 start_va = 0x72a10000 end_va = 0x72a14fff monitored = 0 entry_point = 0x72a111d0 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 413 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 414 start_va = 0x390000 end_va = 0x392fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 415 start_va = 0x3a0000 end_va = 0x3a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 416 start_va = 0x3a0000 end_va = 0x3a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 417 start_va = 0x4440000 end_va = 0x44fcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 418 start_va = 0x4440000 end_va = 0x44fcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 419 start_va = 0x4c90000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 420 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 421 start_va = 0xda0000 end_va = 0xe27fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 422 start_va = 0xda0000 end_va = 0xe27fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 423 start_va = 0x4440000 end_va = 0x44f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 424 start_va = 0x4440000 end_va = 0x44f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 425 start_va = 0xda0000 end_va = 0xe29fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbi.ttf" filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf") Region: id = 426 start_va = 0xda0000 end_va = 0xe29fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbi.ttf" filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf") Region: id = 427 start_va = 0x5000000 end_va = 0x5f82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 428 start_va = 0x5000000 end_va = 0x5f82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 429 start_va = 0x5000000 end_va = 0x5f82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 430 start_va = 0x5f90000 end_va = 0x618ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f90000" filename = "" Region: id = 431 start_va = 0x5000000 end_va = 0x5f82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 432 start_va = 0x5000000 end_va = 0x5f82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 433 start_va = 0x4440000 end_va = 0x44edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 434 start_va = 0x4440000 end_va = 0x44edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 435 start_va = 0x4440000 end_va = 0x44d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "couri.ttf" filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf") Region: id = 436 start_va = 0x4440000 end_va = 0x44d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "couri.ttf" filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf") Region: id = 437 start_va = 0x4440000 end_va = 0x44edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbd.ttf" filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf") Region: id = 438 start_va = 0x4440000 end_va = 0x44edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbd.ttf" filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf") Region: id = 439 start_va = 0xda0000 end_va = 0xe21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbi.ttf" filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf") Region: id = 440 start_va = 0xda0000 end_va = 0xe21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbi.ttf" filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf") Region: id = 441 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "daunpenh.ttf" filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf") Region: id = 442 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "daunpenh.ttf" filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf") Region: id = 443 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dokchamp.ttf" filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf") Region: id = 444 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dokchamp.ttf" filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf") Region: id = 445 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "estre.ttf" filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf") Region: id = 446 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "estre.ttf" filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf") Region: id = 447 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "euphemia.ttf" filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf") Region: id = 448 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "euphemia.ttf" filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf") Region: id = 449 start_va = 0x3a0000 end_va = 0x3defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautami.ttf" filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf") Region: id = 450 start_va = 0x3a0000 end_va = 0x3defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautami.ttf" filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf") Region: id = 451 start_va = 0x3a0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautamib.ttf" filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf") Region: id = 452 start_va = 0x3a0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautamib.ttf" filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf") Region: id = 453 start_va = 0x4f0000 end_va = 0x54efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vani.ttf" filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf") Region: id = 454 start_va = 0x4f0000 end_va = 0x54efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vani.ttf" filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf") Region: id = 455 start_va = 0x4f0000 end_va = 0x54afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vanib.ttf" filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf") Region: id = 456 start_va = 0x4f0000 end_va = 0x54afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vanib.ttf" filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf") Region: id = 457 start_va = 0x5000000 end_va = 0x5ce5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 458 start_va = 0x5000000 end_va = 0x5ce5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 459 start_va = 0x5000000 end_va = 0x5ce5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 460 start_va = 0x5000000 end_va = 0x5ce5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 461 start_va = 0x6190000 end_va = 0x658ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006190000" filename = "" Region: id = 462 start_va = 0x5000000 end_va = 0x5ce5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 463 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "impact.ttf" filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf") Region: id = 464 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "impact.ttf" filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf") Region: id = 465 start_va = 0xda0000 end_va = 0xe25fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpota.ttf" filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf") Region: id = 466 start_va = 0xda0000 end_va = 0xe25fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpota.ttf" filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf") Region: id = 467 start_va = 0x4f0000 end_va = 0x54afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpotab.ttf" filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf") Region: id = 468 start_va = 0x4f0000 end_va = 0x54afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpotab.ttf" filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf") Region: id = 469 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalinga.ttf" filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf") Region: id = 470 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalinga.ttf" filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf") Region: id = 471 start_va = 0x3a0000 end_va = 0x3d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalingab.ttf" filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf") Region: id = 472 start_va = 0x3a0000 end_va = 0x3d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalingab.ttf" filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf") Region: id = 473 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartika.ttf" filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf") Region: id = 474 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartika.ttf" filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf") Region: id = 475 start_va = 0x3a0000 end_va = 0x3befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartikab.ttf" filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf") Region: id = 476 start_va = 0x3a0000 end_va = 0x3befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartikab.ttf" filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf") Region: id = 477 start_va = 0x4f0000 end_va = 0x540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmerui.ttf" filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf") Region: id = 478 start_va = 0x4f0000 end_va = 0x540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmerui.ttf" filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf") Region: id = 479 start_va = 0x3a0000 end_va = 0x3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmeruib.ttf" filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf") Region: id = 480 start_va = 0x3a0000 end_va = 0x3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmeruib.ttf" filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf") Region: id = 481 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laoui.ttf" filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf") Region: id = 482 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laoui.ttf" filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf") Region: id = 483 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laouib.ttf" filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf") Region: id = 484 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laouib.ttf" filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf") Region: id = 485 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latha.ttf" filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf") Region: id = 486 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latha.ttf" filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf") Region: id = 487 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lathab.ttf" filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf") Region: id = 488 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lathab.ttf" filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf") Region: id = 489 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lucon.ttf" filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf") Region: id = 490 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lucon.ttf" filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf") Region: id = 491 start_va = 0x5000000 end_va = 0x5422fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 492 start_va = 0x5000000 end_va = 0x5422fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 493 start_va = 0x5000000 end_va = 0x544efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunbd.ttf" filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf") Region: id = 494 start_va = 0x5000000 end_va = 0x544efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunbd.ttf" filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf") Region: id = 495 start_va = 0x3a0000 end_va = 0x3d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangal.ttf" filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf") Region: id = 496 start_va = 0x3a0000 end_va = 0x3d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangal.ttf" filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf") Region: id = 497 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangalb.ttf" filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf") Region: id = 498 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangalb.ttf" filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf") Region: id = 499 start_va = 0x5000000 end_va = 0x5917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 500 start_va = 0x5000000 end_va = 0x5917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 501 start_va = 0x5000000 end_va = 0x5917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 502 start_va = 0x5000000 end_va = 0x5917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 503 start_va = 0x5000000 end_va = 0x5917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 504 start_va = 0x5000000 end_va = 0x594cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 505 start_va = 0x5000000 end_va = 0x594cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 506 start_va = 0x5000000 end_va = 0x594cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 507 start_va = 0x5000000 end_va = 0x594cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 508 start_va = 0x5000000 end_va = 0x594cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 509 start_va = 0x6590000 end_va = 0x6d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006590000" filename = "" Region: id = 510 start_va = 0x4440000 end_va = 0x44d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "himalaya.ttf" filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf") Region: id = 511 start_va = 0x4440000 end_va = 0x44d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "himalaya.ttf" filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf") Region: id = 512 start_va = 0x6d90000 end_va = 0x8238fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 513 start_va = 0x6d90000 end_va = 0x8238fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 514 start_va = 0x5000000 end_va = 0x5dd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttf" filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf") Region: id = 515 start_va = 0x5000000 end_va = 0x5dd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttf" filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf") Region: id = 516 start_va = 0x6d90000 end_va = 0x8252fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 517 start_va = 0x6d90000 end_va = 0x8252fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 518 start_va = 0x5000000 end_va = 0x5dedfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttf" filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf") Region: id = 519 start_va = 0x5000000 end_va = 0x5dedfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttf" filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf") Region: id = 520 start_va = 0x6d90000 end_va = 0x8c49fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 521 start_va = 0x6d90000 end_va = 0x8c49fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 522 start_va = 0x6d90000 end_va = 0x8c49fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 523 start_va = 0x6d90000 end_va = 0x8c49fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 524 start_va = 0x6d90000 end_va = 0x8dcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 525 start_va = 0x6d90000 end_va = 0x8dcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 526 start_va = 0x6d90000 end_va = 0x8dcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 527 start_va = 0x6d90000 end_va = 0x8dcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 528 start_va = 0x4f0000 end_va = 0x547fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "monbaiti.ttf" filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf") Region: id = 529 start_va = 0x4f0000 end_va = 0x547fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "monbaiti.ttf" filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf") Region: id = 530 start_va = 0x5000000 end_va = 0x58c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 531 start_va = 0x5000000 end_va = 0x58c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 532 start_va = 0x5000000 end_va = 0x58c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 533 start_va = 0x5000000 end_va = 0x58c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 534 start_va = 0x5000000 end_va = 0x5997fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 535 start_va = 0x5000000 end_va = 0x5997fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 536 start_va = 0x5000000 end_va = 0x5997fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 537 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mvboli.ttf" filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf") Region: id = 538 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mvboli.ttf" filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf") Region: id = 539 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailu.ttf" filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf") Region: id = 540 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailu.ttf" filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf") Region: id = 541 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailub.ttf" filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf") Region: id = 542 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailub.ttf" filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf") Region: id = 543 start_va = 0x4f0000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nyala.ttf" filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf") Region: id = 544 start_va = 0x4f0000 end_va = 0x55afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nyala.ttf" filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf") Region: id = 545 start_va = 0x3a0000 end_va = 0x3c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspa.ttf" filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf") Region: id = 546 start_va = 0x3a0000 end_va = 0x3c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspa.ttf" filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf") Region: id = 547 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspab.ttf" filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf") Region: id = 548 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspab.ttf" filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf") Region: id = 549 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "plantc.ttf" filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf") Region: id = 550 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "plantc.ttf" filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf") Region: id = 551 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavi.ttf" filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf") Region: id = 552 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavi.ttf" filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf") Region: id = 553 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavib.ttf" filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf") Region: id = 554 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavib.ttf" filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf") Region: id = 555 start_va = 0x4440000 end_va = 0x44d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoesc.ttf" filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf") Region: id = 556 start_va = 0x4440000 end_va = 0x44d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoesc.ttf" filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf") Region: id = 557 start_va = 0x4440000 end_va = 0x44d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoescb.ttf" filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf") Region: id = 558 start_va = 0x4440000 end_va = 0x44d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoescb.ttf" filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf") Region: id = 559 start_va = 0xda0000 end_va = 0xe1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 560 start_va = 0xda0000 end_va = 0xe1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 561 start_va = 0xda0000 end_va = 0xe19fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 562 start_va = 0xda0000 end_va = 0xe19fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 563 start_va = 0x4f0000 end_va = 0x54efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuii.ttf" filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf") Region: id = 564 start_va = 0x4f0000 end_va = 0x54efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuii.ttf" filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf") Region: id = 565 start_va = 0x4f0000 end_va = 0x551fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuiz.ttf" filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf") Region: id = 566 start_va = 0x4f0000 end_va = 0x551fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuiz.ttf" filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf") Region: id = 567 start_va = 0x4f0000 end_va = 0x553fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 568 start_va = 0x4f0000 end_va = 0x553fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 569 start_va = 0x4f0000 end_va = 0x540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 570 start_va = 0x4f0000 end_va = 0x540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 571 start_va = 0xda0000 end_va = 0xe1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisym.ttf" filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf") Region: id = 572 start_va = 0xda0000 end_va = 0xe1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisym.ttf" filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf") Region: id = 573 start_va = 0x3a0000 end_va = 0x3e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shruti.ttf" filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf") Region: id = 574 start_va = 0x3a0000 end_va = 0x3e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shruti.ttf" filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf") Region: id = 575 start_va = 0x3a0000 end_va = 0x3d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shrutib.ttf" filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf") Region: id = 576 start_va = 0x3a0000 end_va = 0x3d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shrutib.ttf" filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf") Region: id = 577 start_va = 0x5000000 end_va = 0x5e9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 578 start_va = 0x5000000 end_va = 0x5e9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 579 start_va = 0x5000000 end_va = 0x5e9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 580 start_va = 0x5000000 end_va = 0x5eb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsunb.ttf" filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf") Region: id = 581 start_va = 0x5000000 end_va = 0x5eb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsunb.ttf" filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf") Region: id = 582 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sylfaen.ttf" filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf") Region: id = 583 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sylfaen.ttf" filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf") Region: id = 584 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taile.ttf" filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf") Region: id = 585 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taile.ttf" filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf") Region: id = 586 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taileb.ttf" filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf") Region: id = 587 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taileb.ttf" filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf") Region: id = 588 start_va = 0x5000000 end_va = 0x50cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 589 start_va = 0x5000000 end_va = 0x50cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 590 start_va = 0x4440000 end_va = 0x44e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesi.ttf" filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf") Region: id = 591 start_va = 0x4440000 end_va = 0x44e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesi.ttf" filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf") Region: id = 592 start_va = 0x5000000 end_va = 0x50cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 593 start_va = 0x5000000 end_va = 0x50cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 594 start_va = 0x4440000 end_va = 0x44d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbi.ttf" filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf") Region: id = 595 start_va = 0x4440000 end_va = 0x44d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbi.ttf" filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf") Region: id = 596 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tunga.ttf" filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf") Region: id = 597 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tunga.ttf" filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf") Region: id = 598 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tungab.ttf" filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf") Region: id = 599 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tungab.ttf" filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf") Region: id = 600 start_va = 0x3a0000 end_va = 0x3dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrinda.ttf" filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf") Region: id = 601 start_va = 0x3a0000 end_va = 0x3dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrinda.ttf" filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf") Region: id = 602 start_va = 0x3a0000 end_va = 0x3defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrindab.ttf" filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf") Region: id = 603 start_va = 0x3a0000 end_va = 0x3defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrindab.ttf" filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf") Region: id = 604 start_va = 0x4f0000 end_va = 0x543fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonar.ttf" filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf") Region: id = 605 start_va = 0x4f0000 end_va = 0x543fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonar.ttf" filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf") Region: id = 606 start_va = 0x3a0000 end_va = 0x3e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonarb.ttf" filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf") Region: id = 607 start_va = 0x3a0000 end_va = 0x3e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonarb.ttf" filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf") Region: id = 608 start_va = 0x4f0000 end_va = 0x543fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyi.ttf" filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf") Region: id = 609 start_va = 0x4f0000 end_va = 0x543fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyi.ttf" filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf") Region: id = 610 start_va = 0x4440000 end_va = 0x44eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 611 start_va = 0x4440000 end_va = 0x44eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 612 start_va = 0x4440000 end_va = 0x44defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahomabd.ttf" filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf") Region: id = 613 start_va = 0x4440000 end_va = 0x44defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahomabd.ttf" filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf") Region: id = 614 start_va = 0x4440000 end_va = 0x44dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 615 start_va = 0x4440000 end_va = 0x44dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 616 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsa.ttf" filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf") Region: id = 617 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsa.ttf" filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf") Region: id = 618 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsai.ttf" filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf") Region: id = 619 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsai.ttf" filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf") Region: id = 620 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsab.ttf" filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf") Region: id = 621 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsab.ttf" filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf") Region: id = 622 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaz.ttf" filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf") Region: id = 623 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaz.ttf" filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf") Region: id = 624 start_va = 0x3a0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaj.ttf" filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf") Region: id = 625 start_va = 0x3a0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaj.ttf" filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf") Region: id = 626 start_va = 0x3a0000 end_va = 0x3d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajb.ttf" filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf") Region: id = 627 start_va = 0x3a0000 end_va = 0x3d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajb.ttf" filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf") Region: id = 628 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajbi.ttf" filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf") Region: id = 629 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajbi.ttf" filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf") Region: id = 630 start_va = 0x3a0000 end_va = 0x3dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaji.ttf" filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf") Region: id = 631 start_va = 0x3a0000 end_va = 0x3dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaji.ttf" filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf") Region: id = 632 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordia.ttf" filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf") Region: id = 633 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordia.ttf" filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf") Region: id = 634 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiai.ttf" filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf") Region: id = 635 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiai.ttf" filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf") Region: id = 636 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiab.ttf" filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf") Region: id = 637 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiab.ttf" filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf") Region: id = 638 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaz.ttf" filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf") Region: id = 639 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaz.ttf" filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf") Region: id = 640 start_va = 0x3a0000 end_va = 0x3eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrima.ttf" filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf") Region: id = 641 start_va = 0x3a0000 end_va = 0x3eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrima.ttf" filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf") Region: id = 642 start_va = 0x3a0000 end_va = 0x3e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrimabd.ttf" filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf") Region: id = 643 start_va = 0x3a0000 end_va = 0x3e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrimabd.ttf" filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf") Region: id = 644 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gisha.ttf" filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf") Region: id = 645 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gisha.ttf" filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf") Region: id = 646 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gishabd.ttf" filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf") Region: id = 647 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gishabd.ttf" filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf") Region: id = 648 start_va = 0x3a0000 end_va = 0x3d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokila.ttf" filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf") Region: id = 649 start_va = 0x3a0000 end_va = 0x3d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokila.ttf" filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf") Region: id = 650 start_va = 0x3a0000 end_va = 0x3d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilab.ttf" filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf") Region: id = 651 start_va = 0x3a0000 end_va = 0x3d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilab.ttf" filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf") Region: id = 652 start_va = 0x3a0000 end_va = 0x3d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilabi.ttf" filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf") Region: id = 653 start_va = 0x3a0000 end_va = 0x3d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilabi.ttf" filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf") Region: id = 654 start_va = 0x3a0000 end_va = 0x3dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilai.ttf" filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf") Region: id = 655 start_va = 0x3a0000 end_va = 0x3dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilai.ttf" filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf") Region: id = 656 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawad.ttf" filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf") Region: id = 657 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawad.ttf" filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf") Region: id = 658 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawdb.ttf" filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf") Region: id = 659 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawdb.ttf" filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf") Region: id = 660 start_va = 0x3a0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighur.ttf" filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf") Region: id = 661 start_va = 0x3a0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighur.ttf" filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf") Region: id = 662 start_va = 0x4f0000 end_va = 0x543fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "moolbor.ttf" filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf") Region: id = 663 start_va = 0x4f0000 end_va = 0x543fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "moolbor.ttf" filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf") Region: id = 664 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 665 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 666 start_va = 0x3a0000 end_va = 0x3d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaah.ttf" filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf") Region: id = 667 start_va = 0x3a0000 end_va = 0x3d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaah.ttf" filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf") Region: id = 668 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahb.ttf" filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf") Region: id = 669 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahb.ttf" filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf") Region: id = 670 start_va = 0x3a0000 end_va = 0x3d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahbi.ttf" filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf") Region: id = 671 start_va = 0x3a0000 end_va = 0x3d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahbi.ttf" filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf") Region: id = 672 start_va = 0x3a0000 end_va = 0x3dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahi.ttf" filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf") Region: id = 673 start_va = 0x3a0000 end_va = 0x3dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahi.ttf" filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf") Region: id = 674 start_va = 0x3a0000 end_va = 0x3c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijaya.ttf" filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf") Region: id = 675 start_va = 0x3a0000 end_va = 0x3c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijaya.ttf" filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf") Region: id = 676 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijayab.ttf" filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf") Region: id = 677 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijayab.ttf" filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf") Region: id = 678 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingding.ttf" filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf") Region: id = 679 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingding.ttf" filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf") Region: id = 680 start_va = 0x3a0000 end_va = 0x3a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "modern.fon" filename = "\\Windows\\Fonts\\modern.fon" (normalized: "c:\\windows\\fonts\\modern.fon") Region: id = 681 start_va = 0x3a0000 end_va = 0x3a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roman.fon" filename = "\\Windows\\Fonts\\roman.fon" (normalized: "c:\\windows\\fonts\\roman.fon") Region: id = 682 start_va = 0x3a0000 end_va = 0x3a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "script.fon" filename = "\\Windows\\Fonts\\script.fon" (normalized: "c:\\windows\\fonts\\script.fon") Region: id = 683 start_va = 0x3a0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "andlso.ttf" filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf") Region: id = 684 start_va = 0x3a0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "andlso.ttf" filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf") Region: id = 685 start_va = 0x4440000 end_va = 0x44d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arabtype.ttf" filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf") Region: id = 686 start_va = 0x4440000 end_va = 0x44d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arabtype.ttf" filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf") Region: id = 687 start_va = 0x3a0000 end_va = 0x3befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpo.ttf" filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf") Region: id = 688 start_va = 0x3a0000 end_va = 0x3befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpo.ttf" filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf") Region: id = 689 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpbdo.ttf" filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf") Region: id = 690 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpbdo.ttf" filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf") Region: id = 691 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpfxo.ttf" filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf") Region: id = 692 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpfxo.ttf" filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf") Region: id = 693 start_va = 0x4f0000 end_va = 0x54afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majalla.ttf" filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf") Region: id = 694 start_va = 0x4f0000 end_va = 0x54afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majalla.ttf" filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf") Region: id = 695 start_va = 0x4f0000 end_va = 0x54bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majallab.ttf" filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf") Region: id = 696 start_va = 0x4f0000 end_va = 0x54bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majallab.ttf" filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf") Region: id = 697 start_va = 0x3a0000 end_va = 0x3cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trado.ttf" filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf") Region: id = 698 start_va = 0x3a0000 end_va = 0x3cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trado.ttf" filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf") Region: id = 699 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tradbdo.ttf" filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf") Region: id = 700 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tradbdo.ttf" filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf") Region: id = 701 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ahronbd.ttf" filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf") Region: id = 702 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ahronbd.ttf" filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf") Region: id = 703 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "david.ttf" filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf") Region: id = 704 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "david.ttf" filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf") Region: id = 705 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "davidbd.ttf" filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf") Region: id = 706 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "davidbd.ttf" filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf") Region: id = 707 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frank.ttf" filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf") Region: id = 708 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frank.ttf" filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf") Region: id = 709 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnm.ttf" filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf") Region: id = 710 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnm.ttf" filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf") Region: id = 711 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnmbd.ttf" filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf") Region: id = 712 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnmbd.ttf" filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf") Region: id = 713 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriam.ttf" filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf") Region: id = 714 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriam.ttf" filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf") Region: id = 715 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriamc.ttf" filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf") Region: id = 716 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriamc.ttf" filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf") Region: id = 717 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nrkis.ttf" filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf") Region: id = 718 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nrkis.ttf" filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf") Region: id = 719 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rod.ttf" filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf") Region: id = 720 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rod.ttf" filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf") Region: id = 721 start_va = 0x5000000 end_va = 0x5a16fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simfang.ttf" filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf") Region: id = 722 start_va = 0x5000000 end_va = 0x5a16fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simfang.ttf" filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf") Region: id = 723 start_va = 0x5000000 end_va = 0x594cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simhei.ttf" filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf") Region: id = 724 start_va = 0x5000000 end_va = 0x594cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simhei.ttf" filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf") Region: id = 725 start_va = 0x6d90000 end_va = 0x7d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d90000" filename = "" Region: id = 726 start_va = 0x5000000 end_va = 0x5b3dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simkai.ttf" filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf") Region: id = 727 start_va = 0x5000000 end_va = 0x5b3dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simkai.ttf" filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf") Region: id = 728 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsau.ttf" filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf") Region: id = 729 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsau.ttf" filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf") Region: id = 730 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaui.ttf" filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf") Region: id = 731 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaui.ttf" filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf") Region: id = 732 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaub.ttf" filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf") Region: id = 733 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaub.ttf" filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf") Region: id = 734 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsauz.ttf" filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf") Region: id = 735 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsauz.ttf" filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf") Region: id = 736 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browa.ttf" filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf") Region: id = 737 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browa.ttf" filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf") Region: id = 738 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browai.ttf" filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf") Region: id = 739 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browai.ttf" filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf") Region: id = 740 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browab.ttf" filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf") Region: id = 741 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browab.ttf" filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf") Region: id = 742 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaz.ttf" filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf") Region: id = 743 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaz.ttf" filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf") Region: id = 744 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browau.ttf" filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf") Region: id = 745 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browau.ttf" filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf") Region: id = 746 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaui.ttf" filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf") Region: id = 747 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaui.ttf" filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf") Region: id = 748 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaub.ttf" filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf") Region: id = 749 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaub.ttf" filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf") Region: id = 750 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browauz.ttf" filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf") Region: id = 751 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browauz.ttf" filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf") Region: id = 752 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiau.ttf" filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf") Region: id = 753 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiau.ttf" filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf") Region: id = 754 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaub.ttf" filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf") Region: id = 755 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaub.ttf" filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf") Region: id = 756 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiauz.ttf" filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf") Region: id = 757 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiauz.ttf" filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf") Region: id = 758 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaui.ttf" filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf") Region: id = 759 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaui.ttf" filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf") Region: id = 760 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdl.ttf" filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf") Region: id = 761 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdl.ttf" filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf") Region: id = 762 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdi.ttf" filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf") Region: id = 763 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdi.ttf" filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf") Region: id = 764 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdb.ttf" filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf") Region: id = 765 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdb.ttf" filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf") Region: id = 766 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdbi.ttf" filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf") Region: id = 767 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdbi.ttf" filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf") Region: id = 768 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcel.ttf" filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf") Region: id = 769 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcel.ttf" filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf") Region: id = 770 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcei.ttf" filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf") Region: id = 771 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcei.ttf" filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf") Region: id = 772 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upceb.ttf" filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf") Region: id = 773 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upceb.ttf" filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf") Region: id = 774 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcebi.ttf" filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf") Region: id = 775 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcebi.ttf" filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf") Region: id = 776 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfl.ttf" filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf") Region: id = 777 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfl.ttf" filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf") Region: id = 778 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfi.ttf" filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf") Region: id = 779 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfi.ttf" filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf") Region: id = 780 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfb.ttf" filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf") Region: id = 781 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfb.ttf" filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf") Region: id = 782 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfbi.ttf" filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf") Region: id = 783 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfbi.ttf" filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf") Region: id = 784 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcil.ttf" filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf") Region: id = 785 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcil.ttf" filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf") Region: id = 786 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcii.ttf" filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf") Region: id = 787 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcii.ttf" filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf") Region: id = 788 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcib.ttf" filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf") Region: id = 789 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcib.ttf" filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf") Region: id = 790 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcibi.ttf" filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf") Region: id = 791 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcibi.ttf" filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf") Region: id = 792 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjl.ttf" filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf") Region: id = 793 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjl.ttf" filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf") Region: id = 794 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcji.ttf" filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf") Region: id = 795 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcji.ttf" filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf") Region: id = 796 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjb.ttf" filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf") Region: id = 797 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjb.ttf" filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf") Region: id = 798 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjbi.ttf" filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf") Region: id = 799 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjbi.ttf" filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf") Region: id = 800 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckl.ttf" filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf") Region: id = 801 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckl.ttf" filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf") Region: id = 802 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcki.ttf" filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf") Region: id = 803 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcki.ttf" filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf") Region: id = 804 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckb.ttf" filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf") Region: id = 805 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckb.ttf" filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf") Region: id = 806 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckbi.ttf" filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf") Region: id = 807 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckbi.ttf" filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf") Region: id = 808 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcll.ttf" filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf") Region: id = 809 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcll.ttf" filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf") Region: id = 810 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcli.ttf" filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf") Region: id = 811 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcli.ttf" filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf") Region: id = 812 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclb.ttf" filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf") Region: id = 813 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclb.ttf" filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf") Region: id = 814 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclbi.ttf" filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf") Region: id = 815 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclbi.ttf" filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf") Region: id = 816 start_va = 0x5000000 end_va = 0x54f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kaiu.ttf" filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf") Region: id = 817 start_va = 0x5000000 end_va = 0x54f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kaiu.ttf" filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf") Region: id = 818 start_va = 0x3a0000 end_va = 0x3effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_10646.ttf" filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf") Region: id = 819 start_va = 0x3a0000 end_va = 0x3effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_10646.ttf" filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf") Region: id = 820 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariblk.ttf" filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf") Region: id = 821 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariblk.ttf" filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf") Region: id = 822 start_va = 0x5000000 end_va = 0x50c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 823 start_va = 0x5000000 end_va = 0x50c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 824 start_va = 0x5000000 end_va = 0x50d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 825 start_va = 0x5000000 end_va = 0x50d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 826 start_va = 0x5000000 end_va = 0x50cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrib.ttf" filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf") Region: id = 827 start_va = 0x5000000 end_va = 0x50cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrib.ttf" filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf") Region: id = 828 start_va = 0x5000000 end_va = 0x50dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibriz.ttf" filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf") Region: id = 829 start_va = 0x5000000 end_va = 0x50dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibriz.ttf" filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf") Region: id = 830 start_va = 0x5000000 end_va = 0x518cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 831 start_va = 0x5000000 end_va = 0x518cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 832 start_va = 0x5000000 end_va = 0x518cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 833 start_va = 0x5000000 end_va = 0x50c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriai.ttf" filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf") Region: id = 834 start_va = 0x5000000 end_va = 0x50c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriai.ttf" filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf") Region: id = 835 start_va = 0x5000000 end_va = 0x50c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriab.ttf" filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf") Region: id = 836 start_va = 0x5000000 end_va = 0x50c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriab.ttf" filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf") Region: id = 837 start_va = 0x5000000 end_va = 0x50c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriaz.ttf" filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf") Region: id = 838 start_va = 0x5000000 end_va = 0x50c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriaz.ttf" filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf") Region: id = 839 start_va = 0x3a0000 end_va = 0x3d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candara.ttf" filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf") Region: id = 840 start_va = 0x3a0000 end_va = 0x3d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candara.ttf" filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf") Region: id = 841 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarai.ttf" filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf") Region: id = 842 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarai.ttf" filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf") Region: id = 843 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarab.ttf" filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf") Region: id = 844 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarab.ttf" filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf") Region: id = 845 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candaraz.ttf" filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf") Region: id = 846 start_va = 0x3a0000 end_va = 0x3d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candaraz.ttf" filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf") Region: id = 847 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comic.ttf" filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf") Region: id = 848 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comic.ttf" filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf") Region: id = 849 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicbd.ttf" filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf") Region: id = 850 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicbd.ttf" filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf") Region: id = 851 start_va = 0x4f0000 end_va = 0x547fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 852 start_va = 0x4f0000 end_va = 0x547fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 853 start_va = 0x4f0000 end_va = 0x549fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 854 start_va = 0x4f0000 end_va = 0x549fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 855 start_va = 0x4f0000 end_va = 0x549fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 856 start_va = 0x4f0000 end_va = 0x549fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 857 start_va = 0x4f0000 end_va = 0x54bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolaz.ttf" filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf") Region: id = 858 start_va = 0x4f0000 end_va = 0x54bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolaz.ttf" filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf") Region: id = 859 start_va = 0x4f0000 end_va = 0x55dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constan.ttf" filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf") Region: id = 860 start_va = 0x4f0000 end_va = 0x55dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constan.ttf" filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf") Region: id = 861 start_va = 0x4f0000 end_va = 0x55dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constani.ttf" filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf") Region: id = 862 start_va = 0x4f0000 end_va = 0x55dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constani.ttf" filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf") Region: id = 863 start_va = 0x4f0000 end_va = 0x55efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanb.ttf" filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf") Region: id = 864 start_va = 0x4f0000 end_va = 0x55efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanb.ttf" filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf") Region: id = 865 start_va = 0x4f0000 end_va = 0x55efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanz.ttf" filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf") Region: id = 866 start_va = 0x4f0000 end_va = 0x55efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanz.ttf" filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf") Region: id = 867 start_va = 0x3a0000 end_va = 0x3dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbel.ttf" filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf") Region: id = 868 start_va = 0x3a0000 end_va = 0x3dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbel.ttf" filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf") Region: id = 869 start_va = 0x3a0000 end_va = 0x3e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbeli.ttf" filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf") Region: id = 870 start_va = 0x3a0000 end_va = 0x3e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbeli.ttf" filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf") Region: id = 871 start_va = 0x3a0000 end_va = 0x3e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelb.ttf" filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf") Region: id = 872 start_va = 0x3a0000 end_va = 0x3e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelb.ttf" filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf") Region: id = 873 start_va = 0x3a0000 end_va = 0x3e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelz.ttf" filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf") Region: id = 874 start_va = 0x3a0000 end_va = 0x3e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelz.ttf" filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf") Region: id = 875 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framd.ttf" filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf") Region: id = 876 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framd.ttf" filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf") Region: id = 877 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdit.ttf" filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf") Region: id = 878 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdit.ttf" filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf") Region: id = 879 start_va = 0x5000000 end_va = 0x51b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gabriola.ttf" filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf") Region: id = 880 start_va = 0x5000000 end_va = 0x51b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gabriola.ttf" filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf") Region: id = 881 start_va = 0x51c0000 end_va = 0x529afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 882 start_va = 0x3a0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgia.ttf" filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf") Region: id = 883 start_va = 0x3a0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgia.ttf" filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf") Region: id = 884 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiai.ttf" filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf") Region: id = 885 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiai.ttf" filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf") Region: id = 886 start_va = 0x3a0000 end_va = 0x3c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiab.ttf" filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf") Region: id = 887 start_va = 0x3a0000 end_va = 0x3c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiab.ttf" filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf") Region: id = 888 start_va = 0x3a0000 end_va = 0x3c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiaz.ttf" filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf") Region: id = 889 start_va = 0x3a0000 end_va = 0x3c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiaz.ttf" filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf") Region: id = 890 start_va = 0xda0000 end_va = 0xe13fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pala.ttf" filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf") Region: id = 891 start_va = 0xda0000 end_va = 0xe13fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pala.ttf" filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf") Region: id = 892 start_va = 0x4f0000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palai.ttf" filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf") Region: id = 893 start_va = 0x4f0000 end_va = 0x555fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palai.ttf" filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf") Region: id = 894 start_va = 0x4f0000 end_va = 0x556fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palab.ttf" filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf") Region: id = 895 start_va = 0x4f0000 end_va = 0x556fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palab.ttf" filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf") Region: id = 896 start_va = 0x4f0000 end_va = 0x542fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palabi.ttf" filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf") Region: id = 897 start_va = 0x4f0000 end_va = 0x542fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palabi.ttf" filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf") Region: id = 898 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoepr.ttf" filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf") Region: id = 899 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoepr.ttf" filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf") Region: id = 900 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeprb.ttf" filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf") Region: id = 901 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeprb.ttf" filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf") Region: id = 902 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebuc.ttf" filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf") Region: id = 903 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebuc.ttf" filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf") Region: id = 904 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucit.ttf" filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf") Region: id = 905 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucit.ttf" filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf") Region: id = 906 start_va = 0x3a0000 end_va = 0x3befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbd.ttf" filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf") Region: id = 907 start_va = 0x3a0000 end_va = 0x3befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbd.ttf" filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf") Region: id = 908 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbi.ttf" filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf") Region: id = 909 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbi.ttf" filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf") Region: id = 910 start_va = 0x3a0000 end_va = 0x3cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdana.ttf" filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf") Region: id = 911 start_va = 0x3a0000 end_va = 0x3cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdana.ttf" filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf") Region: id = 912 start_va = 0x3a0000 end_va = 0x3cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanai.ttf" filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf") Region: id = 913 start_va = 0x3a0000 end_va = 0x3cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanai.ttf" filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf") Region: id = 914 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanab.ttf" filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf") Region: id = 915 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanab.ttf" filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf") Region: id = 916 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanaz.ttf" filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf") Region: id = 917 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanaz.ttf" filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf") Region: id = 918 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "webdings.ttf" filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf") Region: id = 919 start_va = 0x3a0000 end_va = 0x3bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "webdings.ttf" filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf") Region: id = 920 start_va = 0x3a0000 end_va = 0x3a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coure.fon" filename = "\\Windows\\Fonts\\coure.fon" (normalized: "c:\\windows\\fonts\\coure.fon") Region: id = 921 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "serife.fon" filename = "\\Windows\\Fonts\\serife.fon" (normalized: "c:\\windows\\fonts\\serife.fon") Region: id = 922 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sserife.fon" filename = "\\Windows\\Fonts\\sserife.fon" (normalized: "c:\\windows\\fonts\\sserife.fon") Region: id = 923 start_va = 0x3a0000 end_va = 0x3a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "smalle.fon" filename = "\\Windows\\Fonts\\smalle.fon" (normalized: "c:\\windows\\fonts\\smalle.fon") Region: id = 924 start_va = 0x3a0000 end_va = 0x3a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "smallf.fon" filename = "\\Windows\\Fonts\\smallf.fon" (normalized: "c:\\windows\\fonts\\smallf.fon") Region: id = 925 start_va = 0x5000000 end_va = 0x5148fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmala.ttf" filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf") Region: id = 926 start_va = 0x5000000 end_va = 0x5148fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmala.ttf" filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf") Region: id = 927 start_va = 0x5000000 end_va = 0x513cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalab.ttf" filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf") Region: id = 928 start_va = 0x5000000 end_va = 0x513cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalab.ttf" filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf") Region: id = 929 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyb.ttf" filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf") Region: id = 930 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyb.ttf" filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf") Region: id = 931 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyr.ttf" filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf") Region: id = 932 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyr.ttf" filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf") Region: id = 933 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alger.ttf" filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf") Region: id = 934 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alger.ttf" filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf") Region: id = 935 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquab.ttf" filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf") Region: id = 936 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquab.ttf" filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf") Region: id = 937 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquabi.ttf" filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf") Region: id = 938 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquabi.ttf" filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf") Region: id = 939 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquai.ttf" filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf") Region: id = 940 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquai.ttf" filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf") Region: id = 941 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialn.ttf" filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf") Region: id = 942 start_va = 0x3a0000 end_va = 0x3cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialn.ttf" filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf") Region: id = 943 start_va = 0x3a0000 end_va = 0x3ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnb.ttf" filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf") Region: id = 944 start_va = 0x3a0000 end_va = 0x3ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnb.ttf" filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf") Region: id = 945 start_va = 0x3a0000 end_va = 0x3cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnbi.ttf" filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf") Region: id = 946 start_va = 0x3a0000 end_va = 0x3cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnbi.ttf" filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf") Region: id = 947 start_va = 0x3a0000 end_va = 0x3ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialni.ttf" filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf") Region: id = 948 start_va = 0x3a0000 end_va = 0x3ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialni.ttf" filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf") Region: id = 949 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arlrdbd.ttf" filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf") Region: id = 950 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arlrdbd.ttf" filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf") Region: id = 951 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "baskvill.ttf" filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf") Region: id = 952 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "baskvill.ttf" filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf") Region: id = 953 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bauhs93.ttf" filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf") Region: id = 954 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bauhs93.ttf" filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf") Region: id = 955 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bell.ttf" filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf") Region: id = 956 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bell.ttf" filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf") Region: id = 957 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bellb.ttf" filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf") Region: id = 958 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bellb.ttf" filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf") Region: id = 959 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "belli.ttf" filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf") Region: id = 960 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "belli.ttf" filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf") Region: id = 961 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bernhc.ttf" filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf") Region: id = 962 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bernhc.ttf" filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf") Region: id = 963 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bkant.ttf" filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf") Region: id = 964 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bkant.ttf" filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf") Region: id = 965 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_b.ttf" filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf") Region: id = 966 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_b.ttf" filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf") Region: id = 967 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_bi.ttf" filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf") Region: id = 968 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_bi.ttf" filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf") Region: id = 969 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blai.ttf" filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf") Region: id = 970 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blai.ttf" filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf") Region: id = 971 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blar.ttf" filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf") Region: id = 972 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blar.ttf" filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf") Region: id = 973 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cb.ttf" filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf") Region: id = 974 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cb.ttf" filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf") Region: id = 975 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cbi.ttf" filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf") Region: id = 976 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cbi.ttf" filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf") Region: id = 977 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_ci.ttf" filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf") Region: id = 978 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_ci.ttf" filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf") Region: id = 979 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cr.ttf" filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf") Region: id = 980 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cr.ttf" filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf") Region: id = 981 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_i.ttf" filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf") Region: id = 982 start_va = 0x3a0000 end_va = 0x3b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_i.ttf" filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf") Region: id = 983 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_pstc.ttf" filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf") Region: id = 984 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_pstc.ttf" filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf") Region: id = 985 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_r.ttf" filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf") Region: id = 986 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_r.ttf" filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf") Region: id = 987 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookos.ttf" filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf") Region: id = 988 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookos.ttf" filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf") Region: id = 989 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosb.ttf" filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf") Region: id = 990 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosb.ttf" filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf") Region: id = 991 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosbi.ttf" filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf") Region: id = 992 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosbi.ttf" filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf") Region: id = 993 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosi.ttf" filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf") Region: id = 994 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosi.ttf" filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf") Region: id = 995 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bradhitc.ttf" filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf") Region: id = 996 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bradhitc.ttf" filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf") Region: id = 997 start_va = 0x3a0000 end_va = 0x3a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "britanic.ttf" filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf") Region: id = 998 start_va = 0x3a0000 end_va = 0x3a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "britanic.ttf" filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf") Region: id = 999 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsb.ttf" filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf") Region: id = 1000 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsb.ttf" filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf") Region: id = 1001 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsdb.ttf" filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf") Region: id = 1002 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsdb.ttf" filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf") Region: id = 1003 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsr.ttf" filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf") Region: id = 1004 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsr.ttf" filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf") Region: id = 1005 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "broadw.ttf" filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf") Region: id = 1006 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "broadw.ttf" filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf") Region: id = 1007 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brushsci.ttf" filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf") Region: id = 1008 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brushsci.ttf" filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf") Region: id = 1009 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bssym7.ttf" filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf") Region: id = 1010 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bssym7.ttf" filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf") Region: id = 1011 start_va = 0x4440000 end_va = 0x44f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 1012 start_va = 0x4440000 end_va = 0x44f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 1013 start_va = 0x5000000 end_va = 0x50d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 1014 start_va = 0x5000000 end_va = 0x50d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 1015 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califb.ttf" filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf") Region: id = 1016 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califb.ttf" filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf") Region: id = 1017 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califi.ttf" filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf") Region: id = 1018 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califi.ttf" filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf") Region: id = 1019 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califr.ttf" filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf") Region: id = 1020 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califr.ttf" filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf") Region: id = 1021 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calist.ttf" filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf") Region: id = 1022 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calist.ttf" filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf") Region: id = 1023 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistb.ttf" filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf") Region: id = 1024 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistb.ttf" filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf") Region: id = 1025 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistbi.ttf" filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf") Region: id = 1026 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistbi.ttf" filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf") Region: id = 1027 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calisti.ttf" filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf") Region: id = 1028 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calisti.ttf" filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf") Region: id = 1029 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "castelar.ttf" filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf") Region: id = 1030 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "castelar.ttf" filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf") Region: id = 1031 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "censcbk.ttf" filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf") Region: id = 1032 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "censcbk.ttf" filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf") Region: id = 1033 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "centaur.ttf" filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf") Region: id = 1034 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "centaur.ttf" filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf") Region: id = 1035 start_va = 0x3a0000 end_va = 0x3c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "century.ttf" filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf") Region: id = 1036 start_va = 0x3a0000 end_va = 0x3c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "century.ttf" filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf") Region: id = 1037 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "chiller.ttf" filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf") Region: id = 1038 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "chiller.ttf" filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf") Region: id = 1039 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "colonna.ttf" filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf") Region: id = 1040 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "colonna.ttf" filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf") Region: id = 1041 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coopbl.ttf" filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf") Region: id = 1042 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coopbl.ttf" filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf") Region: id = 1043 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtb.ttf" filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf") Region: id = 1044 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtb.ttf" filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf") Region: id = 1045 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtl.ttf" filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf") Region: id = 1046 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtl.ttf" filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf") Region: id = 1047 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "curlz___.ttf" filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf") Region: id = 1048 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "curlz___.ttf" filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf") Region: id = 1049 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnt.ttf" filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf") Region: id = 1050 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnt.ttf" filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf") Region: id = 1051 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnti.ttf" filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf") Region: id = 1052 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnti.ttf" filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf") Region: id = 1053 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "engr.ttf" filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf") Region: id = 1054 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "engr.ttf" filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf") Region: id = 1055 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasbd.ttf" filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf") Region: id = 1056 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasbd.ttf" filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf") Region: id = 1057 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasdemi.ttf" filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf") Region: id = 1058 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasdemi.ttf" filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf") Region: id = 1059 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eraslght.ttf" filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf") Region: id = 1060 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eraslght.ttf" filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf") Region: id = 1061 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasmd.ttf" filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf") Region: id = 1062 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasmd.ttf" filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf") Region: id = 1063 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "felixti.ttf" filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf") Region: id = 1064 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "felixti.ttf" filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf") Region: id = 1065 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "forte.ttf" filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf") Region: id = 1066 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "forte.ttf" filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf") Region: id = 1067 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabk.ttf" filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf") Region: id = 1068 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabk.ttf" filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf") Region: id = 1069 start_va = 0x3a0000 end_va = 0x3c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabkit.ttf" filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf") Region: id = 1070 start_va = 0x3a0000 end_va = 0x3c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabkit.ttf" filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf") Region: id = 1071 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradm.ttf" filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf") Region: id = 1072 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradm.ttf" filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf") Region: id = 1073 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmcn.ttf" filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf") Region: id = 1074 start_va = 0x3a0000 end_va = 0x3bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmcn.ttf" filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf") Region: id = 1075 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmit.ttf" filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf") Region: id = 1076 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmit.ttf" filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf") Region: id = 1077 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahv.ttf" filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf") Region: id = 1078 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahv.ttf" filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf") Region: id = 1079 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahvit.ttf" filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf") Region: id = 1080 start_va = 0x3a0000 end_va = 0x3c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahvit.ttf" filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf") Region: id = 1081 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdcn.ttf" filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf") Region: id = 1082 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdcn.ttf" filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf") Region: id = 1083 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "freescpt.ttf" filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf") Region: id = 1084 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "freescpt.ttf" filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf") Region: id = 1085 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frscript.ttf" filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf") Region: id = 1086 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frscript.ttf" filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf") Region: id = 1087 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ftltlt.ttf" filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf") Region: id = 1088 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ftltlt.ttf" filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf") Region: id = 1089 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugi.ttf" filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf") Region: id = 1090 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugi.ttf" filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf") Region: id = 1091 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugib.ttf" filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf") Region: id = 1092 start_va = 0x3a0000 end_va = 0x3d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugib.ttf" filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf") Region: id = 1093 start_va = 0x3a0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gara.ttf" filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf") Region: id = 1094 start_va = 0x3a0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gara.ttf" filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf") Region: id = 1095 start_va = 0x3a0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garabd.ttf" filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf") Region: id = 1096 start_va = 0x3a0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garabd.ttf" filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf") Region: id = 1097 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garait.ttf" filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf") Region: id = 1098 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garait.ttf" filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf") Region: id = 1099 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gigi.ttf" filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf") Region: id = 1100 start_va = 0x3a0000 end_va = 0x3c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gigi.ttf" filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf") Region: id = 1101 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gil_____.ttf" filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf") Region: id = 1102 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gil_____.ttf" filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf") Region: id = 1103 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilb____.ttf" filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf") Region: id = 1104 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilb____.ttf" filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf") Region: id = 1105 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilbi___.ttf" filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf") Region: id = 1106 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilbi___.ttf" filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf") Region: id = 1107 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilc____.ttf" filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf") Region: id = 1108 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilc____.ttf" filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf") Region: id = 1109 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gili____.ttf" filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf") Region: id = 1110 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gili____.ttf" filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf") Region: id = 1111 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gillubcd.ttf" filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf") Region: id = 1112 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gillubcd.ttf" filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf") Region: id = 1113 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilsanub.ttf" filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf") Region: id = 1114 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilsanub.ttf" filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf") Region: id = 1115 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glecb.ttf" filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf") Region: id = 1116 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glecb.ttf" filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf") Region: id = 1117 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glsnecb.ttf" filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf") Region: id = 1118 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glsnecb.ttf" filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf") Region: id = 1119 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothic.ttf" filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf") Region: id = 1120 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothic.ttf" filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf") Region: id = 1121 start_va = 0x3a0000 end_va = 0x3bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicb.ttf" filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf") Region: id = 1122 start_va = 0x3a0000 end_va = 0x3bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicb.ttf" filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf") Region: id = 1123 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicbi.ttf" filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf") Region: id = 1124 start_va = 0x3a0000 end_va = 0x3c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicbi.ttf" filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf") Region: id = 1125 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothici.ttf" filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf") Region: id = 1126 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothici.ttf" filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf") Region: id = 1127 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudos.ttf" filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf") Region: id = 1128 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudos.ttf" filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf") Region: id = 1129 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosb.ttf" filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf") Region: id = 1130 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosb.ttf" filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf") Region: id = 1131 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosi.ttf" filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf") Region: id = 1132 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosi.ttf" filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf") Region: id = 1133 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudysto.ttf" filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf") Region: id = 1134 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudysto.ttf" filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf") Region: id = 1135 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harlowsi.ttf" filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf") Region: id = 1136 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harlowsi.ttf" filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf") Region: id = 1137 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harngton.ttf" filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf") Region: id = 1138 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harngton.ttf" filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf") Region: id = 1139 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hatten.ttf" filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf") Region: id = 1140 start_va = 0x3a0000 end_va = 0x3bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hatten.ttf" filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf") Region: id = 1141 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowert.ttf" filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf") Region: id = 1142 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowert.ttf" filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf") Region: id = 1143 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowerti.ttf" filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf") Region: id = 1144 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowerti.ttf" filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf") Region: id = 1145 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imprisha.ttf" filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf") Region: id = 1146 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imprisha.ttf" filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf") Region: id = 1147 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "infroman.ttf" filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf") Region: id = 1148 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "infroman.ttf" filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf") Region: id = 1149 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcblkad.ttf" filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf") Region: id = 1150 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcblkad.ttf" filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf") Region: id = 1151 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcedscr.ttf" filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf") Region: id = 1152 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcedscr.ttf" filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf") Region: id = 1153 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itckrist.ttf" filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf") Region: id = 1154 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itckrist.ttf" filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf") Region: id = 1155 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "jokerman.ttf" filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf") Region: id = 1156 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "jokerman.ttf" filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf") Region: id = 1157 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "juice___.ttf" filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf") Region: id = 1158 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "juice___.ttf" filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf") Region: id = 1159 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kunstler.ttf" filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf") Region: id = 1160 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kunstler.ttf" filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf") Region: id = 1161 start_va = 0x3a0000 end_va = 0x3aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latinwd.ttf" filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf") Region: id = 1162 start_va = 0x3a0000 end_va = 0x3aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latinwd.ttf" filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf") Region: id = 1163 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrite.ttf" filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf") Region: id = 1164 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrite.ttf" filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf") Region: id = 1165 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrited.ttf" filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf") Region: id = 1166 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrited.ttf" filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf") Region: id = 1167 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritedi.ttf" filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf") Region: id = 1168 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritedi.ttf" filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf") Region: id = 1169 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritei.ttf" filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf") Region: id = 1170 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritei.ttf" filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf") Region: id = 1171 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lcallig.ttf" filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf") Region: id = 1172 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lcallig.ttf" filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf") Region: id = 1173 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfax.ttf" filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf") Region: id = 1174 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfax.ttf" filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf") Region: id = 1175 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxd.ttf" filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf") Region: id = 1176 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxd.ttf" filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf") Region: id = 1177 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxdi.ttf" filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf") Region: id = 1178 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxdi.ttf" filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf") Region: id = 1179 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxi.ttf" filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf") Region: id = 1180 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxi.ttf" filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf") Region: id = 1181 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lhandw.ttf" filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf") Region: id = 1182 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lhandw.ttf" filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf") Region: id = 1183 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsans.ttf" filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf") Region: id = 1184 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsans.ttf" filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf") Region: id = 1185 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansd.ttf" filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf") Region: id = 1186 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansd.ttf" filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf") Region: id = 1187 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansdi.ttf" filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf") Region: id = 1188 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansdi.ttf" filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf") Region: id = 1189 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansi.ttf" filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf") Region: id = 1190 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansi.ttf" filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf") Region: id = 1191 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltype.ttf" filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf") Region: id = 1192 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltype.ttf" filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf") Region: id = 1193 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeb.ttf" filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf") Region: id = 1194 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeb.ttf" filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf") Region: id = 1195 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypebo.ttf" filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf") Region: id = 1196 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypebo.ttf" filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf") Region: id = 1197 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeo.ttf" filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf") Region: id = 1198 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeo.ttf" filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf") Region: id = 1199 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "magnetob.ttf" filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf") Region: id = 1200 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "magnetob.ttf" filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf") Region: id = 1201 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maian.ttf" filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf") Region: id = 1202 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maian.ttf" filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf") Region: id = 1203 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maturasc.ttf" filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf") Region: id = 1204 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maturasc.ttf" filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf") Region: id = 1205 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mistral.ttf" filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf") Region: id = 1206 start_va = 0x3a0000 end_va = 0x3cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mistral.ttf" filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf") Region: id = 1207 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mod20.ttf" filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf") Region: id = 1208 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mod20.ttf" filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf") Region: id = 1209 start_va = 0x7d60000 end_va = 0x91b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1210 start_va = 0x7d60000 end_va = 0x91b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1211 start_va = 0x7d60000 end_va = 0x91b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1212 start_va = 0x7d60000 end_va = 0x8b0dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1213 start_va = 0x7d60000 end_va = 0x8b0dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1214 start_va = 0x7d60000 end_va = 0x8b0dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1215 start_va = 0x3a0000 end_va = 0x3d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighub.ttf" filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf") Region: id = 1216 start_va = 0x3a0000 end_va = 0x3d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighub.ttf" filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf") Region: id = 1217 start_va = 0x7d60000 end_va = 0x91ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1218 start_va = 0x7d60000 end_va = 0x91ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1219 start_va = 0x7d60000 end_va = 0x91ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1220 start_va = 0x7d60000 end_va = 0x8b17fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1221 start_va = 0x7d60000 end_va = 0x8b17fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1222 start_va = 0x7d60000 end_va = 0x8b17fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1223 start_va = 0x3a0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtcorsva.ttf" filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf") Region: id = 1224 start_va = 0x3a0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtcorsva.ttf" filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf") Region: id = 1225 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niageng.ttf" filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf") Region: id = 1226 start_va = 0x3a0000 end_va = 0x3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niageng.ttf" filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf") Region: id = 1227 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niagsol.ttf" filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf") Region: id = 1228 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niagsol.ttf" filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf") Region: id = 1229 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ocraext.ttf" filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf") Region: id = 1230 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ocraext.ttf" filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf") Region: id = 1231 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oldengl.ttf" filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf") Region: id = 1232 start_va = 0x3a0000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oldengl.ttf" filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf") Region: id = 1233 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "onyx.ttf" filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf") Region: id = 1234 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "onyx.ttf" filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf") Region: id = 1235 start_va = 0x3a0000 end_va = 0x3a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "outlook.ttf" filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf") Region: id = 1236 start_va = 0x3a0000 end_va = 0x3a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "outlook.ttf" filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf") Region: id = 1237 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palscri.ttf" filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf") Region: id = 1238 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palscri.ttf" filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf") Region: id = 1239 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "papyrus.ttf" filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf") Region: id = 1240 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "papyrus.ttf" filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf") Region: id = 1241 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "parchm.ttf" filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf") Region: id = 1242 start_va = 0x3a0000 end_va = 0x3c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "parchm.ttf" filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf") Region: id = 1243 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "per_____.ttf" filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf") Region: id = 1244 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "per_____.ttf" filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf") Region: id = 1245 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perb____.ttf" filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf") Region: id = 1246 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perb____.ttf" filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf") Region: id = 1247 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perbi___.ttf" filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf") Region: id = 1248 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perbi___.ttf" filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf") Region: id = 1249 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peri____.ttf" filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf") Region: id = 1250 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peri____.ttf" filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf") Region: id = 1251 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertibd.ttf" filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf") Region: id = 1252 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertibd.ttf" filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf") Region: id = 1253 start_va = 0x3a0000 end_va = 0x3aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertili.ttf" filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf") Region: id = 1254 start_va = 0x3a0000 end_va = 0x3aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertili.ttf" filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf") Region: id = 1255 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "playbill.ttf" filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf") Region: id = 1256 start_va = 0x3a0000 end_va = 0x3abfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "playbill.ttf" filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf") Region: id = 1257 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "poorich.ttf" filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf") Region: id = 1258 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "poorich.ttf" filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf") Region: id = 1259 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pristina.ttf" filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf") Region: id = 1260 start_va = 0x3a0000 end_va = 0x3b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pristina.ttf" filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf") Region: id = 1261 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rage.ttf" filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf") Region: id = 1262 start_va = 0x3a0000 end_va = 0x3c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rage.ttf" filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf") Region: id = 1263 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ravie.ttf" filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf") Region: id = 1264 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ravie.ttf" filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf") Region: id = 1265 start_va = 0x3a0000 end_va = 0x3d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refsan.ttf" filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf") Region: id = 1266 start_va = 0x3a0000 end_va = 0x3d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refsan.ttf" filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf") Region: id = 1267 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refspcl.ttf" filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf") Region: id = 1268 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refspcl.ttf" filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf") Region: id = 1269 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocc____.ttf" filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf") Region: id = 1270 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocc____.ttf" filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf") Region: id = 1271 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roccb___.ttf" filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf") Region: id = 1272 start_va = 0x3a0000 end_va = 0x3aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roccb___.ttf" filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf") Region: id = 1273 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rock.ttf" filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf") Region: id = 1274 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rock.ttf" filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf") Region: id = 1275 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockb.ttf" filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf") Region: id = 1276 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockb.ttf" filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf") Region: id = 1277 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockbi.ttf" filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf") Region: id = 1278 start_va = 0x3a0000 end_va = 0x3b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockbi.ttf" filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf") Region: id = 1279 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockeb.ttf" filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf") Region: id = 1280 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockeb.ttf" filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf") Region: id = 1281 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocki.ttf" filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf") Region: id = 1282 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocki.ttf" filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf") Region: id = 1283 start_va = 0x3a0000 end_va = 0x3c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkb.ttf" filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf") Region: id = 1284 start_va = 0x3a0000 end_va = 0x3c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkb.ttf" filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf") Region: id = 1285 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkbi.ttf" filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf") Region: id = 1286 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkbi.ttf" filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf") Region: id = 1287 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbki.ttf" filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf") Region: id = 1288 start_va = 0x3a0000 end_va = 0x3c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbki.ttf" filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf") Region: id = 1289 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "scriptbl.ttf" filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf") Region: id = 1290 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "scriptbl.ttf" filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf") Region: id = 1291 start_va = 0x4440000 end_va = 0x44d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuisl.ttf" filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf") Region: id = 1292 start_va = 0x4440000 end_va = 0x44d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuisl.ttf" filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf") Region: id = 1293 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "showg.ttf" filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf") Region: id = 1294 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "showg.ttf" filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf") Region: id = 1295 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "snap____.ttf" filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf") Region: id = 1296 start_va = 0x3a0000 end_va = 0x3affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "snap____.ttf" filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf") Region: id = 1297 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stencil.ttf" filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf") Region: id = 1298 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stencil.ttf" filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf") Region: id = 1299 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcb_____.ttf" filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf") Region: id = 1300 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcb_____.ttf" filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf") Region: id = 1301 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcbi____.ttf" filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf") Region: id = 1302 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcbi____.ttf" filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf") Region: id = 1303 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccb____.ttf" filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf") Region: id = 1304 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccb____.ttf" filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf") Region: id = 1305 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcceb.ttf" filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf") Region: id = 1306 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcceb.ttf" filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf") Region: id = 1307 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccm____.ttf" filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf") Region: id = 1308 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccm____.ttf" filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf") Region: id = 1309 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcm_____.ttf" filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf") Region: id = 1310 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcm_____.ttf" filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf") Region: id = 1311 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcmi____.ttf" filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf") Region: id = 1312 start_va = 0x3a0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcmi____.ttf" filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf") Region: id = 1313 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tempsitc.ttf" filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf") Region: id = 1314 start_va = 0x3a0000 end_va = 0x3b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tempsitc.ttf" filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf") Region: id = 1315 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vineritc.ttf" filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf") Region: id = 1316 start_va = 0x3a0000 end_va = 0x3b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vineritc.ttf" filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf") Region: id = 1317 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vivaldii.ttf" filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf") Region: id = 1318 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vivaldii.ttf" filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf") Region: id = 1319 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vladimir.ttf" filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf") Region: id = 1320 start_va = 0x3a0000 end_va = 0x3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vladimir.ttf" filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf") Region: id = 1321 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng2.ttf" filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf") Region: id = 1322 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng2.ttf" filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf") Region: id = 1323 start_va = 0x3a0000 end_va = 0x3a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng3.ttf" filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf") Region: id = 1324 start_va = 0x3a0000 end_va = 0x3a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng3.ttf" filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf") Region: id = 1325 start_va = 0x3a0000 end_va = 0x3a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtextra.ttf" filename = "\\Windows\\Fonts\\MTEXTRA.TTF" (normalized: "c:\\windows\\fonts\\mtextra.ttf") Region: id = 1326 start_va = 0x3a0000 end_va = 0x3a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtextra.ttf" filename = "\\Windows\\Fonts\\MTEXTRA.TTF" (normalized: "c:\\windows\\fonts\\mtextra.ttf") Region: id = 1327 start_va = 0x390000 end_va = 0x3abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 1328 start_va = 0x5000000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1329 start_va = 0x52a0000 end_va = 0x5bcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1330 start_va = 0x6deb0000 end_va = 0x6e091fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 1331 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1332 start_va = 0x3a0000 end_va = 0x3a6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1333 start_va = 0xc30000 end_va = 0xc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 1334 start_va = 0xc90000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 1335 start_va = 0xdb0000 end_va = 0xdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 1336 start_va = 0x5d10000 end_va = 0x5e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d10000" filename = "" Region: id = 1337 start_va = 0x7d60000 end_va = 0x7e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d60000" filename = "" Region: id = 1338 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 1339 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1340 start_va = 0x6d100000 end_va = 0x6dea0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.data.entity.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Data.Entity\\2617d639f859d0dc0093286c72e64bf7\\System.Data.Entity.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.data.entity\\2617d639f859d0dc0093286c72e64bf7\\system.data.entity.ni.dll") Region: id = 1341 start_va = 0x4f0000 end_va = 0x551fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 1342 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1343 start_va = 0x4440000 end_va = 0x44bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004440000" filename = "" Region: id = 1344 start_va = 0x5bd0000 end_va = 0x5ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bd0000" filename = "" Region: id = 1345 start_va = 0x6d000000 end_va = 0x6d0fafff monitored = 0 entry_point = 0x6d0117e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 1346 start_va = 0x4db0000 end_va = 0x4e19fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1347 start_va = 0x5000000 end_va = 0x5068fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005000000" filename = "" Region: id = 1348 start_va = 0x50a0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 1349 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1350 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1351 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1352 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1353 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1354 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1355 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1356 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1357 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1358 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1359 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1360 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 1361 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1362 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 1363 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1364 start_va = 0xa30000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 1365 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 1366 start_va = 0xc70000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 1367 start_va = 0xc80000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 1368 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 1369 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1370 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1371 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1372 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1373 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1374 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1375 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1376 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1377 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 1378 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1379 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 1380 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1381 start_va = 0xa30000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 1382 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 1383 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1384 start_va = 0x960000 end_va = 0x99bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 1385 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1386 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1387 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1388 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1389 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1390 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1450 start_va = 0x5160000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 1451 start_va = 0x5e10000 end_va = 0x5f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e10000" filename = "" Region: id = 1452 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1453 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 1470 start_va = 0x4e00000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1471 start_va = 0x8040000 end_va = 0x813ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008040000" filename = "" Region: id = 1472 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Thread: id = 1 os_tid = 0xed8 [0063.042] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0066.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x24eb90 | out: phkResult=0x24eb90*=0x0) returned 0x2 [0066.550] RegCloseKey (hKey=0x80000002) returned 0x0 [0066.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x24ee14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0066.582] IsAppThemed () returned 0x1 [0066.590] CoTaskMemAlloc (cb=0xf0) returned 0x446400 [0066.590] CreateActCtxA (pActCtx=0x24f338) returned 0x4465f4 [0066.692] CoTaskMemFree (pv=0x446400) [0066.714] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1bd [0066.715] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1bb [0067.100] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x24ecac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0067.411] GetCurrentProcess () returned 0xffffffff [0067.411] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24efe4 | out: TokenHandle=0x24efe4*=0x1f4) returned 1 [0067.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x24ea9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0067.523] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x24efdc | out: lpFileInformation=0x24efdc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0067.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0067.525] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x24efe4 | out: lpFileInformation=0x24efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0067.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x24ea04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0067.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24ef1c) returned 1 [0067.530] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40 [0067.531] GetFileType (hFile=0x40) returned 0x1 [0067.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24ef18) returned 1 [0067.531] GetFileType (hFile=0x40) returned 0x1 [0070.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0070.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x24e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0070.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24e4fc) returned 1 [0070.630] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x24e7c0 | out: lpFileInformation=0x24e7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0070.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24e4f8) returned 1 [0071.425] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x24e68c | out: pfEnabled=0x24e68c) returned 0x0 [0071.832] GetFileSize (in: hFile=0x40, lpFileSizeHigh=0x24efd8 | out: lpFileSizeHigh=0x24efd8*=0x0) returned 0x8c8e [0071.833] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ef94, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ef94*=0x1000, lpOverlapped=0x0) returned 1 [0071.857] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ee44, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ee44*=0x1000, lpOverlapped=0x0) returned 1 [0071.859] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ecf8*=0x1000, lpOverlapped=0x0) returned 1 [0071.859] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ecf8*=0x1000, lpOverlapped=0x0) returned 1 [0071.860] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ecf8*=0x1000, lpOverlapped=0x0) returned 1 [0071.860] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec30, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ec30*=0x1000, lpOverlapped=0x0) returned 1 [0071.866] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ed9c, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ed9c*=0x1000, lpOverlapped=0x0) returned 1 [0071.868] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec90, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ec90*=0x1000, lpOverlapped=0x0) returned 1 [0071.868] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ec90, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ec90*=0xc8e, lpOverlapped=0x0) returned 1 [0071.868] ReadFile (in: hFile=0x40, lpBuffer=0x2470478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ed54, lpOverlapped=0x0 | out: lpBuffer=0x2470478*, lpNumberOfBytesRead=0x24ed54*=0x0, lpOverlapped=0x0) returned 1 [0071.869] CloseHandle (hObject=0x40) returned 1 [0071.869] CloseHandle (hObject=0x1f4) returned 1 [0071.870] GetCurrentProcess () returned 0xffffffff [0071.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24f130 | out: TokenHandle=0x24f130*=0x1f4) returned 1 [0071.871] CloseHandle (hObject=0x1f4) returned 1 [0071.872] GetCurrentProcess () returned 0xffffffff [0071.872] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24f130 | out: TokenHandle=0x24f130*=0x1f4) returned 1 [0071.872] CloseHandle (hObject=0x1f4) returned 1 [0071.879] GetCurrentProcess () returned 0xffffffff [0071.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24efe4 | out: TokenHandle=0x24efe4*=0x1f4) returned 1 [0071.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x24efdc | out: lpFileInformation=0x24efdc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0071.880] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x24ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0071.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x24efe4 | out: lpFileInformation=0x24efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0071.881] CloseHandle (hObject=0x1f4) returned 1 [0071.881] GetCurrentProcess () returned 0xffffffff [0071.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24f130 | out: TokenHandle=0x24f130*=0x1f4) returned 1 [0071.882] CloseHandle (hObject=0x1f4) returned 1 [0071.882] GetCurrentProcess () returned 0xffffffff [0071.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24f130 | out: TokenHandle=0x24f130*=0x1f4) returned 1 [0071.883] CloseHandle (hObject=0x1f4) returned 1 [0071.904] GetCurrentProcess () returned 0xffffffff [0071.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef48 | out: TokenHandle=0x24ef48*=0x1f4) returned 1 [0071.912] CloseHandle (hObject=0x1f4) returned 1 [0071.912] GetCurrentProcess () returned 0xffffffff [0071.912] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ef60 | out: TokenHandle=0x24ef60*=0x1f4) returned 1 [0071.918] CloseHandle (hObject=0x1f4) returned 1 [0071.923] GetSystemMetrics (nIndex=75) returned 1 [0071.929] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0072.722] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772b0000 [0072.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x24f22c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0072.725] GetProcAddress (hModule=0x772b0000, lpProcName="AddDllDirectory") returned 0x773f1e91 [0072.725] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6e230000 [0072.757] AdjustWindowRectEx (in: lpRect=0x24f394, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x24f394) returned 1 [0072.765] GetCurrentProcess () returned 0xffffffff [0072.765] GetCurrentThread () returned 0xfffffffe [0072.765] GetCurrentProcess () returned 0xffffffff [0072.765] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x24f2ac, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x24f2ac*=0x40) returned 1 [0072.768] GetCurrentThreadId () returned 0xed8 [0072.786] GetCurrentActCtx (in: lphActCtx=0x24f20c | out: lphActCtx=0x24f20c*=0x0) returned 1 [0072.786] ActivateActCtx (in: hActCtx=0x4465f4, lpCookie=0x24f21c | out: hActCtx=0x4465f4, lpCookie=0x24f21c) returned 1 [0072.788] GetModuleHandleW (lpModuleName="user32.dll") returned 0x766d0000 [0072.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x24f0c4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWHoÉ\x04ý\x92Dþ\x0fr\x8cõ$", lpUsedDefaultChar=0x0) returned 14 [0072.788] GetProcAddress (hModule=0x766d0000, lpProcName="DefWindowProcW") returned 0x778f25dd [0072.789] GetStockObject (i=5) returned 0x1900015 [0072.793] GetModuleHandleW (lpModuleName=0x0) returned 0xf60000 [0072.796] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0072.796] RegisterClassW (lpWndClass=0x24f0b4) returned 0xc178 [0072.797] CoTaskMemFree (pv=0x4555a8) [0072.797] GetModuleHandleW (lpModuleName=0x0) returned 0xf60000 [0072.797] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xf60000, lpParam=0x0) returned 0x501ec [0072.800] SetWindowLongW (hWnd=0x501ec, nIndex=-4, dwNewLong=2005870045) returned 82184406 [0072.801] GetWindowLongW (hWnd=0x501ec, nIndex=-4) returned 2005870045 [0072.806] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x24e9c8 | out: phkResult=0x24e9c8*=0x234) returned 0x0 [0072.809] RegQueryValueExW (in: hKey=0x234, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x24e9e8, lpData=0x0, lpcbData=0x24e9e4*=0x0 | out: lpType=0x24e9e8*=0x0, lpData=0x0, lpcbData=0x24e9e4*=0x0) returned 0x2 [0072.810] RegQueryValueExW (in: hKey=0x234, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x24e9e8, lpData=0x0, lpcbData=0x24e9e4*=0x0 | out: lpType=0x24e9e8*=0x0, lpData=0x0, lpcbData=0x24e9e4*=0x0) returned 0x2 [0072.810] RegCloseKey (hKey=0x234) returned 0x0 [0072.813] SetWindowLongW (hWnd=0x501ec, nIndex=-4, dwNewLong=82184446) returned 2005870045 [0072.813] GetWindowLongW (hWnd=0x501ec, nIndex=-4) returned 82184446 [0072.813] GetWindowLongW (hWnd=0x501ec, nIndex=-16) returned 113311744 [0072.814] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1bc [0072.815] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x501ec, Msg=0x24, wParam=0x0, lParam=0x24eca0) returned 0x0 [0072.815] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc059 [0072.815] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x501ec, Msg=0x81, wParam=0x0, lParam=0x24ec94) returned 0x1 [0072.816] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x501ec, Msg=0x83, wParam=0x0, lParam=0x24ec80) returned 0x0 [0072.816] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x501ec, Msg=0x1, wParam=0x0, lParam=0x24ec94) returned 0x0 [0072.817] GetClientRect (in: hWnd=0x501ec, lpRect=0x24e9fc | out: lpRect=0x24e9fc) returned 1 [0072.817] GetWindowRect (in: hWnd=0x501ec, lpRect=0x24e9fc | out: lpRect=0x24e9fc) returned 1 [0072.819] GetParent (hWnd=0x501ec) returned 0x0 [0072.819] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1a700001) returned 1 [0073.070] EtwEventRegister () returned 0x0 [0073.090] GetSystemDefaultLCID () returned 0x409 [0073.090] GetStockObject (i=17) returned 0x18a0025 [0073.093] GetObjectW (in: h=0x18a0025, c=92, pv=0x24e98c | out: pv=0x24e98c) returned 92 [0073.095] GetDC (hWnd=0x0) returned 0x2c010173 [0073.780] GdiplusStartup (in: token=0x2663b0, input=0x24df50, output=0x24dfa0 | out: token=0x2663b0, output=0x24dfa0) returned 0x0 [0073.803] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0073.805] GdipCreateFontFromLogfontW (hdc=0x2c010173, logfont=0x4555a8, font=0x24ea54) returned 0x0 [0084.131] CoTaskMemFree (pv=0x4555a8) [0084.134] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0084.134] CoTaskMemFree (pv=0x4555a8) [0084.135] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0084.135] CoTaskMemFree (pv=0x4555a8) [0084.136] GdipGetFontUnit (font=0x4da2230, unit=0x24ea1c) returned 0x0 [0084.136] GdipGetFontSize (font=0x4da2230, size=0x24ea20) returned 0x0 [0084.136] GdipGetFontStyle (font=0x4da2230, style=0x24ea18) returned 0x0 [0084.137] GdipGetFamily (font=0x4da2230, family=0x24ea14) returned 0x0 [0084.139] GdipGetFontSize (font=0x4da2230, size=0x249f7ac) returned 0x0 [0084.139] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.140] GetDC (hWnd=0x0) returned 0x2c010173 [0084.142] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24ea30) returned 0x0 [0084.144] GdipGetDpiY (graphics=0x767b6d0, dpi=0x249f888) returned 0x0 [0084.144] GdipGetFontHeight (font=0x4da2230, graphics=0x767b6d0, height=0x24ea28) returned 0x0 [0084.145] GdipGetEmHeight (family=0x658f6b0, style=0, EmHeight=0x24ea30) returned 0x0 [0084.145] GdipGetLineSpacing (family=0x658f6b0, style=0, LineSpacing=0x24ea30) returned 0x0 [0084.146] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.146] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.148] GdipCreateFont (fontFamily=0x658f6b0, emSize=0x41040000, style=0, unit=0x3, font=0x249f8a4) returned 0x0 [0084.148] GdipGetFontSize (font=0x74f0e68, size=0x249f8a8) returned 0x0 [0084.148] GdipDeleteFont (font=0x4da2230) returned 0x0 [0084.150] GetDC (hWnd=0x0) returned 0x2c010173 [0084.150] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24eaa8) returned 0x0 [0084.151] GdipGetFontHeight (font=0x74f0e68, graphics=0x767b6d0, height=0x24eaa0) returned 0x0 [0084.151] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.151] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.152] GetSystemMetrics (nIndex=5) returned 1 [0084.152] GetSystemMetrics (nIndex=6) returned 1 [0084.154] AdjustWindowRectEx (in: lpRect=0x24ebd0, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x24ebd0) returned 1 [0084.172] GetProcessWindowStation () returned 0x60 [0084.177] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x249fee8, nLength=0xc, lpnLengthNeeded=0x24e458 | out: pvInfo=0x249fee8, lpnLengthNeeded=0x24e458) returned 1 [0084.180] SetConsoleCtrlHandler (HandlerRoutine=0x4e6094e, Add=1) returned 1 [0084.181] GetModuleHandleW (lpModuleName=0x0) returned 0xf60000 [0084.181] GetModuleHandleW (lpModuleName=0x0) returned 0xf60000 [0084.184] GetClassInfoW (in: hInstance=0xf60000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x249ff4c | out: lpWndClass=0x249ff4c) returned 0 [0084.186] CoTaskMemAlloc (cb=0x58) returned 0x430e40 [0084.186] RegisterClassW (lpWndClass=0x24e3a8) returned 0xc1be [0084.186] CoTaskMemFree (pv=0x430e40) [0084.187] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xf60000, lpParam=0x0) returned 0x6001e [0084.189] NtdllDefWindowProc_W () returned 0x1 [0084.191] NtdllDefWindowProc_W () returned 0x0 [0084.191] NtdllDefWindowProc_W () returned 0x0 [0084.191] NtdllDefWindowProc_W () returned 0x0 [0084.191] NtdllDefWindowProc_W () returned 0x0 [0084.197] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x1f4, pvParam=0x24e940, fWinIni=0x0 | out: pvParam=0x24e940) returned 1 [0084.198] GetDC (hWnd=0x0) returned 0x2c010173 [0084.198] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0084.199] GdipCreateFontFromLogfontW (hdc=0x2c010173, logfont=0x4555a8, font=0x24eb48) returned 0x0 [0084.199] CoTaskMemFree (pv=0x4555a8) [0084.199] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0084.199] CoTaskMemFree (pv=0x4555a8) [0084.199] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0084.199] CoTaskMemFree (pv=0x4555a8) [0084.199] GdipGetFontUnit (font=0x74f0e90, unit=0x24eb10) returned 0x0 [0084.199] GdipGetFontSize (font=0x74f0e90, size=0x24eb14) returned 0x0 [0084.199] GdipGetFontStyle (font=0x74f0e90, style=0x24eb0c) returned 0x0 [0084.199] GdipGetFamily (font=0x74f0e90, family=0x24eb08) returned 0x0 [0084.200] GdipGetFontSize (font=0x74f0e90, size=0x24a0644) returned 0x0 [0084.200] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.200] GetDC (hWnd=0x0) returned 0x2c010173 [0084.200] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24eb1c) returned 0x0 [0084.200] GdipGetDpiY (graphics=0x767b6d0, dpi=0x24a0720) returned 0x0 [0084.200] GdipGetFontHeight (font=0x74f0e90, graphics=0x767b6d0, height=0x24eb14) returned 0x0 [0084.200] GdipGetEmHeight (family=0x67a3ec8, style=0, EmHeight=0x24eb1c) returned 0x0 [0084.200] GdipGetLineSpacing (family=0x67a3ec8, style=0, LineSpacing=0x24eb1c) returned 0x0 [0084.200] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.200] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.201] GdipCreateFont (fontFamily=0x67a3ec8, emSize=0x41100000, style=0, unit=0x3, font=0x24a073c) returned 0x0 [0084.201] GdipGetFontSize (font=0x74f0eb8, size=0x24a0740) returned 0x0 [0084.203] GetDC (hWnd=0x0) returned 0x2c010173 [0084.203] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24eb60) returned 0x0 [0084.203] GdipGetFontHeight (font=0x74f0eb8, graphics=0x767b6d0, height=0x24eb58) returned 0x0 [0084.203] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.203] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.207] GetDC (hWnd=0x0) returned 0x2c010173 [0084.207] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24eaf0) returned 0x0 [0084.207] GdipGetFontHeight (font=0x74f0eb8, graphics=0x767b6d0, height=0x24eae8) returned 0x0 [0084.208] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.208] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.208] GetSystemMetrics (nIndex=5) returned 1 [0084.208] GetSystemMetrics (nIndex=6) returned 1 [0084.208] GetSystemMetrics (nIndex=5) returned 1 [0084.208] GetSystemMetrics (nIndex=6) returned 1 [0084.208] AdjustWindowRectEx (in: lpRect=0x24eab4, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x24eab4) returned 1 [0084.213] GetSystemMetrics (nIndex=5) returned 1 [0084.213] GetSystemMetrics (nIndex=6) returned 1 [0084.248] AdjustWindowRectEx (in: lpRect=0x24ec00, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x24ec00) returned 1 [0084.249] AdjustWindowRectEx (in: lpRect=0x24ec00, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x24ec00) returned 1 [0084.250] AdjustWindowRectEx (in: lpRect=0x24ec00, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x24ec00) returned 1 [0084.250] GetDC (hWnd=0x0) returned 0x2c010173 [0084.250] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24ead8) returned 0x0 [0084.251] GdipGetFontHeight (font=0x74f0e68, graphics=0x767b6d0, height=0x24ead0) returned 0x0 [0084.251] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.251] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.251] GetSystemMetrics (nIndex=5) returned 1 [0084.251] GetSystemMetrics (nIndex=6) returned 1 [0084.251] AdjustWindowRectEx (in: lpRect=0x24ec00, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x24ec00) returned 1 [0084.253] AdjustWindowRectEx (in: lpRect=0x24ec04, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x24ec04) returned 1 [0084.254] AdjustWindowRectEx (in: lpRect=0x24ec04, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x24ec04) returned 1 [0084.255] GetDC (hWnd=0x0) returned 0x2c010173 [0084.255] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24ead8) returned 0x0 [0084.255] GdipGetFontHeight (font=0x74f0e68, graphics=0x767b6d0, height=0x24ead0) returned 0x0 [0084.255] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.255] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.255] GetSystemMetrics (nIndex=5) returned 1 [0084.255] GetSystemMetrics (nIndex=6) returned 1 [0084.255] AdjustWindowRectEx (in: lpRect=0x24ec00, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x24ec00) returned 1 [0084.256] AdjustWindowRectEx (in: lpRect=0x24ec00, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x24ec00) returned 1 [0084.257] AdjustWindowRectEx (in: lpRect=0x24ec04, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x24ec04) returned 1 [0084.258] GetDC (hWnd=0x0) returned 0x2c010173 [0084.258] GdipCreateFromHDC (hdc=0x2c010173, graphics=0x24ea48) returned 0x0 [0084.258] GdipGetFontHeight (font=0x74f0e68, graphics=0x767b6d0, height=0x24ea40) returned 0x0 [0084.258] GdipDeleteGraphics (graphics=0x767b6d0) returned 0x0 [0084.258] ReleaseDC (hWnd=0x0, hDC=0x2c010173) returned 1 [0084.262] GdipGetFamilyName (in: family=0x658f6b0, name=0x24e94c, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0084.264] CreateCompatibleDC (hdc=0x0) returned 0x2c0107a3 [0084.265] GetCurrentObject (hdc=0x2c0107a3, type=0x1) returned 0x1b00017 [0084.265] GetCurrentObject (hdc=0x2c0107a3, type=0x2) returned 0x1900010 [0084.265] GetCurrentObject (hdc=0x2c0107a3, type=0x7) returned 0x185000f [0084.265] GetCurrentObject (hdc=0x2c0107a3, type=0x6) returned 0x18a002e [0084.267] SaveDC (hdc=0x2c0107a3) returned 1 [0084.268] GetDeviceCaps (hdc=0x2c0107a3, index=90) returned 96 [0084.269] CoTaskMemAlloc (cb=0x5c) returned 0x4555a8 [0084.269] CreateFontIndirectW (lplf=0x4555a8) returned 0x300a0a9d [0084.270] CoTaskMemFree (pv=0x4555a8) [0084.270] GetObjectW (in: h=0x300a0a9d, c=92, pv=0x24e910 | out: pv=0x24e910) returned 92 [0084.276] GetCurrentObject (hdc=0x2c0107a3, type=0x6) returned 0x18a002e [0084.276] GetObjectW (in: h=0x18a002e, c=92, pv=0x24e878 | out: pv=0x24e878) returned 92 [0084.277] SelectObject (hdc=0x2c0107a3, h=0x300a0a9d) returned 0x18a002e [0084.278] GetMapMode (hdc=0x2c0107a3) returned 1 [0084.278] GetTextMetricsW (in: hdc=0x2c0107a3, lptm=0x24e940 | out: lptm=0x24e940) returned 1 [0084.280] DrawTextExW (in: hdc=0x2c0107a3, lpchText="j^", cchText=2, lprc=0x24ea4c, format=0x420, lpdtp=0x24a4168 | out: lpchText="j^", lprc=0x24ea4c) returned 13 [0084.313] GetSystemMetrics (nIndex=5) returned 1 [0084.313] GetSystemMetrics (nIndex=6) returned 1 [0084.314] DrawTextExW (in: hdc=0x2c0107a3, lpchText="j^", cchText=2, lprc=0x24ea44, format=0x420, lpdtp=0x24a4284 | out: lpchText="j^", lprc=0x24ea44) returned 13 [0084.314] GetSystemMetrics (nIndex=5) returned 1 [0084.315] GetSystemMetrics (nIndex=6) returned 1 [0084.315] AdjustWindowRectEx (in: lpRect=0x24ec08, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x24ec08) returned 1 [0127.286] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x24df58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0127.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x24e1a0) returned 1 [0127.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x24e464 | out: lpFileInformation=0x24e464*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0127.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x24e19c) returned 1 [0128.940] GdipLoadImageFromStream (stream=0x3b0030, image=0x24e0c0) returned 0x0 [0129.243] GdipImageForceValidation (image=0x767b6d0) returned 0x0 [0129.256] GdipGetImageType (image=0x767b6d0, type=0x24e0bc) returned 0x0 [0129.257] GdipGetImageRawFormat (image=0x767b6d0, format=0x24e030*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0129.282] GdipGetImageWidth (image=0x767b6d0, width=0x24e638) returned 0x0 [0129.283] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.284] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.284] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=0, color=0x24e624) returned 0x0 [0129.286] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.286] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.286] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=1, color=0x24e624) returned 0x0 [0129.286] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.286] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.286] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=2, color=0x24e624) returned 0x0 [0129.286] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.287] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.287] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=3, color=0x24e624) returned 0x0 [0129.287] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.287] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.287] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=4, color=0x24e624) returned 0x0 [0129.287] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.287] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.287] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=5, color=0x24e624) returned 0x0 [0129.287] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.287] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.287] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=6, color=0x24e624) returned 0x0 [0129.287] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.287] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.287] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=7, color=0x24e624) returned 0x0 [0129.287] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.287] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.287] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=8, color=0x24e624) returned 0x0 [0129.287] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.288] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.288] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=9, color=0x24e624) returned 0x0 [0129.288] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.288] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.288] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=10, color=0x24e624) returned 0x0 [0129.288] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.288] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.288] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=11, color=0x24e624) returned 0x0 [0129.288] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.288] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.288] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=12, color=0x24e624) returned 0x0 [0129.288] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.288] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.288] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=13, color=0x24e624) returned 0x0 [0129.288] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.288] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.288] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=14, color=0x24e624) returned 0x0 [0129.289] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.289] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.289] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=15, color=0x24e624) returned 0x0 [0129.289] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.289] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.289] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=16, color=0x24e624) returned 0x0 [0129.289] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.289] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.289] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=17, color=0x24e624) returned 0x0 [0129.289] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.289] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.289] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=18, color=0x24e624) returned 0x0 [0129.289] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.297] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.297] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=19, color=0x24e624) returned 0x0 [0129.298] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.298] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.298] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=20, color=0x24e624) returned 0x0 [0129.298] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.298] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.298] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=21, color=0x24e624) returned 0x0 [0129.298] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.298] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.298] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=22, color=0x24e624) returned 0x0 [0129.298] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.298] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.298] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=23, color=0x24e624) returned 0x0 [0129.298] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.298] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.298] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=24, color=0x24e624) returned 0x0 [0129.298] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.299] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.299] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=25, color=0x24e624) returned 0x0 [0129.299] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.299] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.299] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=26, color=0x24e624) returned 0x0 [0129.299] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.299] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.299] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=27, color=0x24e624) returned 0x0 [0129.299] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.299] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.299] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=28, color=0x24e624) returned 0x0 [0129.299] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.299] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.299] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=29, color=0x24e624) returned 0x0 [0129.299] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.299] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.300] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=30, color=0x24e624) returned 0x0 [0129.300] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.300] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.300] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=31, color=0x24e624) returned 0x0 [0129.300] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.300] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.300] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=32, color=0x24e624) returned 0x0 [0129.300] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.300] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.300] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=33, color=0x24e624) returned 0x0 [0129.300] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.300] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.300] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=34, color=0x24e624) returned 0x0 [0129.300] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.300] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.300] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=35, color=0x24e624) returned 0x0 [0129.300] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.300] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.301] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=36, color=0x24e624) returned 0x0 [0129.301] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.301] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.301] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=37, color=0x24e624) returned 0x0 [0129.301] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.301] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.301] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=38, color=0x24e624) returned 0x0 [0129.301] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.301] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.301] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=39, color=0x24e624) returned 0x0 [0129.301] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.301] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.301] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=40, color=0x24e624) returned 0x0 [0129.302] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.302] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.302] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=41, color=0x24e624) returned 0x0 [0129.302] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.302] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.302] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=42, color=0x24e624) returned 0x0 [0129.302] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.302] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.302] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=43, color=0x24e624) returned 0x0 [0129.302] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.302] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.302] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=44, color=0x24e624) returned 0x0 [0129.302] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.302] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.302] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=45, color=0x24e624) returned 0x0 [0129.303] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.303] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.303] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=46, color=0x24e624) returned 0x0 [0129.303] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.303] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.303] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=47, color=0x24e624) returned 0x0 [0129.303] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.303] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.303] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=48, color=0x24e624) returned 0x0 [0129.303] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.303] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.303] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=49, color=0x24e624) returned 0x0 [0129.303] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.303] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.303] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=50, color=0x24e624) returned 0x0 [0129.303] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.303] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.304] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=51, color=0x24e624) returned 0x0 [0129.304] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.304] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.304] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=52, color=0x24e624) returned 0x0 [0129.304] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.304] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.304] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=53, color=0x24e624) returned 0x0 [0129.304] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.304] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.304] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=54, color=0x24e624) returned 0x0 [0129.304] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.304] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.304] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=55, color=0x24e624) returned 0x0 [0129.304] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.304] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.304] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=56, color=0x24e624) returned 0x0 [0129.305] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.305] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.305] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=57, color=0x24e624) returned 0x0 [0129.305] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.305] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.305] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=58, color=0x24e624) returned 0x0 [0129.305] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.305] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.305] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=59, color=0x24e624) returned 0x0 [0129.305] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.305] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.305] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=60, color=0x24e624) returned 0x0 [0129.305] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.305] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.305] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=61, color=0x24e624) returned 0x0 [0129.306] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.306] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.306] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=62, color=0x24e624) returned 0x0 [0129.306] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.306] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.306] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=63, color=0x24e624) returned 0x0 [0129.306] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.306] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.306] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=64, color=0x24e624) returned 0x0 [0129.306] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.306] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.306] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=65, color=0x24e624) returned 0x0 [0129.306] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.306] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.306] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=66, color=0x24e624) returned 0x0 [0129.307] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.307] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.307] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=67, color=0x24e624) returned 0x0 [0129.307] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.307] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.307] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=68, color=0x24e624) returned 0x0 [0129.307] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.307] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.307] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=69, color=0x24e624) returned 0x0 [0129.307] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.307] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.307] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=70, color=0x24e624) returned 0x0 [0129.307] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.307] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.307] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=71, color=0x24e624) returned 0x0 [0129.307] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.307] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.308] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=72, color=0x24e624) returned 0x0 [0129.308] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.308] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.308] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=73, color=0x24e624) returned 0x0 [0129.308] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.308] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.308] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=74, color=0x24e624) returned 0x0 [0129.308] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.308] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.308] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=75, color=0x24e624) returned 0x0 [0129.308] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.308] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.308] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=76, color=0x24e624) returned 0x0 [0129.308] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.308] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.308] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=77, color=0x24e624) returned 0x0 [0129.309] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.309] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.309] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=78, color=0x24e624) returned 0x0 [0129.309] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.309] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.309] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=79, color=0x24e624) returned 0x0 [0129.309] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.309] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.309] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=80, color=0x24e624) returned 0x0 [0129.309] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.309] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.309] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=81, color=0x24e624) returned 0x0 [0129.309] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.309] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.309] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=82, color=0x24e624) returned 0x0 [0129.309] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.309] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.309] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=83, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=84, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=85, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=86, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=87, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=88, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=89, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=90, color=0x24e624) returned 0x0 [0129.310] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.310] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.310] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=91, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=92, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=93, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=94, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=95, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=96, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=97, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=98, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.311] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.311] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=99, color=0x24e624) returned 0x0 [0129.311] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=100, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=101, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=102, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=103, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=104, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=105, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=106, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=107, color=0x24e624) returned 0x0 [0129.312] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.312] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.312] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=108, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=109, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=110, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=111, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=112, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=113, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=114, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=115, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.313] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=116, color=0x24e624) returned 0x0 [0129.313] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.313] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=117, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=118, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=119, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=120, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=121, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=122, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=123, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=124, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.314] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=125, color=0x24e624) returned 0x0 [0129.314] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.314] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=126, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=127, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=128, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=129, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=130, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=131, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=132, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=133, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=134, color=0x24e624) returned 0x0 [0129.315] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.315] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.315] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=135, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=136, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=137, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=138, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=139, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=140, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=141, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=142, color=0x24e624) returned 0x0 [0129.316] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.316] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.316] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=143, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=144, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=145, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=146, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=147, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=148, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=149, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=150, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.317] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=151, color=0x24e624) returned 0x0 [0129.317] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.317] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=152, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=153, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=154, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=155, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=156, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=157, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=158, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=159, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.318] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=160, color=0x24e624) returned 0x0 [0129.318] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.318] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=161, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=162, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=163, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=164, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=165, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=166, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=167, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=168, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.319] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.319] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=169, color=0x24e624) returned 0x0 [0129.319] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=170, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=171, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=172, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=173, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=174, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=175, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=176, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=177, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.320] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.320] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=178, color=0x24e624) returned 0x0 [0129.320] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=179, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=180, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=181, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=182, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=183, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=184, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=185, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=186, color=0x24e624) returned 0x0 [0129.321] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.321] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.321] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=187, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=188, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=189, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=190, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=191, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=192, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=193, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=194, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.322] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.322] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=195, color=0x24e624) returned 0x0 [0129.322] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.323] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.323] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=196, color=0x24e624) returned 0x0 [0129.323] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.323] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.323] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=197, color=0x24e624) returned 0x0 [0129.323] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.323] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.323] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=198, color=0x24e624) returned 0x0 [0129.323] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.323] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.323] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=199, color=0x24e624) returned 0x0 [0129.323] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.323] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.323] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=200, color=0x24e624) returned 0x0 [0129.323] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.323] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.323] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=201, color=0x24e624) returned 0x0 [0129.323] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.323] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.323] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=202, color=0x24e624) returned 0x0 [0129.323] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=203, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=204, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=205, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=206, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=207, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=208, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=209, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.324] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=210, color=0x24e624) returned 0x0 [0129.324] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.324] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=211, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=212, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=213, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=214, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=215, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=216, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=217, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.325] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=218, color=0x24e624) returned 0x0 [0129.325] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.325] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=219, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=220, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=221, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=222, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=223, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=224, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=225, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.326] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=226, color=0x24e624) returned 0x0 [0129.326] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.326] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=227, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=228, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=229, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=230, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=231, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=232, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=233, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=234, color=0x24e624) returned 0x0 [0129.327] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.327] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.327] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=235, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=236, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=237, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=238, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=239, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=240, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=241, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=242, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=243, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.328] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.328] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=244, color=0x24e624) returned 0x0 [0129.328] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.329] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.329] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=245, color=0x24e624) returned 0x0 [0129.329] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.329] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.329] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=246, color=0x24e624) returned 0x0 [0129.329] GdipGetImageWidth (image=0x767b6d0, width=0x24e614) returned 0x0 [0129.329] GdipGetImageHeight (image=0x767b6d0, height=0x24e614) returned 0x0 [0129.329] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=247, color=0x24e624) returned 0x0 [0129.329] GdipBitmapGetPixel (bitmap=0x767b6d0, x=0, y=248, color=0x24e624) returned 0x0 [0130.322] CoTaskMemAlloc (cb=0xd) returned 0x49f380 [0130.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bb930, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.322] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.322] CoTaskMemFree (pv=0x49f380) [0130.334] CoTaskMemAlloc (cb=0x11) returned 0x481708 [0130.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x24bb968, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12 [0130.334] GetProcAddress (hModule=0x772b0000, lpProcName="ResumeThread") returned 0x772c43a7 [0130.334] CoTaskMemFree (pv=0x481708) [0130.374] CoTaskMemAlloc (cb=0xd) returned 0x49f440 [0130.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bba24, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.374] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.375] CoTaskMemFree (pv=0x49f440) [0130.375] CoTaskMemAlloc (cb=0x1a) returned 0x49c3a0 [0130.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x24bba5c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0130.375] GetProcAddress (hModule=0x772b0000, lpProcName="Wow64SetThreadContext") returned 0x77345933 [0130.375] CoTaskMemFree (pv=0x49c3a0) [0130.386] CoTaskMemAlloc (cb=0xd) returned 0x49f380 [0130.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bbb28, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.386] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.387] CoTaskMemFree (pv=0x49f380) [0130.387] CoTaskMemAlloc (cb=0x15) returned 0x481708 [0130.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x24bbb60, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0130.387] GetProcAddress (hModule=0x772b0000, lpProcName="SetThreadContext") returned 0x77345933 [0130.387] CoTaskMemFree (pv=0x481708) [0130.391] CoTaskMemAlloc (cb=0xd) returned 0x49f380 [0130.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bbc28, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.391] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.392] CoTaskMemFree (pv=0x49f380) [0130.392] CoTaskMemAlloc (cb=0x1a) returned 0x49c3a0 [0130.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x24bbc60, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0130.392] GetProcAddress (hModule=0x772b0000, lpProcName="Wow64GetThreadContext") returned 0x772e799c [0130.392] CoTaskMemFree (pv=0x49c3a0) [0130.396] CoTaskMemAlloc (cb=0xd) returned 0x49f380 [0130.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bbd2c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.397] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.397] CoTaskMemFree (pv=0x49f380) [0130.397] CoTaskMemAlloc (cb=0x15) returned 0x481708 [0130.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x24bbd64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0130.397] GetProcAddress (hModule=0x772b0000, lpProcName="GetThreadContext") returned 0x772e799c [0130.397] CoTaskMemFree (pv=0x481708) [0130.401] CoTaskMemAlloc (cb=0xd) returned 0x49f380 [0130.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bbe20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.403] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.403] CoTaskMemFree (pv=0x49f380) [0130.403] CoTaskMemAlloc (cb=0x13) returned 0x4814a8 [0130.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x24bbe58, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0130.403] GetProcAddress (hModule=0x772b0000, lpProcName="VirtualAllocEx") returned 0x772dd980 [0130.403] CoTaskMemFree (pv=0x4814a8) [0130.417] CoTaskMemAlloc (cb=0xd) returned 0x49f440 [0130.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bbf14, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.418] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.418] CoTaskMemFree (pv=0x49f440) [0130.418] CoTaskMemAlloc (cb=0x17) returned 0x481708 [0130.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x24bbf4c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0130.418] GetProcAddress (hModule=0x772b0000, lpProcName="WriteProcessMemory") returned 0x772dd9b0 [0130.419] CoTaskMemFree (pv=0x481708) [0130.434] CoTaskMemAlloc (cb=0xd) returned 0x49f380 [0130.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bc010, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.434] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.435] CoTaskMemFree (pv=0x49f380) [0130.435] CoTaskMemAlloc (cb=0x16) returned 0x4814a8 [0130.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x24bc048, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17 [0130.435] GetProcAddress (hModule=0x772b0000, lpProcName="ReadProcessMemory") returned 0x772dcfa4 [0130.435] CoTaskMemFree (pv=0x4814a8) [0130.451] CoTaskMemAlloc (cb=0xa) returned 0x49f440 [0130.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x24bc108, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5 [0130.451] LoadLibraryA (lpLibFileName="ntdll") returned 0x778c0000 [0130.451] CoTaskMemFree (pv=0x49f440) [0130.451] CoTaskMemAlloc (cb=0x19) returned 0x49c3a0 [0130.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x24bc134, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20 [0130.451] GetProcAddress (hModule=0x778c0000, lpProcName="ZwUnmapViewOfSection") returned 0x778dfc70 [0130.452] CoTaskMemFree (pv=0x49c3a0) [0130.470] CoTaskMemAlloc (cb=0xd) returned 0x49f440 [0130.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x24bc1fc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0130.470] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0130.470] CoTaskMemFree (pv=0x49f440) [0130.470] CoTaskMemAlloc (cb=0x13) returned 0x4814a8 [0130.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x24bc234, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14 [0130.470] GetProcAddress (hModule=0x772b0000, lpProcName="CreateProcessA") returned 0x772c1072 [0130.470] CoTaskMemFree (pv=0x4814a8) [0130.516] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x24dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0130.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", cchWideChar=69, lpMultiByteStr=0x24de04, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exeãÑ", lpUsedDefaultChar=0x0) returned 69 [0130.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x24de00, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x84ãÑ", lpUsedDefaultChar=0x0) returned 0 [0130.601] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x24dea8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x24e16c | out: lpCommandLine="", lpProcessInformation=0x24e16c*(hProcess=0x258, hThread=0x178, dwProcessId=0xf54, dwThreadId=0xf58)) returned 1 [0130.614] CoTaskMemFree (pv=0x0) [0130.631] GetThreadContext (in: hThread=0x178, lpContext=0x24bc500 | out: lpContext=0x24bc500*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x101fade, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0130.631] ReadProcessMemory (in: hProcess=0x258, lpBaseAddress=0x7efde008, lpBuffer=0x24e15c, nSize=0x4, lpNumberOfBytesRead=0x24e1a0 | out: lpBuffer=0x24e15c*, lpNumberOfBytesRead=0x24e1a0*=0x4) returned 1 [0130.631] VirtualAllocEx (hProcess=0x258, lpAddress=0x400000, dwSize=0x3c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0130.633] WriteProcessMemory (in: hProcess=0x258, lpBaseAddress=0x400000, lpBuffer=0x3518420*, nSize=0x200, lpNumberOfBytesWritten=0x24e1a0 | out: lpBuffer=0x3518420*, lpNumberOfBytesWritten=0x24e1a0*=0x200) returned 1 [0130.642] WriteProcessMemory (in: hProcess=0x258, lpBaseAddress=0x402000, lpBuffer=0x36b09c0*, nSize=0x35600, lpNumberOfBytesWritten=0x24e1a0 | out: lpBuffer=0x36b09c0*, lpNumberOfBytesWritten=0x24e1a0*=0x35600) returned 1 [0130.709] WriteProcessMemory (in: hProcess=0x258, lpBaseAddress=0x438000, lpBuffer=0x24bc7d8*, nSize=0x600, lpNumberOfBytesWritten=0x24e1a0 | out: lpBuffer=0x24bc7d8*, lpNumberOfBytesWritten=0x24e1a0*=0x600) returned 1 [0130.715] WriteProcessMemory (in: hProcess=0x258, lpBaseAddress=0x43a000, lpBuffer=0x24bcde4*, nSize=0x200, lpNumberOfBytesWritten=0x24e1a0 | out: lpBuffer=0x24bcde4*, lpNumberOfBytesWritten=0x24e1a0*=0x200) returned 1 [0130.721] WriteProcessMemory (in: hProcess=0x258, lpBaseAddress=0x7efde008, lpBuffer=0x24bcff0*, nSize=0x4, lpNumberOfBytesWritten=0x24e1a0 | out: lpBuffer=0x24bcff0*, lpNumberOfBytesWritten=0x24e1a0*=0x4) returned 1 [0130.723] SetThreadContext (hThread=0x178, lpContext=0x24bc500*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x4375de, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0130.727] ResumeThread (hThread=0x178) returned 0x1 [0130.902] CoGetContextToken (in: pToken=0x24e578 | out: pToken=0x24e578) returned 0x0 [0130.902] CObjectContext::QueryInterface () returned 0x0 [0130.902] CObjectContext::GetCurrentThreadType () returned 0x0 [0130.902] Release () returned 0x0 [0130.905] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x407490*=0xac, lpdwindex=0x24e424 | out: lpdwindex=0x24e424) returned 0x0 Thread: id = 2 os_tid = 0xee8 Thread: id = 3 os_tid = 0xeec [0063.740] CoGetContextToken (in: pToken=0xf2f9ec | out: pToken=0xf2f9ec) returned 0x800401f0 [0063.740] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0084.603] GdipDeleteFont (font=0x74f0e90) returned 0x0 [0130.922] SetWindowLongW (hWnd=0x501ec, nIndex=-4, dwNewLong=2005870045) returned 82184446 [0131.141] SetClassLongW (hWnd=0x501ec, nIndex=-24, dwNewLong=2005870045) returned 0x4e608d6 [0131.142] PostMessageW (hWnd=0x501ec, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0131.143] GetModuleHandleW (lpModuleName=0x0) returned 0xf60000 [0131.143] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0xf60000) returned 0 [0131.144] EtwEventUnregister () returned 0x0 [0131.152] IsWindow (hWnd=0x6001e) returned 1 [0131.156] GetModuleHandleW (lpModuleName="user32.dll") returned 0x766d0000 [0131.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0xf2f76c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWKpÉ\x04ý\x92Dþ\x0frìùò", lpUsedDefaultChar=0x0) returned 14 [0131.157] GetProcAddress (hModule=0x766d0000, lpProcName="DefWindowProcW") returned 0x778f25dd [0131.157] SetWindowLongW (hWnd=0x6001e, nIndex=-4, dwNewLong=2005870045) returned 82184566 [0131.157] SetClassLongW (hWnd=0x6001e, nIndex=-24, dwNewLong=2005870045) returned 0x4e60976 [0131.157] IsWindow (hWnd=0x6001e) returned 1 [0131.158] DestroyWindow (hWnd=0x6001e) returned 0 [0131.158] PostMessageW (hWnd=0x6001e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0131.158] SetConsoleCtrlHandler (HandlerRoutine=0x4e6094e, Add=0) returned 1 [0131.163] GdipDisposeImage (image=0x767b6d0) returned 0x0 [0131.174] GetCurrentObject (hdc=0x2c0107a3, type=0x6) returned 0x300a0a9d [0131.175] SelectObject (hdc=0x2c0107a3, h=0x18a002e) returned 0x300a0a9d [0131.177] DeleteObject (ho=0x300a0a9d) returned 1 [0131.178] DeleteDC (hdc=0x2c0107a3) returned 1 [0131.179] GdipDeleteFont (font=0x74f0eb8) returned 0x0 [0131.180] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0 [0131.180] GdipDeleteFont (font=0x74f0e68) returned 0x0 [0131.185] CloseHandle (hObject=0x40) returned 1 [0131.200] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 4 os_tid = 0xef0 Thread: id = 5 os_tid = 0xf00 Thread: id = 6 os_tid = 0xf24 Thread: id = 7 os_tid = 0xf28 Thread: id = 9 os_tid = 0xf5c Thread: id = 10 os_tid = 0xf60 Process: id = "2" image_name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" page_root = "0x12acb000" os_pid = "0xf54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xed4" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe\"" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1391 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1392 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1393 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1394 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1395 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1396 start_va = 0xd0000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1397 start_va = 0x1f0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1398 start_va = 0xf60000 end_va = 0x103bfff monitored = 1 entry_point = 0x101fade region_type = mapped_file name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe") Region: id = 1399 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1400 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1401 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1402 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1403 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1404 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1405 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1406 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1407 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1408 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1409 start_va = 0x5b0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1410 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1411 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1412 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1413 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1414 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1415 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1416 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 1417 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1418 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 1419 start_va = 0x630000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1420 start_va = 0x752a0000 end_va = 0x752e9fff monitored = 1 entry_point = 0x752a2e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1421 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1422 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1423 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1424 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1425 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1426 start_va = 0x110000 end_va = 0x176fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1427 start_va = 0x8a0000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 1428 start_va = 0x440000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1429 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1430 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1431 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1432 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1433 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1434 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1435 start_va = 0x630000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1436 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1437 start_va = 0x75210000 end_va = 0x7529cfff monitored = 1 entry_point = 0x75222860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1438 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1439 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1440 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1441 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1442 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1443 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1444 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1445 start_va = 0x8a0000 end_va = 0xa27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1446 start_va = 0xa50000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 1447 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1448 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1449 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1454 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1455 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1456 start_va = 0xa60000 end_va = 0xbe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 1457 start_va = 0x1040000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 1458 start_va = 0x2f0000 end_va = 0x3c7fff monitored = 1 entry_point = 0x3afade region_type = mapped_file name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe") Region: id = 1459 start_va = 0x2f0000 end_va = 0x3c7fff monitored = 1 entry_point = 0x3afade region_type = mapped_file name = "b0a10bd27d48fea4e569797829057892.virus.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe") Region: id = 1460 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1461 start_va = 0x720f0000 end_va = 0x7289efff monitored = 1 entry_point = 0x7210d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1462 start_va = 0x720f0000 end_va = 0x7289efff monitored = 1 entry_point = 0x7210d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1463 start_va = 0x720f0000 end_va = 0x7289efff monitored = 1 entry_point = 0x7210d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1464 start_va = 0x751f0000 end_va = 0x75203fff monitored = 0 entry_point = 0x751fac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 1465 start_va = 0x72c00000 end_va = 0x72caafff monitored = 0 entry_point = 0x72c95f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 1466 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1467 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 1468 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1469 start_va = 0xa0000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1473 start_va = 0xb0000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1474 start_va = 0xc0000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1475 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1476 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1477 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1478 start_va = 0x2f0000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1479 start_va = 0xbf0000 end_va = 0xdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 1480 start_va = 0x630000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1481 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1482 start_va = 0xc80000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 1483 start_va = 0xdb0000 end_va = 0xdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 1484 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1485 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1486 start_va = 0x2440000 end_va = 0x443ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 1487 start_va = 0x440000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1488 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1489 start_va = 0x320000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1490 start_va = 0x360000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1491 start_va = 0xe60000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 1492 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1493 start_va = 0x520000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1494 start_va = 0x4570000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 1495 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 1496 start_va = 0x4670000 end_va = 0x493efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1497 start_va = 0x6f8d0000 end_va = 0x70cdafff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 1498 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1499 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1500 start_va = 0x670000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1501 start_va = 0x4440000 end_va = 0x451efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004440000" filename = "" Region: id = 1502 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1503 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1504 start_va = 0x72bf0000 end_va = 0x72bf2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 1505 start_va = 0x72b60000 end_va = 0x72be8fff monitored = 1 entry_point = 0x72b61130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1506 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1507 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1508 start_va = 0x71690000 end_va = 0x720e4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 1509 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1510 start_va = 0x714e0000 end_va = 0x71682fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 1511 start_va = 0x6ea60000 end_va = 0x6f8c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 1512 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1513 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1514 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1515 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1516 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1517 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1518 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1519 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1520 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1521 start_va = 0x6e240000 end_va = 0x6ea57fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 1522 start_va = 0x72a50000 end_va = 0x72b54fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 1523 start_va = 0x70d60000 end_va = 0x714d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 1524 start_va = 0x72a30000 end_va = 0x72a42fff monitored = 1 entry_point = 0x72a3d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 1525 start_va = 0x4940000 end_va = 0x4c11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 1526 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1527 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1528 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1529 start_va = 0x700000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1530 start_va = 0x72a10000 end_va = 0x72a26fff monitored = 0 entry_point = 0x72a135fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1531 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1532 start_va = 0x3a0000 end_va = 0x3dbfff monitored = 0 entry_point = 0x3a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1533 start_va = 0x3a0000 end_va = 0x3dbfff monitored = 0 entry_point = 0x3a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1534 start_va = 0x3a0000 end_va = 0x3dbfff monitored = 0 entry_point = 0x3a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1535 start_va = 0x3a0000 end_va = 0x3dbfff monitored = 0 entry_point = 0x3a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1536 start_va = 0x3a0000 end_va = 0x3dbfff monitored = 0 entry_point = 0x3a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1537 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1538 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1539 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1540 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1541 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1542 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1543 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1544 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1545 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1546 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1547 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1548 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1549 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1550 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1551 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1552 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1553 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1554 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1555 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1556 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1557 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1558 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1559 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1560 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1561 start_va = 0x6e050000 end_va = 0x6e231fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 1562 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1563 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1564 start_va = 0x76ca0000 end_va = 0x76ca4fff monitored = 0 entry_point = 0x76ca1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 1565 start_va = 0x4ca0000 end_va = 0x4cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ca0000" filename = "" Region: id = 1566 start_va = 0x4e40000 end_va = 0x4f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e40000" filename = "" Region: id = 1567 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 1568 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1569 start_va = 0xc10000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 1570 start_va = 0x5030000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1571 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1572 start_va = 0x2f0000 end_va = 0x2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1573 start_va = 0x700000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1574 start_va = 0x750000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1575 start_va = 0x51c0000 end_va = 0x52bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 1576 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 1577 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1578 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 1579 start_va = 0x70d20000 end_va = 0x70d50fff monitored = 1 entry_point = 0x70d212d7 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 1580 start_va = 0x6dff0000 end_va = 0x6e04bfff monitored = 0 entry_point = 0x6e012b48 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 1581 start_va = 0x76200000 end_va = 0x76234fff monitored = 0 entry_point = 0x7620145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1582 start_va = 0x774b0000 end_va = 0x774b5fff monitored = 0 entry_point = 0x774b1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1583 start_va = 0x4ce0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 1584 start_va = 0x751e0000 end_va = 0x751eafff monitored = 0 entry_point = 0x751e52a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 1585 start_va = 0x6df80000 end_va = 0x6dfe0fff monitored = 0 entry_point = 0x6dfbbf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 1586 start_va = 0x729f0000 end_va = 0x72a09fff monitored = 0 entry_point = 0x72a003d0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 1930 start_va = 0x729e0000 end_va = 0x729eefff monitored = 0 entry_point = 0x729e93d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1931 start_va = 0x52c0000 end_va = 0x53bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 1932 start_va = 0x6ded0000 end_va = 0x6df75fff monitored = 0 entry_point = 0x6df3a2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1933 start_va = 0x70d00000 end_va = 0x70d17fff monitored = 0 entry_point = 0x70d01335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 1934 start_va = 0x72ce0000 end_va = 0x72d3efff monitored = 0 entry_point = 0x72ce2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1935 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 1936 start_va = 0x4f40000 end_va = 0x4ffffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2042 start_va = 0x6de90000 end_va = 0x6dec4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custommarshalers.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\CustomMarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\CustomMarshalers.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\custommarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\custommarshalers.ni.dll") Region: id = 2043 start_va = 0x70ce0000 end_va = 0x70cf7fff monitored = 1 entry_point = 0x70ce58de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2044 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 1 entry_point = 0x3a58de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2045 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 1 entry_point = 0x3a58de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2046 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 1 entry_point = 0x3a58de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2047 start_va = 0x3a0000 end_va = 0x3b8fff monitored = 1 entry_point = 0x3a58de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2048 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2049 start_va = 0x3b0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 2050 start_va = 0x6dd60000 end_va = 0x6de8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll") Region: id = 2051 start_va = 0x4c40000 end_va = 0x4c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 2052 start_va = 0x5480000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005480000" filename = "" Region: id = 2053 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2054 start_va = 0x7ef50000 end_va = 0x7ef9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef50000" filename = "" Region: id = 2055 start_va = 0x7ef40000 end_va = 0x7ef4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef40000" filename = "" Region: id = 2056 start_va = 0x4db0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 2057 start_va = 0x56a0000 end_va = 0x579ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056a0000" filename = "" Region: id = 2058 start_va = 0x7ef3d000 end_va = 0x7ef3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3d000" filename = "" Region: id = 2059 start_va = 0x6dd30000 end_va = 0x6dd50fff monitored = 1 entry_point = 0x6dd398e0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2060 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2061 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2062 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2063 start_va = 0x5140000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2064 start_va = 0x56a0000 end_va = 0x579ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056a0000" filename = "" Region: id = 2065 start_va = 0x7ef3d000 end_va = 0x7ef3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3d000" filename = "" Region: id = 2066 start_va = 0x4530000 end_va = 0x456ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004530000" filename = "" Region: id = 2067 start_va = 0x55a0000 end_va = 0x569ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 2068 start_va = 0x7ef3a000 end_va = 0x7ef3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3a000" filename = "" Region: id = 2069 start_va = 0x3d0000 end_va = 0x3d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2730 start_va = 0xe00000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2731 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 2732 start_va = 0x7ef37000 end_va = 0x7ef39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef37000" filename = "" Region: id = 2747 start_va = 0x3d0000 end_va = 0x3e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2764 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2765 start_va = 0x4d30000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d30000" filename = "" Region: id = 2766 start_va = 0x4d70000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 2767 start_va = 0x57d0000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057d0000" filename = "" Region: id = 2768 start_va = 0x7ef37000 end_va = 0x7ef39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef37000" filename = "" Region: id = 2769 start_va = 0x4dc0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 2770 start_va = 0x4e00000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 2771 start_va = 0x5810000 end_va = 0x590ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005810000" filename = "" Region: id = 2772 start_va = 0x5920000 end_va = 0x595ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005920000" filename = "" Region: id = 2773 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 2774 start_va = 0x7ef34000 end_va = 0x7ef36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef34000" filename = "" Region: id = 2855 start_va = 0x4cf0000 end_va = 0x4d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 2856 start_va = 0x5180000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2857 start_va = 0x55c0000 end_va = 0x56bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 2858 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2859 start_va = 0x3e0000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2860 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2861 start_va = 0x3e0000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2862 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2863 start_va = 0x3d0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2864 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2865 start_va = 0x3d0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2866 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2867 start_va = 0x3d0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2868 start_va = 0xe00000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2869 start_va = 0x5890000 end_va = 0x598ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005890000" filename = "" Region: id = 2870 start_va = 0x7ef34000 end_va = 0x7ef36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef34000" filename = "" Region: id = 2871 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2872 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2873 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2874 start_va = 0x4db0000 end_va = 0x4e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 2875 start_va = 0xe20000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 2876 start_va = 0x4cb0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cb0000" filename = "" Region: id = 2877 start_va = 0x4e70000 end_va = 0x4eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 2878 start_va = 0x5640000 end_va = 0x573ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005640000" filename = "" Region: id = 2879 start_va = 0x5580000 end_va = 0x55bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 2880 start_va = 0x5950000 end_va = 0x5a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005950000" filename = "" Region: id = 2881 start_va = 0x7ef3a000 end_va = 0x7ef3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3a000" filename = "" Region: id = 2882 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2883 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2884 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2885 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2886 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2887 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2888 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2889 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2890 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2891 start_va = 0x6c0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2892 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2893 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2894 start_va = 0x4e30000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e30000" filename = "" Region: id = 2895 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2896 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2897 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2898 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2899 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2900 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2901 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2902 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2903 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2904 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2905 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2906 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2907 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2908 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2909 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2910 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2911 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2912 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2913 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2914 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2915 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2916 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2917 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2918 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2919 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2920 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2921 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2922 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2923 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2924 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2925 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2926 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2927 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2928 start_va = 0x4c80000 end_va = 0x4ce1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 2929 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2930 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2931 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2932 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2933 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2934 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2935 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2936 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2937 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2938 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2939 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2940 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2941 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2942 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2943 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2944 start_va = 0x6dd20000 end_va = 0x6dd2bfff monitored = 0 entry_point = 0x6dd2505c region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 2945 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2946 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2947 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2948 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2949 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2950 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2951 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2952 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2953 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2954 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2955 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2956 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2957 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2958 start_va = 0x6dc40000 end_va = 0x6dd17fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\93d03eb9812405fa70e89d4efd5f7e14\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\93d03eb9812405fa70e89d4efd5f7e14\\system.security.ni.dll") Region: id = 2959 start_va = 0x768b0000 end_va = 0x769d0fff monitored = 0 entry_point = 0x768b158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2960 start_va = 0x766c0000 end_va = 0x766cbfff monitored = 0 entry_point = 0x766c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2961 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2962 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2963 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2964 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2965 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2966 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2967 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2968 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2969 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2970 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2971 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2972 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2973 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2974 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2975 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2976 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2977 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2978 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2979 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2980 start_va = 0x6dc10000 end_va = 0x6dc30fff monitored = 0 entry_point = 0x6dc1e356 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 2981 start_va = 0x6dbf0000 end_va = 0x6dc01fff monitored = 0 entry_point = 0x6dbf1200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 2982 start_va = 0x6dbc0000 end_va = 0x6dbe9fff monitored = 0 entry_point = 0x6dbc13f2 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll") Region: id = 2983 start_va = 0x4e0000 end_va = 0x4ebfff monitored = 0 entry_point = 0x4ee356 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 2984 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshom.ocx.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshom.ocx.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshom.ocx.mui") Region: id = 2985 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2986 start_va = 0x5140000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2987 start_va = 0x5680000 end_va = 0x577ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005680000" filename = "" Region: id = 2988 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2989 start_va = 0x670000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2990 start_va = 0x5400000 end_va = 0x543ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 2991 start_va = 0x5580000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 2992 start_va = 0x56a0000 end_va = 0x579ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056a0000" filename = "" Region: id = 2993 start_va = 0x7ef3d000 end_va = 0x7ef3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3d000" filename = "" Region: id = 2994 start_va = 0x5180000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2995 start_va = 0x5910000 end_va = 0x5a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 2996 start_va = 0x7ef3a000 end_va = 0x7ef3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3a000" filename = "" Region: id = 2997 start_va = 0x500000 end_va = 0x502fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2998 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2999 start_va = 0xe10000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 3000 start_va = 0x5a60000 end_va = 0x5b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 3001 start_va = 0x7ef34000 end_va = 0x7ef36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef34000" filename = "" Region: id = 3002 start_va = 0x500000 end_va = 0x502fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3003 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 3004 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 3005 start_va = 0x74420000 end_va = 0x7443bfff monitored = 0 entry_point = 0x7442a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 3006 start_va = 0x74410000 end_va = 0x74416fff monitored = 0 entry_point = 0x7441128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 3007 start_va = 0x74440000 end_va = 0x74483fff monitored = 0 entry_point = 0x744563f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 3008 start_va = 0x5a10000 end_va = 0x5b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 3009 start_va = 0x6dbb0000 end_va = 0x6dbbcfff monitored = 0 entry_point = 0x6dbb2012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 3010 start_va = 0x6db90000 end_va = 0x6dba1fff monitored = 0 entry_point = 0x6db93271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 3011 start_va = 0x5a10000 end_va = 0x5a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 3012 start_va = 0x5b20000 end_va = 0x5b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 3013 start_va = 0x5d30000 end_va = 0x5e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d30000" filename = "" Region: id = 3014 start_va = 0x7ef34000 end_va = 0x7ef36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef34000" filename = "" Region: id = 3015 start_va = 0x743c0000 end_va = 0x743fbfff monitored = 0 entry_point = 0x743c145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 3016 start_va = 0x743b0000 end_va = 0x743b4fff monitored = 0 entry_point = 0x743b15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 3017 start_va = 0x743a0000 end_va = 0x743a5fff monitored = 0 entry_point = 0x743a1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 3018 start_va = 0x74310000 end_va = 0x74315fff monitored = 0 entry_point = 0x743114b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 3019 start_va = 0x742d0000 end_va = 0x74307fff monitored = 0 entry_point = 0x742d990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 3020 start_va = 0x5e30000 end_va = 0x604ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e30000" filename = "" Region: id = 3021 start_va = 0x5810000 end_va = 0x5891fff monitored = 0 entry_point = 0x58119a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 3022 start_va = 0x5810000 end_va = 0x5891fff monitored = 0 entry_point = 0x58119a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 3023 start_va = 0x6db00000 end_va = 0x6db83fff monitored = 0 entry_point = 0x6db019a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 3024 start_va = 0x5b60000 end_va = 0x5ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 3025 start_va = 0xdf0000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 3026 start_va = 0x5840000 end_va = 0x587ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005840000" filename = "" Region: id = 3027 start_va = 0x58c0000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058c0000" filename = "" Region: id = 3028 start_va = 0x5ec0000 end_va = 0x5fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 3029 start_va = 0x6010000 end_va = 0x604ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006010000" filename = "" Region: id = 3030 start_va = 0x7ef2e000 end_va = 0x7ef30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef2e000" filename = "" Region: id = 3031 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 3032 start_va = 0x56b0000 end_va = 0x56effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 3033 start_va = 0x56f0000 end_va = 0x572ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056f0000" filename = "" Region: id = 3034 start_va = 0x5740000 end_va = 0x577ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005740000" filename = "" Region: id = 3035 start_va = 0x5b90000 end_va = 0x5c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b90000" filename = "" Region: id = 3036 start_va = 0x5cc0000 end_va = 0x5ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cc0000" filename = "" Thread: id = 8 os_tid = 0xf58 [0131.935] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0132.662] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x2ed38c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0132.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ed088 | out: phkResult=0x2ed088*=0x0) returned 0x2 [0132.671] RegCloseKey (hKey=0x80000002) returned 0x0 [0132.797] GetCurrentProcess () returned 0xffffffff [0132.797] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed6c4 | out: TokenHandle=0x2ed6c4*=0x40) returned 1 [0132.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x2ed17c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0132.828] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2ed6bc | out: lpFileInformation=0x2ed6bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0132.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ed148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0132.832] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2ed6c4 | out: lpFileInformation=0x2ed6c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0132.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ed0e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0132.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ed5fc) returned 1 [0132.836] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0 [0132.837] GetFileType (hFile=0x1f0) returned 0x1 [0132.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed5f8) returned 1 [0132.837] GetFileType (hFile=0x1f0) returned 0x1 [0132.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ec938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0132.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ec99c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0132.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ecbdc) returned 1 [0132.863] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2ecea0 | out: lpFileInformation=0x2ecea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0132.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ecbd8) returned 1 [0132.937] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x2ecd6c | out: pfEnabled=0x2ecd6c) returned 0x0 [0132.984] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x2ed6b8 | out: lpFileSizeHigh=0x2ed6b8*=0x0) returned 0x8c8e [0132.985] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed674, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed674*=0x1000, lpOverlapped=0x0) returned 1 [0133.004] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed524, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed524*=0x1000, lpOverlapped=0x0) returned 1 [0133.006] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed3d8, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed3d8*=0x1000, lpOverlapped=0x0) returned 1 [0133.008] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed3d8, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed3d8*=0x1000, lpOverlapped=0x0) returned 1 [0133.008] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed3d8, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed3d8*=0x1000, lpOverlapped=0x0) returned 1 [0133.009] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed310, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed310*=0x1000, lpOverlapped=0x0) returned 1 [0133.014] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed47c, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed47c*=0x1000, lpOverlapped=0x0) returned 1 [0133.016] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed370, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed370*=0x1000, lpOverlapped=0x0) returned 1 [0133.016] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed370, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed370*=0xc8e, lpOverlapped=0x0) returned 1 [0133.017] ReadFile (in: hFile=0x1f0, lpBuffer=0x2472d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ed434, lpOverlapped=0x0 | out: lpBuffer=0x2472d58*, lpNumberOfBytesRead=0x2ed434*=0x0, lpOverlapped=0x0) returned 1 [0133.017] CloseHandle (hObject=0x1f0) returned 1 [0133.017] CloseHandle (hObject=0x40) returned 1 [0133.018] GetCurrentProcess () returned 0xffffffff [0133.019] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed810 | out: TokenHandle=0x2ed810*=0x40) returned 1 [0133.019] CloseHandle (hObject=0x40) returned 1 [0133.019] GetCurrentProcess () returned 0xffffffff [0133.020] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed810 | out: TokenHandle=0x2ed810*=0x40) returned 1 [0133.020] CloseHandle (hObject=0x40) returned 1 [0133.028] GetCurrentProcess () returned 0xffffffff [0133.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed6c4 | out: TokenHandle=0x2ed6c4*=0x40) returned 1 [0133.029] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2ed6bc | out: lpFileInformation=0x2ed6bc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.029] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x2ed148, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0133.029] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2ed6c4 | out: lpFileInformation=0x2ed6c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.030] CloseHandle (hObject=0x40) returned 1 [0133.030] GetCurrentProcess () returned 0xffffffff [0133.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed810 | out: TokenHandle=0x2ed810*=0x40) returned 1 [0133.031] CloseHandle (hObject=0x40) returned 1 [0133.032] GetCurrentProcess () returned 0xffffffff [0133.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed810 | out: TokenHandle=0x2ed810*=0x40) returned 1 [0133.032] CloseHandle (hObject=0x40) returned 1 [0133.046] GetCurrentProcess () returned 0xffffffff [0133.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed628 | out: TokenHandle=0x2ed628*=0x40) returned 1 [0133.054] CloseHandle (hObject=0x40) returned 1 [0133.054] GetCurrentProcess () returned 0xffffffff [0133.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ed640 | out: TokenHandle=0x2ed640*=0x40) returned 1 [0133.062] CloseHandle (hObject=0x40) returned 1 [0133.076] GetModuleHandleW (lpModuleName="user32.dll") returned 0x766d0000 [0133.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x2ed88c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWÈn9/® Dþ\x0fr\x94Û.", lpUsedDefaultChar=0x0) returned 14 [0133.077] GetProcAddress (hModule=0x766d0000, lpProcName="DefWindowProcW") returned 0x778f25dd [0133.078] GetStockObject (i=5) returned 0x1900015 [0133.082] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0133.086] CoTaskMemAlloc (cb=0x5c) returned 0x7f65d0 [0133.087] RegisterClassW (lpWndClass=0x2ed87c) returned 0xc178 [0133.088] CoTaskMemFree (pv=0x7f65d0) [0133.088] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0133.091] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.34f5582_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x601ec [0133.092] SetWindowLongW (hWnd=0x601ec, nIndex=-4, dwNewLong=2005870045) returned 7669974 [0133.093] GetWindowLongW (hWnd=0x601ec, nIndex=-4) returned 2005870045 [0133.097] GetCurrentProcess () returned 0xffffffff [0133.097] GetCurrentThread () returned 0xfffffffe [0133.097] GetCurrentProcess () returned 0xffffffff [0133.098] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x2ed20c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ed20c*=0x40) returned 1 [0133.103] GetCurrentThreadId () returned 0xf58 [0133.111] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ed190 | out: phkResult=0x2ed190*=0x1f0) returned 0x0 [0133.112] RegQueryValueExW (in: hKey=0x1f0, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x2ed1b0, lpData=0x0, lpcbData=0x2ed1ac*=0x0 | out: lpType=0x2ed1b0*=0x0, lpData=0x0, lpcbData=0x2ed1ac*=0x0) returned 0x2 [0133.112] RegQueryValueExW (in: hKey=0x1f0, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x2ed1b0, lpData=0x0, lpcbData=0x2ed1ac*=0x0 | out: lpType=0x2ed1b0*=0x0, lpData=0x0, lpcbData=0x2ed1ac*=0x0) returned 0x2 [0133.112] RegCloseKey (hKey=0x1f0) returned 0x0 [0133.115] SetWindowLongW (hWnd=0x601ec, nIndex=-4, dwNewLong=7670014) returned 2005870045 [0133.115] GetWindowLongW (hWnd=0x601ec, nIndex=-4) returned 7670014 [0133.115] GetWindowLongW (hWnd=0x601ec, nIndex=-16) returned 79691776 [0133.148] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x601ec, Msg=0x24, wParam=0x0, lParam=0x2ed468) returned 0x0 [0133.149] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc059 [0133.149] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x601ec, Msg=0x81, wParam=0x0, lParam=0x2ed45c) returned 0x1 [0133.151] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x601ec, Msg=0x83, wParam=0x0, lParam=0x2ed448) returned 0x0 [0133.320] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x601ec, Msg=0x1, wParam=0x0, lParam=0x2ed45c) returned 0x0 [0133.931] GetCurrentProcessId () returned 0xf54 [0133.960] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2eea34 | out: lpLuid=0x2eea34*(LowPart=0x14, HighPart=0)) returned 1 [0133.961] GetCurrentProcess () returned 0xffffffff [0133.962] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x2eea30 | out: TokenHandle=0x2eea30*=0x238) returned 1 [0133.964] AdjustTokenPrivileges (in: TokenHandle=0x238, DisableAllPrivileges=0, NewState=0x248de8c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0133.964] CloseHandle (hObject=0x238) returned 1 [0133.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3449540, Length=0x20000, ResultLength=0x2ef114 | out: SystemInformation=0x3449540, ResultLength=0x2ef114*=0xc890) returned 0x0 [0133.988] GetCurrentProcessId () returned 0xf54 [0133.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3449540, Length=0x20000, ResultLength=0x2ef104 | out: SystemInformation=0x3449540, ResultLength=0x2ef104*=0xc890) returned 0x0 [0140.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x238 [0140.103] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x23c [0140.124] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee2cc | out: phkResult=0x2ee2cc*=0x240) returned 0x0 [0140.125] RegQueryValueExW (in: hKey=0x240, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2ee2ec, lpData=0x0, lpcbData=0x2ee2e8*=0x0 | out: lpType=0x2ee2ec*=0x1, lpData=0x0, lpcbData=0x2ee2e8*=0xe) returned 0x0 [0140.126] RegQueryValueExW (in: hKey=0x240, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2ee2ec, lpData=0x24b1aa4, lpcbData=0x2ee2e8*=0xe | out: lpType=0x2ee2ec*=0x1, lpData="Client", lpcbData=0x2ee2e8*=0xe) returned 0x0 [0140.127] RegCloseKey (hKey=0x240) returned 0x0 [0140.375] GetCurrentProcess () returned 0xffffffff [0140.376] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2edf20 | out: TokenHandle=0x2edf20*=0x240) returned 1 [0140.396] CloseHandle (hObject=0x240) returned 1 [0140.396] GetCurrentProcess () returned 0xffffffff [0140.396] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2edf38 | out: TokenHandle=0x2edf38*=0x240) returned 1 [0140.397] CloseHandle (hObject=0x240) returned 1 [0140.414] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef094 | out: phkResult=0x2ef094*=0x240) returned 0x0 [0140.415] RegQueryValueExW (in: hKey=0x240, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x2ef0b0, lpData=0x0, lpcbData=0x2ef0ac*=0x0 | out: lpType=0x2ef0b0*=0x0, lpData=0x0, lpcbData=0x2ef0ac*=0x0) returned 0x2 [0140.415] RegCloseKey (hKey=0x240) returned 0x0 [0140.418] GetCurrentProcessId () returned 0xf54 [0140.420] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.479] EnumProcessModules (in: hProcess=0x240, lphModule=0x24b5994, cb=0x100, lpcbNeeded=0x2ef0a0 | out: lphModule=0x24b5994, lpcbNeeded=0x2ef0a0) returned 1 [0140.480] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24b5ad4, cb=0xc | out: lpmodinfo=0x24b5ad4*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.482] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.483] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.483] CoTaskMemFree (pv=0x822ae8) [0140.484] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.484] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.484] CoTaskMemFree (pv=0x822ae8) [0140.486] CloseHandle (hObject=0x240) returned 1 [0140.487] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x0) returned 0x2 [0140.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.488] RegQueryValueExW (in: hKey=0x240, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.488] RegCloseKey (hKey=0x240) returned 0x0 [0140.489] GetCurrentProcessId () returned 0xf54 [0140.489] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.489] EnumProcessModules (in: hProcess=0x240, lphModule=0x24b85bc, cb=0x100, lpcbNeeded=0x2ef0a0 | out: lphModule=0x24b85bc, lpcbNeeded=0x2ef0a0) returned 1 [0140.490] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24b86fc, cb=0xc | out: lpmodinfo=0x24b86fc*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.491] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.491] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.491] CoTaskMemFree (pv=0x822ae8) [0140.491] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.491] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.491] CoTaskMemFree (pv=0x822ae8) [0140.491] CloseHandle (hObject=0x240) returned 1 [0140.492] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x0) returned 0x2 [0140.493] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.493] RegQueryValueExW (in: hKey=0x240, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.493] RegCloseKey (hKey=0x240) returned 0x0 [0140.493] GetCurrentProcessId () returned 0xf54 [0140.493] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.493] EnumProcessModules (in: hProcess=0x240, lphModule=0x24bb1f8, cb=0x100, lpcbNeeded=0x2ef0a0 | out: lphModule=0x24bb1f8, lpcbNeeded=0x2ef0a0) returned 1 [0140.495] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24bb338, cb=0xc | out: lpmodinfo=0x24bb338*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.495] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.495] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.495] CoTaskMemFree (pv=0x822ae8) [0140.495] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.495] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.496] CoTaskMemFree (pv=0x822ae8) [0140.496] CloseHandle (hObject=0x240) returned 1 [0140.496] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.496] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x0) returned 0x2 [0140.497] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.497] RegQueryValueExW (in: hKey=0x240, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.497] RegCloseKey (hKey=0x240) returned 0x0 [0140.497] GetCurrentProcessId () returned 0xf54 [0140.498] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.498] EnumProcessModules (in: hProcess=0x240, lphModule=0x24bded0, cb=0x100, lpcbNeeded=0x2ef0a0 | out: lphModule=0x24bded0, lpcbNeeded=0x2ef0a0) returned 1 [0140.499] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24be01c, cb=0xc | out: lpmodinfo=0x24be01c*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.499] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.499] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.499] CoTaskMemFree (pv=0x822ae8) [0140.499] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.499] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.500] CoTaskMemFree (pv=0x822ae8) [0140.500] CloseHandle (hObject=0x240) returned 1 [0140.500] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x0) returned 0x2 [0140.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.501] RegQueryValueExW (in: hKey=0x240, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.501] RegCloseKey (hKey=0x240) returned 0x0 [0140.502] GetCurrentProcessId () returned 0xf54 [0140.502] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.502] EnumProcessModules (in: hProcess=0x240, lphModule=0x24c0978, cb=0x100, lpcbNeeded=0x2ef0a0 | out: lphModule=0x24c0978, lpcbNeeded=0x2ef0a0) returned 1 [0140.503] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24c0ab8, cb=0xc | out: lpmodinfo=0x24c0ab8*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.503] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.503] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.503] CoTaskMemFree (pv=0x822ae8) [0140.504] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.504] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.504] CoTaskMemFree (pv=0x822ae8) [0140.504] CloseHandle (hObject=0x240) returned 1 [0140.505] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.505] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x0) returned 0x2 [0140.505] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.506] RegQueryValueExW (in: hKey=0x240, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.506] RegCloseKey (hKey=0x240) returned 0x0 [0140.506] GetCurrentProcessId () returned 0xf54 [0140.506] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.507] EnumProcessModules (in: hProcess=0x240, lphModule=0x24c33f8, cb=0x100, lpcbNeeded=0x2ef0a0 | out: lphModule=0x24c33f8, lpcbNeeded=0x2ef0a0) returned 1 [0140.508] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24c3538, cb=0xc | out: lpmodinfo=0x24c3538*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.508] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.508] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.508] CoTaskMemFree (pv=0x822ae8) [0140.508] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.508] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.509] CoTaskMemFree (pv=0x822ae8) [0140.509] CloseHandle (hObject=0x240) returned 1 [0140.509] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.509] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x0) returned 0x2 [0140.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.510] RegQueryValueExW (in: hKey=0x240, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.510] RegCloseKey (hKey=0x240) returned 0x0 [0140.522] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.522] RegQueryValueExW (in: hKey=0x240, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.522] RegCloseKey (hKey=0x240) returned 0x0 [0140.523] GetCurrentProcessId () returned 0xf54 [0140.523] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.523] EnumProcessModules (in: hProcess=0x240, lphModule=0x24c6d90, cb=0x100, lpcbNeeded=0x2ef09c | out: lphModule=0x24c6d90, lpcbNeeded=0x2ef09c) returned 1 [0140.524] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24c6ed0, cb=0xc | out: lpmodinfo=0x24c6ed0*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.524] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.524] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.524] CoTaskMemFree (pv=0x822ae8) [0140.525] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.525] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.525] CoTaskMemFree (pv=0x822ae8) [0140.525] CloseHandle (hObject=0x240) returned 1 [0140.525] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef094 | out: phkResult=0x2ef094*=0x0) returned 0x2 [0140.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef094 | out: phkResult=0x2ef094*=0x240) returned 0x0 [0140.526] RegQueryValueExW (in: hKey=0x240, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x2ef0b0, lpData=0x0, lpcbData=0x2ef0ac*=0x0 | out: lpType=0x2ef0b0*=0x0, lpData=0x0, lpcbData=0x2ef0ac*=0x0) returned 0x2 [0140.526] RegCloseKey (hKey=0x240) returned 0x0 [0140.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef098 | out: phkResult=0x2ef098*=0x240) returned 0x0 [0140.527] RegQueryValueExW (in: hKey=0x240, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x2ef0b4, lpData=0x0, lpcbData=0x2ef0b0*=0x0 | out: lpType=0x2ef0b4*=0x0, lpData=0x0, lpcbData=0x2ef0b0*=0x0) returned 0x2 [0140.527] RegCloseKey (hKey=0x240) returned 0x0 [0140.528] GetCurrentProcessId () returned 0xf54 [0140.528] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x240 [0140.528] EnumProcessModules (in: hProcess=0x240, lphModule=0x24c9bf4, cb=0x100, lpcbNeeded=0x2ef09c | out: lphModule=0x24c9bf4, lpcbNeeded=0x2ef09c) returned 1 [0140.529] GetModuleInformation (in: hProcess=0x240, hModule=0x400000, lpmodinfo=0x24c9d34, cb=0xc | out: lpmodinfo=0x24c9d34*(lpBaseOfDll=0x400000, SizeOfImage=0x3c000, EntryPoint=0x4375de)) returned 1 [0140.529] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.529] GetModuleBaseNameW (in: hProcess=0x240, hModule=0x400000, lpBaseName=0x822ae8, nSize=0x800 | out: lpBaseName="b0a10bd27d48fea4e569797829057892.virus.exe") returned 0x2a [0140.530] CoTaskMemFree (pv=0x822ae8) [0140.530] CoTaskMemAlloc (cb=0x804) returned 0x822ae8 [0140.530] GetModuleFileNameExW (in: hProcess=0x240, hModule=0x400000, lpFilename=0x822ae8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe")) returned 0x45 [0140.530] CoTaskMemFree (pv=0x822ae8) [0140.530] CloseHandle (hObject=0x240) returned 1 [0140.530] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0140.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef094 | out: phkResult=0x2ef094*=0x0) returned 0x2 [0140.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef094 | out: phkResult=0x2ef094*=0x240) returned 0x0 [0140.531] RegQueryValueExW (in: hKey=0x240, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x2ef0b0, lpData=0x0, lpcbData=0x2ef0ac*=0x0 | out: lpType=0x2ef0b0*=0x0, lpData=0x0, lpcbData=0x2ef0ac*=0x0) returned 0x2 [0140.531] RegCloseKey (hKey=0x240) returned 0x0 [0140.599] CreateBindCtx (in: reserved=0x0, ppbc=0x2ef0f4 | out: ppbc=0x2ef0f4*=0x7ddaa8) returned 0x0 [0140.600] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eebb0 | out: ppvObject=0x2eebb0*=0x7ddaa8) returned 0x0 [0140.600] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2eeb64 | out: ppvObject=0x2eeb64*=0x0) returned 0x80004002 [0140.601] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee98c | out: ppvObject=0x2ee98c*=0x0) returned 0x80004002 [0140.601] IUnknown:AddRef (This=0x7ddaa8) returned 0x3 [0140.601] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee4c0 | out: ppvObject=0x2ee4c0*=0x0) returned 0x80004002 [0140.601] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ee470 | out: ppvObject=0x2ee470*=0x0) returned 0x80004002 [0140.601] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee47c | out: ppvObject=0x2ee47c*=0x0) returned 0x80004002 [0140.601] CoGetContextToken (in: pToken=0x2ee4dc | out: pToken=0x2ee4dc) returned 0x0 [0140.601] CObjectContext::QueryInterface () returned 0x0 [0140.602] CObjectContext::GetCurrentApartmentType () returned 0x0 [0140.602] Release () returned 0x0 [0140.603] CoGetObjectContext (in: riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x81c104 | out: ppv=0x81c104*=0x7eecf8) returned 0x0 [0140.632] CoGetContextToken (in: pToken=0x2ee8ec | out: pToken=0x2ee8ec) returned 0x0 [0140.632] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee970 | out: ppvObject=0x2ee970*=0x0) returned 0x80004002 [0140.632] IUnknown:Release (This=0x7ddaa8) returned 0x2 [0140.632] CoGetContextToken (in: pToken=0x2eeebc | out: pToken=0x2eeebc) returned 0x0 [0140.633] CoGetContextToken (in: pToken=0x2eee1c | out: pToken=0x2eee1c) returned 0x0 [0140.633] IUnknown:QueryInterface (in: This=0x7ddaa8, riid=0x2eeeec*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeee8 | out: ppvObject=0x2eeee8*=0x7ddaa8) returned 0x0 [0140.634] IUnknown:AddRef (This=0x7ddaa8) returned 0x4 [0140.634] IUnknown:Release (This=0x7ddaa8) returned 0x3 [0140.634] IUnknown:Release (This=0x7ddaa8) returned 0x2 [0140.634] CoGetContextToken (in: pToken=0x2eef44 | out: pToken=0x2eef44) returned 0x0 [0140.634] IUnknown:AddRef (This=0x7ddaa8) returned 0x3 [0140.635] MkParseDisplayName (in: pbc=0x7ddaa8, szUserName="WinMgmts:", pchEaten=0x2ef128, ppmk=0x2ef0e0 | out: pchEaten=0x2ef128, ppmk=0x2ef0e0*=0x82ed68) returned 0x0 [0141.875] malloc (_Size=0x80) returned 0x7932b0 [0141.876] DllGetClassObject (in: rclsid=0x82f844*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x2eed20*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee3d8 | out: ppv=0x2ee3d8*=0x0) returned 0x80004002 [0141.876] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70810 [0141.876] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0141.877] DllGetClassObject (in: rclsid=0x82f844*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x7641ee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2eeed4 | out: ppv=0x2eeed4*=0x4d70810) returned 0x0 [0141.877] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70810 [0141.877] WinMGMTS:IClassFactory:CreateInstance (in: This=0x4d70810, pUnkOuter=0x0, riid=0x7641f084*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eee80 | out: ppvObject=0x2eee80*=0x4d70850) returned 0x0 [0141.877] GetVersionExW (in: lpVersionInformation=0x2eeccc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7f, dwMinorVersion=0x36b7, dwBuildNumber=0x3, dwPlatformId=0x2eed30, szCSDVersion="堡眬\x08쀕") | out: lpVersionInformation=0x2eeccc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0141.877] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x2eecc0 | out: phkResult=0x2eecc0*=0x284) returned 0x0 [0141.877] RegQueryValueExW (in: hKey=0x284, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x2eecc8, lpcbData=0x2eecc4*=0x4 | out: lpType=0x0, lpData=0x2eecc8*=0x3, lpcbData=0x2eecc4*=0x4) returned 0x0 [0141.878] RegCloseKey (hKey=0x284) returned 0x0 [0141.878] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70828 [0141.878] GetSystemDirectoryW (in: lpBuffer=0x4d70828, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0141.878] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x77180000 [0141.880] GetProcAddress (hModule=0x77180000, lpProcName="DuplicateTokenEx") returned 0x7718ca24 [0141.880] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0141.880] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70828 [0141.880] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70850 [0141.880] WinMGMTS:IUnknown:Release (This=0x4d70810) returned 0x0 [0141.880] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0141.881] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x4d70850, pbc=0x7ddaa8, pszDisplayName="WinMgmts:", pchEaten=0x2ef098, ppmkOut=0x2ef09c | out: pchEaten=0x2ef098*=0x9, ppmkOut=0x2ef09c*=0x82ed68) returned 0x0 [0141.881] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0141.887] IBindCtx:GetObjectParam (in: This=0x7ddaa8, pszKey="WmiObject", ppunk=0x2eefa0 | out: ppunk=0x2eefa0*=0x0) returned 0x80004005 [0141.887] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70860 [0141.887] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0141.887] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70880 [0141.887] CoCreateInstance (in: rclsid=0x70d242b0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x70d242a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x4d70898 | out: ppv=0x4d70898*=0x81a378) returned 0x0 [0142.342] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d708e8 [0142.343] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70950 [0142.343] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d709b0 [0142.343] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0142.343] GetCurrentThreadId () returned 0xf58 [0142.343] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0142.343] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0142.343] GetCurrentThreadId () returned 0xf58 [0142.344] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x2eee88 | out: phkResult=0x2eee88*=0x298) returned 0x0 [0142.344] RegQueryValueExW (in: hKey=0x298, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x2eee90*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x2eee90*=0x16) returned 0x0 [0142.344] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d709d0 [0142.344] RegQueryValueExW (in: hKey=0x298, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x4d709d0, lpcbData=0x2eee90*=0x16 | out: lpType=0x0, lpData=0x4d709d0*=0x72, lpcbData=0x2eee90*=0x16) returned 0x0 [0142.344] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d709f0 [0142.344] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.344] RegCloseKey (hKey=0x298) returned 0x0 [0142.344] CoCreateInstance (in: rclsid=0x70d253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x70d250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x2eeebc | out: ppv=0x2eeebc*=0x81a690) returned 0x0 [0142.519] SysStringLen (param_1=".") returned 0x1 [0142.519] WbemDefPath:IWbemPath:SetServer (This=0x81a690, Name=".") returned 0x0 [0142.519] CoCreateInstance (in: rclsid=0x70d253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x70d250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x2eee74 | out: ppv=0x2eee74*=0x81a700) returned 0x0 [0142.519] CoCreateInstance (in: rclsid=0x70d253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x70d250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x2eee18 | out: ppv=0x2eee18*=0x81a770) returned 0x0 [0142.519] WbemDefPath:IWbemPath:SetText (This=0x81a770, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0142.520] WbemDefPath:IUnknown:Release (This=0x81a770) returned 0x0 [0142.520] SysStringLen (param_1="root\\cimv2") returned 0xa [0142.520] WbemDefPath:IWbemPath:SetText (This=0x81a700, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0142.520] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a700, puCount=0x2eee84 | out: puCount=0x2eee84*=0x2) returned 0x0 [0142.520] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x81a690) returned 0x0 [0142.520] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a700, uIndex=0x0, puNameBufLength=0x2eee4c*=0x0, pName=0x0 | out: puNameBufLength=0x2eee4c*=0x5, pName=0x0) returned 0x0 [0142.520] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70810 [0142.520] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a700, uIndex=0x0, puNameBufLength=0x2eee4c*=0x5, pName="৐ӗÄӗ\x03" | out: puNameBufLength=0x2eee4c*=0x5, pName="root") returned 0x0 [0142.520] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.520] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x81a690, uIndex=0x0, pszName="root") returned 0x0 [0142.520] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a700, uIndex=0x1, puNameBufLength=0x2eee4c*=0x0, pName=0x0 | out: puNameBufLength=0x2eee4c*=0x6, pName=0x0) returned 0x0 [0142.520] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70810 [0142.520] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a700, uIndex=0x1, puNameBufLength=0x2eee4c*=0x6, pName="৐ӗÄӗ" | out: puNameBufLength=0x2eee4c*=0x6, pName="cimv2") returned 0x0 [0142.520] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.520] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x81a690, uIndex=0x1, pszName="cimv2") returned 0x0 [0142.520] WbemDefPath:IUnknown:Release (This=0x81a700) returned 0x0 [0142.520] WbemDefPath:IWbemPath:GetText (in: This=0x81a690, lFlags=4, puBuffLength=0x2eeea0*=0x0, pszText=0x0 | out: puBuffLength=0x2eeea0*=0xf, pszText=0x0) returned 0x0 [0142.521] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70a10 [0142.521] WbemDefPath:IWbemPath:GetText (in: This=0x81a690, lFlags=4, puBuffLength=0x2eeea0*=0xf, pszText="Äӗ৐ӗ" | out: puBuffLength=0x2eeea0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0142.521] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.521] WbemDefPath:IUnknown:Release (This=0x81a690) returned 0x0 [0142.521] WbemLocator:IWbemLocator:ConnectServer (in: This=0x81a378, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x2eef28 | out: ppNamespace=0x2eef28*=0x7fe698) returned 0x0 [0145.444] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70a10 [0145.444] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70a80 [0145.444] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70ae0 [0145.445] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe698, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eedf8 | out: ppvObject=0x2eedf8*=0x833064) returned 0x0 [0145.445] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x833064, pProxy=0x7fe698, pAuthnSvc=0x2eede8, pAuthzSvc=0x2eedec, pServerPrincName=0x0, pAuthnLevel=0x2eee14, pImpLevel=0x2eee10, pAuthInfo=0x0, pCapabilites=0x2eee00 | out: pAuthnSvc=0x2eede8*=0xa, pAuthzSvc=0x2eedec*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2eee14*=0x6, pImpLevel=0x2eee10*=0x2, pAuthInfo=0x0, pCapabilites=0x2eee00*=0x1) returned 0x0 [0145.445] WbemLocator:IUnknown:Release (This=0x833064) returned 0x1 [0145.445] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0145.445] GetCurrentThreadId () returned 0xf58 [0145.445] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe698, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eee28 | out: ppvObject=0x2eee28*=0x833064) returned 0x0 [0145.445] WbemLocator:IClientSecurity:CopyProxy (in: This=0x833064, pProxy=0x7fe698, ppCopy=0x2eee2c | out: ppCopy=0x2eee2c*=0x7fe738) returned 0x0 [0145.446] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe738, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eed44 | out: ppvObject=0x2eed44*=0x833064) returned 0x0 [0145.446] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x833064, pProxy=0x7fe738, pAuthnSvc=0x2eed68, pAuthzSvc=0x2eed58, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x2eed68*=0xa, pAuthzSvc=0x2eed58*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0145.446] WbemLocator:IUnknown:Release (This=0x833064) returned 0x3 [0145.446] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe738, riid=0x70d234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eed1c | out: ppvObject=0x2eed1c*=0x833084) returned 0x0 [0145.446] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe738, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eed20 | out: ppvObject=0x2eed20*=0x833064) returned 0x0 [0145.446] WbemLocator:IClientSecurity:SetBlanket (This=0x833064, pProxy=0x7fe738, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0145.446] WbemLocator:IUnknown:Release (This=0x833064) returned 0x4 [0145.446] WbemLocator:IUnknown:Release (This=0x833084) returned 0x3 [0145.446] WbemLocator:IUnknown:Release (This=0x833064) returned 0x2 [0145.447] WbemLocator:IUnknown:AddRef (This=0x7fe738) returned 0x3 [0145.447] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70b98 [0145.447] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d709d0 [0145.447] WbemLocator:IUnknown:Release (This=0x7fe698) returned 0x2 [0145.447] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0145.447] GetCurrentThreadId () returned 0xf58 [0145.447] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0145.447] GetCurrentThreadId () returned 0xf58 [0145.447] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe738, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeeec | out: ppvObject=0x2eeeec*=0x833064) returned 0x0 [0145.447] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x833064, pProxy=0x7fe738, pAuthnSvc=0x2eeedc, pAuthzSvc=0x2eeee0, pServerPrincName=0x0, pAuthnLevel=0x2eef0c, pImpLevel=0x2eef10, pAuthInfo=0x0, pCapabilites=0x2eeef4 | out: pAuthnSvc=0x2eeedc*=0xa, pAuthzSvc=0x2eeee0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2eef0c*=0x6, pImpLevel=0x2eef10*=0x3, pAuthInfo=0x0, pCapabilites=0x2eeef4*=0x20) returned 0x0 [0145.447] WbemLocator:IUnknown:Release (This=0x833064) returned 0x2 [0145.448] CreatePointerMoniker (in: punk=0x4d70a10, ppmk=0x2ef09c | out: ppmk=0x2ef09c*=0x82ed68) returned 0x0 [0145.448] IUnknown:AddRef (This=0x4d70a10) returned 0x2 [0145.448] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0145.448] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0145.448] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0145.448] WbemLocator:IUnknown:Release (This=0x81a378) returned 0x0 [0145.449] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0145.449] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0145.449] WinMGMTS:IUnknown:Release (This=0x4d70850) returned 0x0 [0145.449] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0145.451] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeba4 | out: ppvObject=0x2eeba4*=0x82ed68) returned 0x0 [0145.451] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2eeb58 | out: ppvObject=0x2eeb58*=0x0) returned 0x80004002 [0145.451] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee980 | out: ppvObject=0x2ee980*=0x0) returned 0x80004002 [0145.452] IUnknown:AddRef (This=0x82ed68) returned 0x3 [0145.452] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee4b4 | out: ppvObject=0x2ee4b4*=0x0) returned 0x80004002 [0145.452] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ee464 | out: ppvObject=0x2ee464*=0x0) returned 0x80004002 [0145.452] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee470 | out: ppvObject=0x2ee470*=0x82ed7c) returned 0x0 [0145.452] IMarshal:GetUnmarshalClass (in: This=0x82ed7c, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2ee478 | out: pCid=0x2ee478*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0145.452] IUnknown:Release (This=0x82ed7c) returned 0x3 [0145.452] CoGetContextToken (in: pToken=0x2ee4d0 | out: pToken=0x2ee4d0) returned 0x0 [0145.452] CoGetContextToken (in: pToken=0x2ee8e4 | out: pToken=0x2ee8e4) returned 0x0 [0145.453] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee964 | out: ppvObject=0x2ee964*=0x0) returned 0x80004002 [0145.453] IUnknown:Release (This=0x82ed68) returned 0x2 [0145.453] CoGetContextToken (in: pToken=0x2eeeb4 | out: pToken=0x2eeeb4) returned 0x0 [0145.453] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0145.453] IUnknown:QueryInterface (in: This=0x82ed68, riid=0x2eeee4*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeee0 | out: ppvObject=0x2eeee0*=0x82ed68) returned 0x0 [0145.453] IUnknown:AddRef (This=0x82ed68) returned 0x4 [0145.453] IUnknown:Release (This=0x82ed68) returned 0x3 [0145.453] IUnknown:Release (This=0x7ddaa8) returned 0x2 [0145.453] IUnknown:Release (This=0x82ed68) returned 0x2 [0145.455] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0145.455] IUnknown:AddRef (This=0x82ed68) returned 0x3 [0145.455] BindMoniker (in: pmk=0x82ed68, grfOpt=0x0, iidResult=0x248c788*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x2ef0e4 | out: ppvResult=0x2ef0e4*=0x4d70a10) returned 0x0 [0145.455] IUnknown:QueryInterface (in: This=0x4d70a10, riid=0x248c788*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ef0e4 | out: ppvObject=0x2ef0e4*=0x4d70a10) returned 0x0 [0145.489] LoadRegTypeLib (in: rguid=0x70d2364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x2ee950*=0x0 | out: pptlib=0x2ee950*=0x839f18) returned 0x0 [0145.767] ITypeLib:GetTypeInfoOfGuid (in: This=0x839f18, GUID=0x4d70a54*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x4d70a3c | out: ppTInfo=0x4d70a3c*=0x83b96c) returned 0x0 [0145.767] IUnknown:Release (This=0x839f18) returned 0x1 [0145.767] IUnknown:AddRef (This=0x83b96c) returned 0x2 [0145.767] ITypeInfo:RemoteGetTypeAttr (in: This=0x83b96c, ppTypeAttr=0x2ee980, pDummy=0x21208ffb | out: ppTypeAttr=0x2ee980, pDummy=0x21208ffb) returned 0x0 [0145.950] ITypeInfo:LocalReleaseTypeAttr (This=0x83b96c) returned 0x8340b0 [0145.950] IUnknown:Release (This=0x83b96c) returned 0x1 [0145.951] CoGetContextToken (in: pToken=0x2ee4d4 | out: pToken=0x2ee4d4) returned 0x0 [0145.951] CoGetContextToken (in: pToken=0x2ee8e4 | out: pToken=0x2ee8e4) returned 0x0 [0145.951] IUnknown:Release (This=0x82ed68) returned 0x2 [0145.990] CoGetContextToken (in: pToken=0x2eebb4 | out: pToken=0x2eebb4) returned 0x0 [0145.991] LoadRegTypeLib (in: rguid=0x70d2364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x2eebc4*=0x0 | out: pptlib=0x2eebc4*=0x839f18) returned 0x0 [0145.992] ITypeLib:GetTypeInfoOfGuid (in: This=0x839f18, GUID=0x4d70a44*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x4d70a38 | out: ppTInfo=0x4d70a38*=0x83b998) returned 0x0 [0145.992] IUnknown:Release (This=0x839f18) returned 0x2 [0145.992] IUnknown:AddRef (This=0x83b998) returned 0x2 [0145.993] DispGetIDsOfNames (in: ptinfo=0x83b998, rgszNames=0x2eec20*="InstancesOf", cNames=0x1, rgdispid=0x2eec10 | out: rgdispid=0x2eec10*=5) returned 0x0 [0145.995] IUnknown:Release (This=0x83b998) returned 0x1 [0145.998] IUnknown:AddRef (This=0x83b998) returned 0x2 [0145.998] ITypeInfo:LocalInvoke (This=0x83b998) returned 0x0 [0145.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0145.998] GetCurrentThreadId () returned 0xf58 [0145.998] WbemLocator:IUnknown:AddRef (This=0x7fe738) returned 0x3 [0145.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0145.998] GetCurrentThreadId () returned 0xf58 [0145.999] IWbemServices:CreateInstanceEnum (in: This=0x7fe738, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x2ee864 | out: ppEnum=0x2ee864*=0x835000) returned 0x0 [0146.010] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70850 [0146.010] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d708b0 [0146.010] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70910 [0146.010] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70970 [0146.011] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70bf8 [0146.011] IUnknown:QueryInterface (in: This=0x835000, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee77c | out: ppvObject=0x2ee77c*=0x835004) returned 0x0 [0146.011] IClientSecurity:QueryBlanket (in: This=0x835004, pProxy=0x835000, pAuthnSvc=0x2ee76c, pAuthzSvc=0x2ee770, pServerPrincName=0x0, pAuthnLevel=0x2ee798, pImpLevel=0x2ee794, pAuthInfo=0x0, pCapabilites=0x2ee784 | out: pAuthnSvc=0x2ee76c*=0xa, pAuthzSvc=0x2ee770*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ee798*=0x6, pImpLevel=0x2ee794*=0x2, pAuthInfo=0x0, pCapabilites=0x2ee784*=0x1) returned 0x0 [0146.011] IUnknown:Release (This=0x835004) returned 0x1 [0146.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.011] GetCurrentThreadId () returned 0xf58 [0146.011] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe738, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee760 | out: ppvObject=0x2ee760*=0x833064) returned 0x0 [0146.011] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x833064, pProxy=0x7fe738, pAuthnSvc=0x2ee750, pAuthzSvc=0x2ee754, pServerPrincName=0x0, pAuthnLevel=0x2ee780, pImpLevel=0x2ee784, pAuthInfo=0x0, pCapabilites=0x2ee768 | out: pAuthnSvc=0x2ee750*=0xa, pAuthzSvc=0x2ee754*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ee780*=0x6, pImpLevel=0x2ee784*=0x3, pAuthInfo=0x0, pCapabilites=0x2ee768*=0x20) returned 0x0 [0146.011] WbemLocator:IUnknown:Release (This=0x833064) returned 0x3 [0146.011] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.011] GetCurrentThreadId () returned 0xf58 [0146.012] WbemLocator:IUnknown:QueryInterface (in: This=0x7fe738, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee760 | out: ppvObject=0x2ee760*=0x833064) returned 0x0 [0146.012] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x833064, pProxy=0x7fe738, pAuthnSvc=0x2ee750, pAuthzSvc=0x2ee754, pServerPrincName=0x0, pAuthnLevel=0x2ee784, pImpLevel=0x2ee780, pAuthInfo=0x0, pCapabilites=0x2ee768 | out: pAuthnSvc=0x2ee750*=0xa, pAuthzSvc=0x2ee754*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ee784*=0x6, pImpLevel=0x2ee780*=0x3, pAuthInfo=0x0, pCapabilites=0x2ee768*=0x20) returned 0x0 [0146.012] WbemLocator:IUnknown:Release (This=0x833064) returned 0x3 [0146.012] IUnknown:QueryInterface (in: This=0x835000, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7ac | out: ppvObject=0x2ee7ac*=0x835004) returned 0x0 [0146.012] IClientSecurity:CopyProxy (in: This=0x835004, pProxy=0x835000, ppCopy=0x2ee7b0 | out: ppCopy=0x2ee7b0*=0x8350c8) returned 0x0 [0146.012] IUnknown:QueryInterface (in: This=0x8350c8, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee6c8 | out: ppvObject=0x2ee6c8*=0x8350cc) returned 0x0 [0146.012] IClientSecurity:QueryBlanket (in: This=0x8350cc, pProxy=0x8350c8, pAuthnSvc=0x2ee6ec, pAuthzSvc=0x2ee6dc, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x2ee6ec*=0xa, pAuthzSvc=0x2ee6dc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0146.012] IUnknown:Release (This=0x8350cc) returned 0x3 [0146.012] IUnknown:QueryInterface (in: This=0x8350c8, riid=0x70d234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee6a0 | out: ppvObject=0x2ee6a0*=0x83c67c) returned 0x0 [0146.012] IUnknown:QueryInterface (in: This=0x8350c8, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee6a4 | out: ppvObject=0x2ee6a4*=0x8350cc) returned 0x0 [0146.012] IClientSecurity:SetBlanket (This=0x8350cc, pProxy=0x8350c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0146.140] IUnknown:Release (This=0x8350cc) returned 0x4 [0146.140] WbemLocator:IUnknown:Release (This=0x83c67c) returned 0x3 [0146.140] IUnknown:Release (This=0x835004) returned 0x2 [0146.140] IUnknown:AddRef (This=0x8350c8) returned 0x3 [0146.140] IUnknown:Release (This=0x835000) returned 0x2 [0146.140] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ee81c | out: pperrinfo=0x2ee81c*=0x0) returned 0x1 [0146.141] WbemLocator:IUnknown:Release (This=0x7fe738) returned 0x2 [0146.141] IUnknown:Release (This=0x83b998) returned 0x1 [0146.142] LoadRegTypeLib (in: rguid=0x70d2364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x2ee40c*=0x0 | out: pptlib=0x2ee40c*=0x839f18) returned 0x0 [0146.172] ITypeLib:GetTypeInfoOfGuid (in: This=0x839f18, GUID=0x4d70888*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x4d70870 | out: ppTInfo=0x4d70870*=0x83baa0) returned 0x0 [0146.172] IUnknown:Release (This=0x839f18) returned 0x3 [0146.172] IUnknown:AddRef (This=0x83baa0) returned 0x2 [0146.172] ITypeInfo:RemoteGetTypeAttr (in: This=0x83baa0, ppTypeAttr=0x2ee43c, pDummy=0x2120823f | out: ppTypeAttr=0x2ee43c, pDummy=0x2120823f) returned 0x0 [0146.173] ITypeInfo:LocalReleaseTypeAttr (This=0x83baa0) returned 0x8340b0 [0146.173] IUnknown:Release (This=0x83baa0) returned 0x1 [0146.174] CoGetContextToken (in: pToken=0x2edf90 | out: pToken=0x2edf90) returned 0x0 [0146.174] CoGetContextToken (in: pToken=0x2ee3a4 | out: pToken=0x2ee3a4) returned 0x0 [0146.174] CoGetContextToken (in: pToken=0x2eef8c | out: pToken=0x2eef8c) returned 0x0 [0146.174] CoGetContextToken (in: pToken=0x2eeeec | out: pToken=0x2eeeec) returned 0x0 [0146.176] CoGetContextToken (in: pToken=0x2eef0c | out: pToken=0x2eef0c) returned 0x0 [0146.176] LoadRegTypeLib (in: rguid=0x70d2364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x2eef20*=0x0 | out: pptlib=0x2eef20*=0x839f18) returned 0x0 [0146.177] ITypeLib:GetTypeInfoOfGuid (in: This=0x839f18, GUID=0x4d70878*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x4d7086c | out: ppTInfo=0x4d7086c*=0x83ba48) returned 0x0 [0146.177] IUnknown:Release (This=0x839f18) returned 0x4 [0146.177] IUnknown:AddRef (This=0x83ba48) returned 0x2 [0146.177] ITypeInfo:LocalInvoke (This=0x83ba48) returned 0x0 [0146.177] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.177] GetCurrentThreadId () returned 0xf58 [0146.177] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70810 [0146.178] IUnknown:Release (This=0x83ba48) returned 0x1 [0146.178] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0147.435] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x8157c0 [0147.439] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x815848 [0147.457] CoGetContextToken (in: pToken=0x2eec54 | out: pToken=0x2eec54) returned 0x0 [0147.466] CoGetContextToken (in: pToken=0x2ee76c | out: pToken=0x2ee76c) returned 0x0 [0147.466] IUnknown:AddRef (This=0x83ba48) returned 0x2 [0147.466] ITypeInfo:LocalInvoke (This=0x83ba48) returned 0x0 [0147.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.466] GetCurrentThreadId () returned 0xf58 [0147.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.466] GetCurrentThreadId () returned 0xf58 [0147.466] IUnknown:AddRef (This=0x8350c8) returned 0x3 [0147.466] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.466] GetCurrentThreadId () returned 0xf58 [0147.466] IEnumWbemClassObject:Clone (in: This=0x8350c8, ppEnum=0x2ee9c0 | out: ppEnum=0x2ee9c0*=0x835190) returned 0x0 [0147.469] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70cb0 [0147.470] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70d10 [0147.470] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70d70 [0147.470] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70990 [0147.470] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70dd0 [0147.470] IUnknown:QueryInterface (in: This=0x835190, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee8d8 | out: ppvObject=0x2ee8d8*=0x835194) returned 0x0 [0147.470] IClientSecurity:QueryBlanket (in: This=0x835194, pProxy=0x835190, pAuthnSvc=0x2ee8c8, pAuthzSvc=0x2ee8cc, pServerPrincName=0x0, pAuthnLevel=0x2ee8f4, pImpLevel=0x2ee8f0, pAuthInfo=0x0, pCapabilites=0x2ee8e0 | out: pAuthnSvc=0x2ee8c8*=0xa, pAuthzSvc=0x2ee8cc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ee8f4*=0x6, pImpLevel=0x2ee8f0*=0x2, pAuthInfo=0x0, pCapabilites=0x2ee8e0*=0x1) returned 0x0 [0147.470] IUnknown:Release (This=0x835194) returned 0x1 [0147.470] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.470] GetCurrentThreadId () returned 0xf58 [0147.471] IUnknown:QueryInterface (in: This=0x8350c8, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee8bc | out: ppvObject=0x2ee8bc*=0x8350cc) returned 0x0 [0147.471] IClientSecurity:QueryBlanket (in: This=0x8350cc, pProxy=0x8350c8, pAuthnSvc=0x2ee8ac, pAuthzSvc=0x2ee8b0, pServerPrincName=0x0, pAuthnLevel=0x2ee8dc, pImpLevel=0x2ee8e0, pAuthInfo=0x0, pCapabilites=0x2ee8c4 | out: pAuthnSvc=0x2ee8ac*=0xa, pAuthzSvc=0x2ee8b0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ee8dc*=0x6, pImpLevel=0x2ee8e0*=0x3, pAuthInfo=0x0, pCapabilites=0x2ee8c4*=0x20) returned 0x0 [0147.471] IUnknown:Release (This=0x8350cc) returned 0x3 [0147.471] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.471] GetCurrentThreadId () returned 0xf58 [0147.471] IUnknown:QueryInterface (in: This=0x8350c8, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee8bc | out: ppvObject=0x2ee8bc*=0x8350cc) returned 0x0 [0147.471] IClientSecurity:QueryBlanket (in: This=0x8350cc, pProxy=0x8350c8, pAuthnSvc=0x2ee8ac, pAuthzSvc=0x2ee8b0, pServerPrincName=0x0, pAuthnLevel=0x2ee8e0, pImpLevel=0x2ee8dc, pAuthInfo=0x0, pCapabilites=0x2ee8c4 | out: pAuthnSvc=0x2ee8ac*=0xa, pAuthzSvc=0x2ee8b0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ee8e0*=0x6, pImpLevel=0x2ee8dc*=0x3, pAuthInfo=0x0, pCapabilites=0x2ee8c4*=0x20) returned 0x0 [0147.471] IUnknown:Release (This=0x8350cc) returned 0x3 [0147.471] IUnknown:QueryInterface (in: This=0x835190, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee908 | out: ppvObject=0x2ee908*=0x835194) returned 0x0 [0147.471] IClientSecurity:CopyProxy (in: This=0x835194, pProxy=0x835190, ppCopy=0x2ee90c | out: ppCopy=0x2ee90c*=0x835258) returned 0x0 [0147.472] IUnknown:QueryInterface (in: This=0x835258, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee824 | out: ppvObject=0x2ee824*=0x83525c) returned 0x0 [0147.472] IClientSecurity:QueryBlanket (in: This=0x83525c, pProxy=0x835258, pAuthnSvc=0x2ee848, pAuthzSvc=0x2ee838, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x2ee848*=0xa, pAuthzSvc=0x2ee838*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0147.472] IUnknown:Release (This=0x83525c) returned 0x3 [0147.472] IUnknown:QueryInterface (in: This=0x835258, riid=0x70d234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7fc | out: ppvObject=0x2ee7fc*=0x7f3dc4) returned 0x0 [0147.472] IUnknown:QueryInterface (in: This=0x835258, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee800 | out: ppvObject=0x2ee800*=0x83525c) returned 0x0 [0147.472] IClientSecurity:SetBlanket (This=0x83525c, pProxy=0x835258, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0147.475] IUnknown:Release (This=0x83525c) returned 0x4 [0147.475] WbemLocator:IUnknown:Release (This=0x7f3dc4) returned 0x3 [0147.476] IUnknown:Release (This=0x835194) returned 0x2 [0147.476] IUnknown:AddRef (This=0x835258) returned 0x3 [0147.476] IUnknown:Release (This=0x835190) returned 0x2 [0147.476] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ee978 | out: pperrinfo=0x2ee978*=0x0) returned 0x1 [0147.476] IUnknown:Release (This=0x8350c8) returned 0x2 [0147.477] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.477] GetCurrentThreadId () returned 0xf58 [0147.477] IUnknown:AddRef (This=0x835258) returned 0x3 [0147.477] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.477] GetCurrentThreadId () returned 0xf58 [0147.477] IEnumWbemClassObject:Reset (This=0x835258) returned 0x0 [0147.478] IUnknown:Release (This=0x835258) returned 0x2 [0147.478] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70810 [0147.478] IUnknown:Release (This=0x83ba48) returned 0x1 [0147.479] CoGetContextToken (in: pToken=0x2edf38 | out: pToken=0x2edf38) returned 0x0 [0147.480] CoGetContextToken (in: pToken=0x2ee34c | out: pToken=0x2ee34c) returned 0x0 [0147.490] CoGetContextToken (in: pToken=0x2eed2c | out: pToken=0x2eed2c) returned 0x0 [0147.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.491] GetCurrentThreadId () returned 0xf58 [0147.491] IUnknown:AddRef (This=0x835258) returned 0x3 [0147.491] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.491] GetCurrentThreadId () returned 0xf58 [0147.491] IEnumWbemClassObject:Next (in: This=0x835258, lTimeout=-1, uCount=0x1, apObjects=0x2ef0b0, puReturned=0x2ef0a8 | out: apObjects=0x2ef0b0*=0x84a510, puReturned=0x2ef0a8*=0x1) returned 0x0 [0147.497] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70e88 [0147.497] IUnknown:AddRef (This=0x84a510) returned 0x2 [0147.497] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70ed0 [0147.497] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70f40 [0147.497] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d70fa0 [0147.497] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d709b0 [0147.497] WbemLocator:IUnknown:AddRef (This=0x7fe738) returned 0x3 [0147.497] IUnknown:AddRef (This=0x835258) returned 0x4 [0147.497] IUnknown:QueryInterface (in: This=0x835258, riid=0x70d231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ef010 | out: ppvObject=0x2ef010*=0x83525c) returned 0x0 [0147.498] IClientSecurity:QueryBlanket (in: This=0x83525c, pProxy=0x835258, pAuthnSvc=0x2ef000, pAuthzSvc=0x2ef004, pServerPrincName=0x0, pAuthnLevel=0x2ef020, pImpLevel=0x2ef02c, pAuthInfo=0x0, pCapabilites=0x2ef018 | out: pAuthnSvc=0x2ef000*=0xa, pAuthzSvc=0x2ef004*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ef020*=0x6, pImpLevel=0x2ef02c*=0x3, pAuthInfo=0x0, pCapabilites=0x2ef018*=0x20) returned 0x0 [0147.498] IUnknown:Release (This=0x83525c) returned 0x4 [0147.498] WbemLocator:IUnknown:Release (This=0x7fe738) returned 0x2 [0147.498] WbemLocator:IUnknown:AddRef (This=0x7fe738) returned 0x3 [0147.498] IUnknown:Release (This=0x835258) returned 0x3 [0147.498] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0147.498] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d71000 [0147.498] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d71030 [0147.498] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d71050 [0147.498] IUnknown:AddRef (This=0x84a510) returned 0x3 [0147.498] IUnknown:Release (This=0x84a510) returned 0x2 [0147.498] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ef064 | out: pperrinfo=0x2ef064*=0x0) returned 0x1 [0147.498] IUnknown:Release (This=0x835258) returned 0x2 [0147.498] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ef0a8 | out: pperrinfo=0x2ef0a8*=0x0) returned 0x1 [0147.517] LoadRegTypeLib (in: rguid=0x70d2364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x2ee874*=0x0 | out: pptlib=0x2ee874*=0x839f18) returned 0x0 [0147.518] ITypeLib:GetTypeInfoOfGuid (in: This=0x839f18, GUID=0x70d370c4*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x4d7101c | out: ppTInfo=0x4d7101c*=0x83bacc) returned 0x0 [0147.518] IUnknown:Release (This=0x839f18) returned 0x5 [0147.518] IUnknown:AddRef (This=0x83bacc) returned 0x2 [0147.519] ITypeInfo:RemoteGetTypeAttr (in: This=0x83bacc, ppTypeAttr=0x2ee8b4, pDummy=0x21208e87 | out: ppTypeAttr=0x2ee8b4, pDummy=0x21208e87) returned 0x0 [0147.521] ITypeInfo:LocalReleaseTypeAttr (This=0x83bacc) returned 0x8340b0 [0147.521] IUnknown:Release (This=0x83bacc) returned 0x1 [0147.522] CoGetContextToken (in: pToken=0x2ee408 | out: pToken=0x2ee408) returned 0x0 [0147.522] CoGetContextToken (in: pToken=0x2ee81c | out: pToken=0x2ee81c) returned 0x0 [0147.526] CoGetContextToken (in: pToken=0x2eebd4 | out: pToken=0x2eebd4) returned 0x0 [0147.527] LoadRegTypeLib (in: rguid=0x70d2364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x2eebc8*=0x0 | out: pptlib=0x2eebc8*=0x839f18) returned 0x0 [0147.528] ITypeLib:GetTypeInfoOfGuid (in: This=0x839f18, GUID=0x70d255e4*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x4d71018 | out: ppTInfo=0x4d71018*=0x83baf8) returned 0x0 [0147.528] IUnknown:Release (This=0x839f18) returned 0x6 [0147.528] IUnknown:AddRef (This=0x83baf8) returned 0x2 [0147.528] DispGetIDsOfNames (in: ptinfo=0x83baf8, rgszNames=0x2eec40*="SerialNumber", cNames=0x1, rgdispid=0x2eec30 | out: rgdispid=0x2eec30*=-1) returned 0x80020006 [0147.551] IUnknown:AddRef (This=0x84a510) returned 0x3 [0147.551] IWbemClassObject:Get (in: This=0x84a510, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x2eeb50*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x2eeb50*=0) returned 0x0 [0147.551] IUnknown:Release (This=0x84a510) returned 0x2 [0147.551] SysStringLen (param_1="SerialNumber") returned 0xc [0147.552] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4d71078 [0147.552] SysStringLen (param_1="SerialNumber") returned 0xc [0147.552] IUnknown:Release (This=0x83baf8) returned 0x1 [0147.552] IUnknown:AddRef (This=0x83baf8) returned 0x2 [0147.552] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.552] GetCurrentThreadId () returned 0xf58 [0147.553] SysStringLen (param_1="SerialNumber") returned 0xc [0147.553] IWbemClassObject:Get (in: This=0x84a510, wszName="SerialNumber", lFlags=0, pVal=0x2ee9d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2eea08, varVal2=0x70d22d81), pType=0x2ee9e0*=1892822406, plFlavor=0x0 | out: pVal=0x2ee9d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..CN747510BO0504.", varVal2=0x70d22d81), pType=0x2ee9e0*=8, plFlavor=0x0) returned 0x0 [0147.553] IUnknown:Release (This=0x83baf8) returned 0x1 [0147.554] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22 [0147.554] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22 [0147.558] CoGetContextToken (in: pToken=0x2eed2c | out: pToken=0x2eed2c) returned 0x0 [0147.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.558] GetCurrentThreadId () returned 0xf58 [0147.558] IUnknown:AddRef (This=0x835258) returned 0x3 [0147.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0147.558] GetCurrentThreadId () returned 0xf58 [0147.558] IEnumWbemClassObject:Next (in: This=0x835258, lTimeout=-1, uCount=0x1, apObjects=0x2ef0b0, puReturned=0x2ef0a8 | out: apObjects=0x2ef0b0*=0x0, puReturned=0x2ef0a8*=0x0) returned 0x1 [0147.560] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ef064 | out: pperrinfo=0x2ef064*=0x0) returned 0x1 [0147.560] IUnknown:Release (This=0x835258) returned 0x2 [0147.560] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ef0a8 | out: pperrinfo=0x2ef0a8*=0x0) returned 0x1 [0148.156] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c0 [0148.158] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c4 [0148.173] SetEvent (hEvent=0x2c4) returned 1 [0148.174] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef098*=0x2c0, lpdwindex=0x2eeebc | out: lpdwindex=0x2eeebc) returned 0x0 [0148.217] CoGetContextToken (in: pToken=0x2eef6c | out: pToken=0x2eef6c) returned 0x0 [0148.217] CoGetContextToken (in: pToken=0x2eeecc | out: pToken=0x2eeecc) returned 0x0 [0148.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a850, riid=0x2eef9c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef98 | out: ppvObject=0x2eef98*=0x81a850) returned 0x0 [0148.218] WbemDefPath:IUnknown:AddRef (This=0x81a850) returned 0x3 [0148.218] WbemDefPath:IUnknown:Release (This=0x81a850) returned 0x2 [0148.224] WbemDefPath:IWbemPath:SetText (This=0x81a850, uMode=0x4, pszPath="win32_processor") returned 0x0 [0148.241] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a850, puCount=0x2ef118 | out: puCount=0x2ef118*=0x0) returned 0x0 [0148.241] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef114*=0x0, pszText=0x0 | out: puBuffLength=0x2ef114*=0x10, pszText=0x0) returned 0x0 [0148.241] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef114*=0x10, pszText="000000000000000" | out: puBuffLength=0x2ef114*=0x10, pszText="win32_processor") returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetInfo (in: This=0x81a850, uRequestedInfo=0x0, puResponse=0x2ef120 | out: puResponse=0x2ef120*=0xc15) returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a850, puCount=0x2ef118 | out: puCount=0x2ef118*=0x0) returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetInfo (in: This=0x81a850, uRequestedInfo=0x0, puResponse=0x2ef120 | out: puResponse=0x2ef120*=0xc15) returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a850, puCount=0x2ef108 | out: puCount=0x2ef108*=0x0) returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef104*=0x0, pszText=0x0 | out: puBuffLength=0x2ef104*=0x10, pszText=0x0) returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef104*=0x10, pszText="000000000000000" | out: puBuffLength=0x2ef104*=0x10, pszText="win32_processor") returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a850, puCount=0x2ef108 | out: puCount=0x2ef108*=0x0) returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef104*=0x0, pszText=0x0 | out: puBuffLength=0x2ef104*=0x10, pszText=0x0) returned 0x0 [0148.243] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef104*=0x10, pszText="000000000000000" | out: puBuffLength=0x2ef104*=0x10, pszText="win32_processor") returned 0x0 [0148.244] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a850, puCount=0x2ef098 | out: puCount=0x2ef098*=0x0) returned 0x0 [0148.245] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f0 [0148.245] SetEvent (hEvent=0x2c4) returned 1 [0148.245] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ee8f4*=0x2f0, lpdwindex=0x2ee718 | out: lpdwindex=0x2ee718) returned 0x0 [0148.269] CoGetContextToken (in: pToken=0x2ee7cc | out: pToken=0x2ee7cc) returned 0x0 [0148.269] CoGetContextToken (in: pToken=0x2ee72c | out: pToken=0x2ee72c) returned 0x0 [0148.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a8c0, riid=0x2ee7fc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2ee7f8 | out: ppvObject=0x2ee7f8*=0x81a8c0) returned 0x0 [0148.269] WbemDefPath:IUnknown:AddRef (This=0x81a8c0) returned 0x3 [0148.269] WbemDefPath:IUnknown:Release (This=0x81a8c0) returned 0x2 [0148.269] WbemDefPath:IWbemPath:SetText (This=0x81a8c0, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0148.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2ef084 | out: puCount=0x2ef084*=0x2) returned 0x0 [0148.269] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2ef080*=0x0, pszText=0x0 | out: puBuffLength=0x2ef080*=0xf, pszText=0x0) returned 0x0 [0148.270] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2ef080*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef080*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.270] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f4 [0148.270] SetEvent (hEvent=0x2c4) returned 1 [0148.270] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eefe0*=0x2f4, lpdwindex=0x2eee04 | out: lpdwindex=0x2eee04) returned 0x0 [0148.273] CoGetContextToken (in: pToken=0x2eeeb4 | out: pToken=0x2eeeb4) returned 0x0 [0148.273] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0148.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a930, riid=0x2eeee4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eeee0 | out: ppvObject=0x2eeee0*=0x81a930) returned 0x0 [0148.274] WbemDefPath:IUnknown:AddRef (This=0x81a930) returned 0x3 [0148.274] WbemDefPath:IUnknown:Release (This=0x81a930) returned 0x2 [0148.274] WbemDefPath:IWbemPath:SetText (This=0x81a930, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.274] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a930, puCount=0x2ef05c | out: puCount=0x2ef05c*=0x2) returned 0x0 [0148.274] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef058*=0x0, pszText=0x0 | out: puBuffLength=0x2ef058*=0xf, pszText=0x0) returned 0x0 [0148.274] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef058*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.286] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eef7c*=0x308, lpdwindex=0x2eee34 | out: lpdwindex=0x2eee34) returned 0x0 [0149.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a930, puCount=0x2ef080 | out: puCount=0x2ef080*=0x2) returned 0x0 [0149.660] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef07c*=0x0, pszText=0x0 | out: puBuffLength=0x2ef07c*=0xf, pszText=0x0) returned 0x0 [0149.661] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef07c*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef07c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0149.661] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef084*=0x0, pszText=0x0 | out: puBuffLength=0x2ef084*=0x10, pszText=0x0) returned 0x0 [0149.661] WbemDefPath:IWbemPath:GetText (in: This=0x81a850, lFlags=2, puBuffLength=0x2ef084*=0x10, pszText="000000000000000" | out: puBuffLength=0x2ef084*=0x10, pszText="win32_processor") returned 0x0 [0149.664] CoGetContextToken (in: pToken=0x2eee24 | out: pToken=0x2eee24) returned 0x0 [0149.664] CoGetContextToken (in: pToken=0x2eed84 | out: pToken=0x2eed84) returned 0x0 [0149.665] CoGetContextToken (in: pToken=0x2eed84 | out: pToken=0x2eed84) returned 0x0 [0149.665] CoGetContextToken (in: pToken=0x2eed24 | out: pToken=0x2eed24) returned 0x0 [0149.665] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x722b8ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eecfc | out: ppvObject=0x2eecfc*=0x7eee78) returned 0x0 [0149.665] CObjectContext::ContextCallback () returned 0x0 [0149.675] IUnknown:Release (This=0x7eee78) returned 0x1 [0149.676] CoUnmarshalInterface (in: pStm=0x824408, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2eed78 | out: ppv=0x2eed78*=0x84f674) returned 0x0 [0149.676] CoMarshalInterface (pStm=0x824408, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x84f674, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0149.676] WbemLocator:IUnknown:QueryInterface (in: This=0x84f674, riid=0x2eee54*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2eee50 | out: ppvObject=0x2eee50*=0x8526c0) returned 0x0 [0149.681] WbemLocator:IUnknown:Release (This=0x84f674) returned 0x1 [0149.681] IWbemServices:GetObject (in: This=0x8526c0, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x2ef038*=0x0, ppCallResult=0x0 | out: ppObject=0x2ef038*=0x867ac0, ppCallResult=0x0) returned 0x0 [0149.699] WbemLocator:IUnknown:Release (This=0x8526c0) returned 0x0 [0149.700] IWbemClassObject:Get (in: This=0x867ac0, wszName="__PATH", lFlags=0, pVal=0x2ef020*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef0c8*=0, plFlavor=0x2ef0c4*=0 | out: pVal=0x2ef020*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor", varVal2=0x0), pType=0x2ef0c8*=8, plFlavor=0x2ef0c4*=64) returned 0x0 [0149.701] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e [0149.701] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e [0149.702] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x348 [0149.702] SetEvent (hEvent=0x2c4) returned 1 [0149.702] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eefdc*=0x348, lpdwindex=0x2eee00 | out: lpdwindex=0x2eee00) returned 0x0 [0149.708] CoGetContextToken (in: pToken=0x2eeeb4 | out: pToken=0x2eeeb4) returned 0x0 [0149.708] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0149.708] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a9a0, riid=0x2eeee4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eeee0 | out: ppvObject=0x2eeee0*=0x81a9a0) returned 0x0 [0149.708] WbemDefPath:IUnknown:AddRef (This=0x81a9a0) returned 0x3 [0149.708] WbemDefPath:IUnknown:Release (This=0x81a9a0) returned 0x2 [0149.709] WbemDefPath:IWbemPath:SetText (This=0x81a9a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x0 [0149.709] IWbemClassObject:Get (in: This=0x867ac0, wszName="__CLASS", lFlags=0, pVal=0x2ef090*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef110*=0, plFlavor=0x2ef10c*=0 | out: pVal=0x2ef090*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x2ef110*=8, plFlavor=0x2ef10c*=64) returned 0x0 [0149.709] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0149.709] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0149.709] CoGetContextToken (in: pToken=0x2eeeb4 | out: pToken=0x2eeeb4) returned 0x0 [0149.709] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0149.709] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0149.709] CoUnmarshalInterface (in: pStm=0x824408, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2eee08 | out: ppv=0x2eee08*=0x84f674) returned 0x0 [0149.710] CoMarshalInterface (pStm=0x824408, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x84f674, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0149.710] WbemLocator:IUnknown:QueryInterface (in: This=0x84f674, riid=0x2eeee4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2eeee0 | out: ppvObject=0x2eeee0*=0x8527b0) returned 0x0 [0149.710] WbemLocator:IUnknown:Release (This=0x84f674) returned 0x1 [0149.711] IWbemServices:CreateInstanceEnum (in: This=0x8527b0, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x2ef08c | out: ppEnum=0x2ef08c*=0x8353e8) returned 0x0 [0149.726] IUnknown:QueryInterface (in: This=0x8353e8, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef18 | out: ppvObject=0x2eef18*=0x8353ec) returned 0x0 [0149.726] IClientSecurity:QueryBlanket (in: This=0x8353ec, pProxy=0x8353e8, pAuthnSvc=0x2eef68, pAuthzSvc=0x2eef64, pServerPrincName=0x2eef5c, pAuthnLevel=0x2eef60, pImpLevel=0x2eef50, pAuthInfo=0x2eef54, pCapabilites=0x2eef58 | out: pAuthnSvc=0x2eef68*=0xa, pAuthzSvc=0x2eef64*=0x0, pServerPrincName=0x2eef5c, pAuthnLevel=0x2eef60*=0x6, pImpLevel=0x2eef50*=0x2, pAuthInfo=0x2eef54, pCapabilites=0x2eef58*=0x1) returned 0x0 [0149.726] IUnknown:Release (This=0x8353ec) returned 0x1 [0149.727] IUnknown:QueryInterface (in: This=0x8353e8, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef0c | out: ppvObject=0x2eef0c*=0x84f764) returned 0x0 [0149.727] IUnknown:QueryInterface (in: This=0x8353e8, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeef8 | out: ppvObject=0x2eeef8*=0x8353ec) returned 0x0 [0149.727] IClientSecurity:SetBlanket (This=0x8353ec, pProxy=0x8353e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0149.733] IUnknown:Release (This=0x8353ec) returned 0x2 [0149.733] WbemLocator:IUnknown:Release (This=0x84f764) returned 0x1 [0149.733] CoTaskMemFree (pv=0x848bd8) [0149.733] IUnknown:AddRef (This=0x8353e8) returned 0x2 [0149.734] CoGetContextToken (in: pToken=0x2ee434 | out: pToken=0x2ee434) returned 0x0 [0149.734] CoGetContextToken (in: pToken=0x2ee844 | out: pToken=0x2ee844) returned 0x0 [0149.734] IUnknown:QueryInterface (in: This=0x8353e8, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7e0 | out: ppvObject=0x2ee7e0*=0x84f74c) returned 0x0 [0149.734] WbemLocator:IRpcOptions:Query (in: This=0x84f74c, pPrx=0x84a328, dwProperty=2, pdwValue=0x2ee8d4 | out: pdwValue=0x2ee8d4) returned 0x80004002 [0149.734] WbemLocator:IUnknown:Release (This=0x84f74c) returned 0x2 [0149.735] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0149.735] CoGetContextToken (in: pToken=0x2eed74 | out: pToken=0x2eed74) returned 0x0 [0149.735] IUnknown:QueryInterface (in: This=0x8353e8, riid=0x2eee44*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2eed10 | out: ppvObject=0x2eed10*=0x8353e8) returned 0x0 [0149.735] IUnknown:Release (This=0x8353e8) returned 0x2 [0149.735] WbemLocator:IUnknown:Release (This=0x8527b0) returned 0x0 [0149.735] SysStringLen (param_1=0x0) returned 0x0 [0149.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a930, puCount=0x2ef0c8 | out: puCount=0x2ef0c8*=0x2) returned 0x0 [0149.736] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef0c4*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0c4*=0xf, pszText=0x0) returned 0x0 [0149.736] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef0c4*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0c4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0149.736] CoGetContextToken (in: pToken=0x2eef14 | out: pToken=0x2eef14) returned 0x0 [0149.736] IEnumWbemClassObject:Clone (in: This=0x8353e8, ppEnum=0x2ef0c8 | out: ppEnum=0x2ef0c8*=0x8354b0) returned 0x0 [0149.840] IUnknown:QueryInterface (in: This=0x8354b0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef84 | out: ppvObject=0x2eef84*=0x8354b4) returned 0x0 [0149.840] IClientSecurity:QueryBlanket (in: This=0x8354b4, pProxy=0x8354b0, pAuthnSvc=0x2eefd4, pAuthzSvc=0x2eefd0, pServerPrincName=0x2eefc8, pAuthnLevel=0x2eefcc, pImpLevel=0x2eefbc, pAuthInfo=0x2eefc0, pCapabilites=0x2eefc4 | out: pAuthnSvc=0x2eefd4*=0xa, pAuthzSvc=0x2eefd0*=0x0, pServerPrincName=0x2eefc8, pAuthnLevel=0x2eefcc*=0x6, pImpLevel=0x2eefbc*=0x2, pAuthInfo=0x2eefc0, pCapabilites=0x2eefc4*=0x1) returned 0x0 [0149.840] IUnknown:Release (This=0x8354b4) returned 0x1 [0149.840] IUnknown:QueryInterface (in: This=0x8354b0, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x84f674) returned 0x0 [0149.840] IUnknown:QueryInterface (in: This=0x8354b0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef64 | out: ppvObject=0x2eef64*=0x8354b4) returned 0x0 [0149.841] IClientSecurity:SetBlanket (This=0x8354b4, pProxy=0x8354b0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.019] IUnknown:Release (This=0x8354b4) returned 0x2 [0150.019] WbemLocator:IUnknown:Release (This=0x84f674) returned 0x1 [0150.019] CoTaskMemFree (pv=0x848ba8) [0150.019] IUnknown:AddRef (This=0x8354b0) returned 0x2 [0150.020] CoGetContextToken (in: pToken=0x2ee494 | out: pToken=0x2ee494) returned 0x0 [0150.020] CoGetContextToken (in: pToken=0x2ee8a4 | out: pToken=0x2ee8a4) returned 0x0 [0150.020] IUnknown:QueryInterface (in: This=0x8354b0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee840 | out: ppvObject=0x2ee840*=0x84f65c) returned 0x0 [0150.020] WbemLocator:IRpcOptions:Query (in: This=0x84f65c, pPrx=0x863108, dwProperty=2, pdwValue=0x2ee934 | out: pdwValue=0x2ee934) returned 0x80004002 [0150.020] WbemLocator:IUnknown:Release (This=0x84f65c) returned 0x2 [0150.020] CoGetContextToken (in: pToken=0x2eee74 | out: pToken=0x2eee74) returned 0x0 [0150.021] CoGetContextToken (in: pToken=0x2eedd4 | out: pToken=0x2eedd4) returned 0x0 [0150.021] IUnknown:QueryInterface (in: This=0x8354b0, riid=0x2eeea4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2eed70 | out: ppvObject=0x2eed70*=0x8354b0) returned 0x0 [0150.021] IUnknown:Release (This=0x8354b0) returned 0x2 [0150.021] SysStringLen (param_1=0x0) returned 0x0 [0150.021] IEnumWbemClassObject:Reset (This=0x8354b0) returned 0x0 [0150.042] CoTaskMemAlloc (cb=0x4) returned 0x83f500 [0150.042] IEnumWbemClassObject:Next (in: This=0x8354b0, lTimeout=-1, uCount=0x1, apObjects=0x83f500, puReturned=0x24d2868 | out: apObjects=0x83f500*=0x86dba0, puReturned=0x24d2868*=0x1) returned 0x0 [0158.405] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86dba0) returned 0x0 [0158.406] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.406] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.406] IUnknown:AddRef (This=0x86dba0) returned 0x3 [0158.406] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.406] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.406] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86dba4) returned 0x0 [0158.407] IMarshal:GetUnmarshalClass (in: This=0x86dba4, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.407] IUnknown:Release (This=0x86dba4) returned 0x3 [0158.407] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.407] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.407] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.407] IUnknown:Release (This=0x86dba0) returned 0x2 [0158.407] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.407] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.407] IUnknown:QueryInterface (in: This=0x86dba0, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86dba0) returned 0x0 [0158.407] IUnknown:AddRef (This=0x86dba0) returned 0x4 [0158.408] IUnknown:Release (This=0x86dba0) returned 0x3 [0158.408] IUnknown:Release (This=0x86dba0) returned 0x2 [0158.408] CoTaskMemFree (pv=0x83f500) [0158.408] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.408] IUnknown:AddRef (This=0x86dba0) returned 0x3 [0158.409] IWbemClassObject:Get (in: This=0x86dba0, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.410] IWbemClassObject:Get (in: This=0x86dba0, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.411] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0158.411] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0158.411] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350 [0158.411] SetEvent (hEvent=0x2c4) returned 1 [0158.411] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x350, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.416] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.416] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aa80, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x81aa80) returned 0x0 [0158.417] WbemDefPath:IUnknown:AddRef (This=0x81aa80) returned 0x3 [0158.417] WbemDefPath:IUnknown:Release (This=0x81aa80) returned 0x2 [0158.417] WbemDefPath:IWbemPath:SetText (This=0x81aa80, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0158.417] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a930, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.417] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.417] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.417] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a930, puCount=0x2ef0d4 | out: puCount=0x2ef0d4*=0x2) returned 0x0 [0158.417] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef0d0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0d0*=0xf, pszText=0x0) returned 0x0 [0158.417] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=4, puBuffLength=0x2ef0d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.421] IWbemClassObject:Get (in: This=0x86dba0, wszName="processorID", lFlags=0, pVal=0x2ef0d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d3120*=0, plFlavor=0x24d3124*=0 | out: pVal=0x2ef0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x24d3120*=8, plFlavor=0x24d3124*=0) returned 0x0 [0158.421] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0158.421] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0158.422] IWbemClassObject:Get (in: This=0x86dba0, wszName="processorID", lFlags=0, pVal=0x2ef0d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d3120*=8, plFlavor=0x24d3124*=0 | out: pVal=0x2ef0d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x24d3120*=8, plFlavor=0x24d3124*=0) returned 0x0 [0158.422] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0158.422] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0158.423] CoTaskMemAlloc (cb=0x4) returned 0x7f35b0 [0158.423] IEnumWbemClassObject:Next (in: This=0x8354b0, lTimeout=-1, uCount=0x1, apObjects=0x7f35b0, puReturned=0x24d2868 | out: apObjects=0x7f35b0*=0x0, puReturned=0x24d2868*=0x0) returned 0x1 [0158.425] CoTaskMemFree (pv=0x7f35b0) [0158.426] CoGetContextToken (in: pToken=0x2eefec | out: pToken=0x2eefec) returned 0x0 [0158.426] IUnknown:Release (This=0x8354b0) returned 0x1 [0158.426] IUnknown:Release (This=0x8354b0) returned 0x0 [0158.464] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354 [0158.464] SetEvent (hEvent=0x2c4) returned 1 [0158.468] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef098*=0x354, lpdwindex=0x2eeebc | out: lpdwindex=0x2eeebc) returned 0x0 [0158.469] CoGetContextToken (in: pToken=0x2eef6c | out: pToken=0x2eef6c) returned 0x0 [0158.469] CoGetContextToken (in: pToken=0x2eeecc | out: pToken=0x2eeecc) returned 0x0 [0158.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aaf0, riid=0x2eef9c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef98 | out: ppvObject=0x2eef98*=0x81aaf0) returned 0x0 [0158.469] WbemDefPath:IUnknown:AddRef (This=0x81aaf0) returned 0x3 [0158.469] WbemDefPath:IUnknown:Release (This=0x81aaf0) returned 0x2 [0158.469] WbemDefPath:IWbemPath:SetText (This=0x81aaf0, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81aaf0, puCount=0x2ef118 | out: puCount=0x2ef118*=0x0) returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef114*=0x0, pszText=0x0 | out: puBuffLength=0x2ef114*=0x22, pszText=0x0) returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef114*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x2ef114*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetInfo (in: This=0x81aaf0, uRequestedInfo=0x0, puResponse=0x2ef120 | out: puResponse=0x2ef120*=0xc15) returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81aaf0, puCount=0x2ef118 | out: puCount=0x2ef118*=0x0) returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetInfo (in: This=0x81aaf0, uRequestedInfo=0x0, puResponse=0x2ef120 | out: puResponse=0x2ef120*=0xc15) returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81aaf0, puCount=0x2ef108 | out: puCount=0x2ef108*=0x0) returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef104*=0x0, pszText=0x0 | out: puBuffLength=0x2ef104*=0x22, pszText=0x0) returned 0x0 [0158.469] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef104*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x2ef104*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0158.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81aaf0, puCount=0x2ef108 | out: puCount=0x2ef108*=0x0) returned 0x0 [0158.470] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef104*=0x0, pszText=0x0 | out: puBuffLength=0x2ef104*=0x22, pszText=0x0) returned 0x0 [0158.470] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef104*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x2ef104*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0158.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81aaf0, puCount=0x2ef098 | out: puCount=0x2ef098*=0x0) returned 0x0 [0158.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2ef084 | out: puCount=0x2ef084*=0x2) returned 0x0 [0158.470] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2ef080*=0x0, pszText=0x0 | out: puBuffLength=0x2ef080*=0xf, pszText=0x0) returned 0x0 [0158.470] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2ef080*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef080*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.470] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c [0158.470] SetEvent (hEvent=0x2c4) returned 1 [0158.471] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eefe0*=0x35c, lpdwindex=0x2eee04 | out: lpdwindex=0x2eee04) returned 0x0 [0158.475] CoGetContextToken (in: pToken=0x2eeeb4 | out: pToken=0x2eeeb4) returned 0x0 [0158.475] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0158.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ab60, riid=0x2eeee4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eeee0 | out: ppvObject=0x2eeee0*=0x81ab60) returned 0x0 [0158.476] WbemDefPath:IUnknown:AddRef (This=0x81ab60) returned 0x3 [0158.476] WbemDefPath:IUnknown:Release (This=0x81ab60) returned 0x2 [0158.476] WbemDefPath:IWbemPath:SetText (This=0x81ab60, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0158.476] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef05c | out: puCount=0x2ef05c*=0x2) returned 0x0 [0158.476] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef058*=0x0, pszText=0x0 | out: puBuffLength=0x2ef058*=0xf, pszText=0x0) returned 0x0 [0158.476] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef058*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.488] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eef7c*=0x370, lpdwindex=0x2eee34 | out: lpdwindex=0x2eee34) returned 0x0 [0158.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef080 | out: puCount=0x2ef080*=0x2) returned 0x0 [0158.502] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef07c*=0x0, pszText=0x0 | out: puBuffLength=0x2ef07c*=0xf, pszText=0x0) returned 0x0 [0158.502] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef07c*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef07c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.502] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef084*=0x0, pszText=0x0 | out: puBuffLength=0x2ef084*=0x22, pszText=0x0) returned 0x0 [0158.502] WbemDefPath:IWbemPath:GetText (in: This=0x81aaf0, lFlags=2, puBuffLength=0x2ef084*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x2ef084*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0158.503] CoGetContextToken (in: pToken=0x2eee04 | out: pToken=0x2eee04) returned 0x0 [0158.503] CoGetContextToken (in: pToken=0x2eed64 | out: pToken=0x2eed64) returned 0x0 [0158.503] CoGetContextToken (in: pToken=0x2eed64 | out: pToken=0x2eed64) returned 0x0 [0158.503] CoGetContextToken (in: pToken=0x2eed04 | out: pToken=0x2eed04) returned 0x0 [0158.503] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x722b8ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eecdc | out: ppvObject=0x2eecdc*=0x7eee78) returned 0x0 [0158.504] CObjectContext::ContextCallback () returned 0x0 [0158.508] IUnknown:Release (This=0x7eee78) returned 0x1 [0158.508] CoUnmarshalInterface (in: pStm=0x824468, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2eed58 | out: ppv=0x2eed58*=0x84fa34) returned 0x0 [0158.509] CoMarshalInterface (pStm=0x824468, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x84fa34, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0158.509] WbemLocator:IUnknown:QueryInterface (in: This=0x84fa34, riid=0x2eee34*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2eee30 | out: ppvObject=0x2eee30*=0x852a30) returned 0x0 [0158.510] WbemLocator:IUnknown:Release (This=0x84fa34) returned 0x1 [0158.510] IWbemServices:GetObject (in: This=0x852a30, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x2ef038*=0x0, ppCallResult=0x0 | out: ppObject=0x2ef038*=0x86fdd8, ppCallResult=0x0) returned 0x0 [0158.538] WbemLocator:IUnknown:Release (This=0x852a30) returned 0x0 [0158.538] IWbemClassObject:Get (in: This=0x86fdd8, wszName="__PATH", lFlags=0, pVal=0x2ef020*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef0c8*=0, plFlavor=0x2ef0c4*=0 | out: pVal=0x2ef020*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x2ef0c8*=8, plFlavor=0x2ef0c4*=64) returned 0x0 [0158.538] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72 [0158.538] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72 [0158.539] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c [0158.539] SetEvent (hEvent=0x2c4) returned 1 [0158.539] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eefdc*=0x38c, lpdwindex=0x2eee00 | out: lpdwindex=0x2eee00) returned 0x0 [0158.544] CoGetContextToken (in: pToken=0x2eeeb4 | out: pToken=0x2eeeb4) returned 0x0 [0158.544] CoGetContextToken (in: pToken=0x2eee14 | out: pToken=0x2eee14) returned 0x0 [0158.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x81abd0, riid=0x2eeee4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eeee0 | out: ppvObject=0x2eeee0*=0x81abd0) returned 0x0 [0158.544] WbemDefPath:IUnknown:AddRef (This=0x81abd0) returned 0x3 [0158.544] WbemDefPath:IUnknown:Release (This=0x81abd0) returned 0x2 [0158.544] WbemDefPath:IWbemPath:SetText (This=0x81abd0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0158.545] IWbemClassObject:Get (in: This=0x86fdd8, wszName="__CLASS", lFlags=0, pVal=0x2ef090*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef110*=0, plFlavor=0x2ef10c*=0 | out: pVal=0x2ef090*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x2ef110*=8, plFlavor=0x2ef10c*=64) returned 0x0 [0158.545] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0158.545] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0158.545] CoGetContextToken (in: pToken=0x2eee8c | out: pToken=0x2eee8c) returned 0x0 [0158.545] CoGetContextToken (in: pToken=0x2eedec | out: pToken=0x2eedec) returned 0x0 [0158.545] CoGetContextToken (in: pToken=0x2eedec | out: pToken=0x2eedec) returned 0x0 [0158.545] CoUnmarshalInterface (in: pStm=0x824468, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2eede0 | out: ppv=0x2eede0*=0x84fa34) returned 0x0 [0158.545] CoMarshalInterface (pStm=0x824468, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x84fa34, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0158.546] WbemLocator:IUnknown:QueryInterface (in: This=0x84fa34, riid=0x2eeebc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2eeeb8 | out: ppvObject=0x2eeeb8*=0x852b20) returned 0x0 [0158.546] WbemLocator:IUnknown:Release (This=0x84fa34) returned 0x1 [0158.546] IWbemServices:CreateInstanceEnum (in: This=0x852b20, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x2ef08c | out: ppEnum=0x2ef08c*=0x835640) returned 0x0 [0158.557] IUnknown:QueryInterface (in: This=0x835640, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeef4 | out: ppvObject=0x2eeef4*=0x835644) returned 0x0 [0158.557] IClientSecurity:QueryBlanket (in: This=0x835644, pProxy=0x835640, pAuthnSvc=0x2eef44, pAuthzSvc=0x2eef40, pServerPrincName=0x2eef38, pAuthnLevel=0x2eef3c, pImpLevel=0x2eef2c, pAuthInfo=0x2eef30, pCapabilites=0x2eef34 | out: pAuthnSvc=0x2eef44*=0xa, pAuthzSvc=0x2eef40*=0x0, pServerPrincName=0x2eef38, pAuthnLevel=0x2eef3c*=0x6, pImpLevel=0x2eef2c*=0x2, pAuthInfo=0x2eef30, pCapabilites=0x2eef34*=0x1) returned 0x0 [0158.557] IUnknown:Release (This=0x835644) returned 0x1 [0158.557] IUnknown:QueryInterface (in: This=0x835640, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeee8 | out: ppvObject=0x2eeee8*=0x84fb24) returned 0x0 [0158.557] IUnknown:QueryInterface (in: This=0x835640, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eeed4 | out: ppvObject=0x2eeed4*=0x835644) returned 0x0 [0158.557] IClientSecurity:SetBlanket (This=0x835644, pProxy=0x835640, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.567] IUnknown:Release (This=0x835644) returned 0x2 [0158.567] WbemLocator:IUnknown:Release (This=0x84fb24) returned 0x1 [0158.568] CoTaskMemFree (pv=0x848c98) [0158.568] IUnknown:AddRef (This=0x835640) returned 0x2 [0158.570] CoGetContextToken (in: pToken=0x2ee410 | out: pToken=0x2ee410) returned 0x0 [0158.570] CoGetContextToken (in: pToken=0x2ee824 | out: pToken=0x2ee824) returned 0x0 [0158.570] IUnknown:QueryInterface (in: This=0x835640, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee7bc | out: ppvObject=0x2ee7bc*=0x84fb0c) returned 0x0 [0158.571] WbemLocator:IRpcOptions:Query (in: This=0x84fb0c, pPrx=0x873688, dwProperty=2, pdwValue=0x2ee8b0 | out: pdwValue=0x2ee8b0) returned 0x80004002 [0158.571] WbemLocator:IUnknown:Release (This=0x84fb0c) returned 0x2 [0158.571] CoGetContextToken (in: pToken=0x2eedf4 | out: pToken=0x2eedf4) returned 0x0 [0158.572] CoGetContextToken (in: pToken=0x2eed54 | out: pToken=0x2eed54) returned 0x0 [0158.572] IUnknown:QueryInterface (in: This=0x835640, riid=0x2eee24*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2eecf0 | out: ppvObject=0x2eecf0*=0x835640) returned 0x0 [0158.572] IUnknown:Release (This=0x835640) returned 0x2 [0158.572] WbemLocator:IUnknown:Release (This=0x852b20) returned 0x0 [0158.573] SysStringLen (param_1=0x0) returned 0x0 [0158.573] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c8 | out: puCount=0x2ef0c8*=0x2) returned 0x0 [0158.574] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0c4*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0c4*=0xf, pszText=0x0) returned 0x0 [0158.574] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0c4*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0c4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.574] CoGetContextToken (in: pToken=0x2eef14 | out: pToken=0x2eef14) returned 0x0 [0158.574] IEnumWbemClassObject:Clone (in: This=0x835640, ppEnum=0x2ef0c8 | out: ppEnum=0x2ef0c8*=0x8357d0) returned 0x0 [0158.576] IUnknown:QueryInterface (in: This=0x8357d0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef84 | out: ppvObject=0x2eef84*=0x8357d4) returned 0x0 [0158.576] IClientSecurity:QueryBlanket (in: This=0x8357d4, pProxy=0x8357d0, pAuthnSvc=0x2eefd4, pAuthzSvc=0x2eefd0, pServerPrincName=0x2eefc8, pAuthnLevel=0x2eefcc, pImpLevel=0x2eefbc, pAuthInfo=0x2eefc0, pCapabilites=0x2eefc4 | out: pAuthnSvc=0x2eefd4*=0xa, pAuthzSvc=0x2eefd0*=0x0, pServerPrincName=0x2eefc8, pAuthnLevel=0x2eefcc*=0x6, pImpLevel=0x2eefbc*=0x2, pAuthInfo=0x2eefc0, pCapabilites=0x2eefc4*=0x1) returned 0x0 [0158.576] IUnknown:Release (This=0x8357d4) returned 0x1 [0158.576] IUnknown:QueryInterface (in: This=0x8357d0, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x84fa34) returned 0x0 [0158.576] IUnknown:QueryInterface (in: This=0x8357d0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eef64 | out: ppvObject=0x2eef64*=0x8357d4) returned 0x0 [0158.576] IClientSecurity:SetBlanket (This=0x8357d4, pProxy=0x8357d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.579] IUnknown:Release (This=0x8357d4) returned 0x2 [0158.579] WbemLocator:IUnknown:Release (This=0x84fa34) returned 0x1 [0158.579] CoTaskMemFree (pv=0x848ba8) [0158.579] IUnknown:AddRef (This=0x8357d0) returned 0x2 [0158.580] CoGetContextToken (in: pToken=0x2ee494 | out: pToken=0x2ee494) returned 0x0 [0158.580] CoGetContextToken (in: pToken=0x2ee8a4 | out: pToken=0x2ee8a4) returned 0x0 [0158.580] IUnknown:QueryInterface (in: This=0x8357d0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee840 | out: ppvObject=0x2ee840*=0x84fa1c) returned 0x0 [0158.581] WbemLocator:IRpcOptions:Query (in: This=0x84fa1c, pPrx=0x8736b8, dwProperty=2, pdwValue=0x2ee934 | out: pdwValue=0x2ee934) returned 0x80004002 [0158.581] WbemLocator:IUnknown:Release (This=0x84fa1c) returned 0x2 [0158.581] CoGetContextToken (in: pToken=0x2eee74 | out: pToken=0x2eee74) returned 0x0 [0158.581] CoGetContextToken (in: pToken=0x2eedd4 | out: pToken=0x2eedd4) returned 0x0 [0158.581] IUnknown:QueryInterface (in: This=0x8357d0, riid=0x2eeea4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2eed70 | out: ppvObject=0x2eed70*=0x8357d0) returned 0x0 [0158.582] IUnknown:Release (This=0x8357d0) returned 0x2 [0158.582] SysStringLen (param_1=0x0) returned 0x0 [0158.582] IEnumWbemClassObject:Reset (This=0x8357d0) returned 0x0 [0158.583] CoTaskMemAlloc (cb=0x4) returned 0x872990 [0158.583] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872990, puReturned=0x24d4d54 | out: apObjects=0x872990*=0x8682e0, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.748] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x8682e0) returned 0x0 [0158.748] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.748] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.749] IUnknown:AddRef (This=0x8682e0) returned 0x3 [0158.749] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.749] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.749] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x8682e4) returned 0x0 [0158.749] IMarshal:GetUnmarshalClass (in: This=0x8682e4, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.749] IUnknown:Release (This=0x8682e4) returned 0x3 [0158.749] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.750] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.750] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.750] IUnknown:Release (This=0x8682e0) returned 0x2 [0158.750] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.750] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.750] IUnknown:QueryInterface (in: This=0x8682e0, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x8682e0) returned 0x0 [0158.750] IUnknown:AddRef (This=0x8682e0) returned 0x4 [0158.750] IUnknown:Release (This=0x8682e0) returned 0x3 [0158.750] IUnknown:Release (This=0x8682e0) returned 0x2 [0158.750] CoTaskMemFree (pv=0x872990) [0158.750] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.751] IUnknown:AddRef (This=0x8682e0) returned 0x3 [0158.751] IWbemClassObject:Get (in: This=0x8682e0, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.751] IWbemClassObject:Get (in: This=0x8682e0, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.751] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82 [0158.751] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82 [0158.752] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390 [0158.752] SetEvent (hEvent=0x2c4) returned 1 [0158.752] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x390, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.759] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.759] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.759] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ac40, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x81ac40) returned 0x0 [0158.759] WbemDefPath:IUnknown:AddRef (This=0x81ac40) returned 0x3 [0158.759] WbemDefPath:IUnknown:Release (This=0x81ac40) returned 0x2 [0158.759] WbemDefPath:IWbemPath:SetText (This=0x81ac40, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0158.760] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.760] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.760] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.766] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.767] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.767] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.767] IWbemClassObject:Get (in: This=0x8682e0, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d55f4*=0, plFlavor=0x24d55f8*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d55f4*=11, plFlavor=0x24d55f8*=0) returned 0x0 [0158.767] IWbemClassObject:Get (in: This=0x8682e0, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d55f4*=11, plFlavor=0x24d55f8*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d55f4*=11, plFlavor=0x24d55f8*=0) returned 0x0 [0158.788] IUnknown:Release (This=0x8682e0) returned 0x2 [0158.794] CoTaskMemAlloc (cb=0x4) returned 0x8729e0 [0158.794] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x8729e0, puReturned=0x24d4d54 | out: apObjects=0x8729e0*=0x86e168, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.796] IUnknown:QueryInterface (in: This=0x86e168, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86e168) returned 0x0 [0158.796] IUnknown:QueryInterface (in: This=0x86e168, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.796] IUnknown:QueryInterface (in: This=0x86e168, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.797] IUnknown:AddRef (This=0x86e168) returned 0x3 [0158.797] IUnknown:QueryInterface (in: This=0x86e168, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.797] IUnknown:QueryInterface (in: This=0x86e168, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.797] IUnknown:QueryInterface (in: This=0x86e168, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86e16c) returned 0x0 [0158.797] IMarshal:GetUnmarshalClass (in: This=0x86e16c, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.797] IUnknown:Release (This=0x86e16c) returned 0x3 [0158.797] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.797] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.797] IUnknown:QueryInterface (in: This=0x86e168, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.797] IUnknown:Release (This=0x86e168) returned 0x2 [0158.797] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.797] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.797] IUnknown:QueryInterface (in: This=0x86e168, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86e168) returned 0x0 [0158.797] IUnknown:AddRef (This=0x86e168) returned 0x4 [0158.797] IUnknown:Release (This=0x86e168) returned 0x3 [0158.797] IUnknown:Release (This=0x86e168) returned 0x2 [0158.798] CoTaskMemFree (pv=0x8729e0) [0158.798] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.798] IUnknown:AddRef (This=0x86e168) returned 0x3 [0158.798] IWbemClassObject:Get (in: This=0x86e168, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.799] IWbemClassObject:Get (in: This=0x86e168, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.799] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82 [0158.799] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82 [0158.799] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394 [0158.799] SetEvent (hEvent=0x2c4) returned 1 [0158.799] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x394, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.804] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.804] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x81acb0, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x81acb0) returned 0x0 [0158.805] WbemDefPath:IUnknown:AddRef (This=0x81acb0) returned 0x3 [0158.805] WbemDefPath:IUnknown:Release (This=0x81acb0) returned 0x2 [0158.805] WbemDefPath:IWbemPath:SetText (This=0x81acb0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0158.805] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.805] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.805] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.805] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.806] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.806] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.806] IWbemClassObject:Get (in: This=0x86e168, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d60c4*=0, plFlavor=0x24d60c8*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d60c4*=11, plFlavor=0x24d60c8*=0) returned 0x0 [0158.806] IWbemClassObject:Get (in: This=0x86e168, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d60c4*=11, plFlavor=0x24d60c8*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d60c4*=11, plFlavor=0x24d60c8*=0) returned 0x0 [0158.807] IUnknown:Release (This=0x86e168) returned 0x2 [0158.807] CoTaskMemAlloc (cb=0x4) returned 0x872a30 [0158.808] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872a30, puReturned=0x24d4d54 | out: apObjects=0x872a30*=0x86bb78, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.809] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86bb78) returned 0x0 [0158.810] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.810] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.810] IUnknown:AddRef (This=0x86bb78) returned 0x3 [0158.810] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.810] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.811] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86bb7c) returned 0x0 [0158.811] IMarshal:GetUnmarshalClass (in: This=0x86bb7c, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.811] IUnknown:Release (This=0x86bb7c) returned 0x3 [0158.811] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.811] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.811] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.811] IUnknown:Release (This=0x86bb78) returned 0x2 [0158.812] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.812] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.812] IUnknown:QueryInterface (in: This=0x86bb78, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86bb78) returned 0x0 [0158.812] IUnknown:AddRef (This=0x86bb78) returned 0x4 [0158.812] IUnknown:Release (This=0x86bb78) returned 0x3 [0158.812] IUnknown:Release (This=0x86bb78) returned 0x2 [0158.812] CoTaskMemFree (pv=0x872a30) [0158.812] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.812] IUnknown:AddRef (This=0x86bb78) returned 0x3 [0158.812] IWbemClassObject:Get (in: This=0x86bb78, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.813] IWbemClassObject:Get (in: This=0x86bb78, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.813] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82 [0158.813] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82 [0158.814] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0158.814] SetEvent (hEvent=0x2c4) returned 1 [0158.814] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x398, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.819] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.819] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.819] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ad20, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x81ad20) returned 0x0 [0158.819] WbemDefPath:IUnknown:AddRef (This=0x81ad20) returned 0x3 [0158.819] WbemDefPath:IUnknown:Release (This=0x81ad20) returned 0x2 [0158.819] WbemDefPath:IWbemPath:SetText (This=0x81ad20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0158.819] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.819] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.819] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.820] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.820] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.820] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.820] IWbemClassObject:Get (in: This=0x86bb78, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d6940*=0, plFlavor=0x24d6944*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d6940*=11, plFlavor=0x24d6944*=0) returned 0x0 [0158.820] IWbemClassObject:Get (in: This=0x86bb78, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d6940*=11, plFlavor=0x24d6944*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d6940*=11, plFlavor=0x24d6944*=0) returned 0x0 [0158.821] IUnknown:Release (This=0x86bb78) returned 0x2 [0158.821] CoTaskMemAlloc (cb=0x4) returned 0x872a80 [0158.821] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872a80, puReturned=0x24d4d54 | out: apObjects=0x872a80*=0x86beb0, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.822] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86beb0) returned 0x0 [0158.822] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.822] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.823] IUnknown:AddRef (This=0x86beb0) returned 0x3 [0158.823] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.823] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.823] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86beb4) returned 0x0 [0158.823] IMarshal:GetUnmarshalClass (in: This=0x86beb4, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.824] IUnknown:Release (This=0x86beb4) returned 0x3 [0158.824] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.824] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.824] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.824] IUnknown:Release (This=0x86beb0) returned 0x2 [0158.824] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.824] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.824] IUnknown:QueryInterface (in: This=0x86beb0, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86beb0) returned 0x0 [0158.825] IUnknown:AddRef (This=0x86beb0) returned 0x4 [0158.825] IUnknown:Release (This=0x86beb0) returned 0x3 [0158.825] IUnknown:Release (This=0x86beb0) returned 0x2 [0158.825] CoTaskMemFree (pv=0x872a80) [0158.825] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.826] IUnknown:AddRef (This=0x86beb0) returned 0x3 [0158.826] IWbemClassObject:Get (in: This=0x86beb0, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.826] IWbemClassObject:Get (in: This=0x86beb0, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.827] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82 [0158.827] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82 [0158.827] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c [0158.827] SetEvent (hEvent=0x2c4) returned 1 [0158.827] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x39c, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.832] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.832] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.833] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c200, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c200) returned 0x0 [0158.833] WbemDefPath:IUnknown:AddRef (This=0x86c200) returned 0x3 [0158.833] WbemDefPath:IUnknown:Release (This=0x86c200) returned 0x2 [0158.833] WbemDefPath:IWbemPath:SetText (This=0x86c200, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0158.833] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.833] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.833] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.833] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.834] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.834] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.834] IWbemClassObject:Get (in: This=0x86beb0, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d71bc*=0, plFlavor=0x24d71c0*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d71bc*=11, plFlavor=0x24d71c0*=0) returned 0x0 [0158.834] IWbemClassObject:Get (in: This=0x86beb0, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d71bc*=11, plFlavor=0x24d71c0*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d71bc*=11, plFlavor=0x24d71c0*=0) returned 0x0 [0158.835] IUnknown:Release (This=0x86beb0) returned 0x2 [0158.835] CoTaskMemAlloc (cb=0x4) returned 0x872ad0 [0158.835] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872ad0, puReturned=0x24d4d54 | out: apObjects=0x872ad0*=0x86d1e8, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.837] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86d1e8) returned 0x0 [0158.837] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.837] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.837] IUnknown:AddRef (This=0x86d1e8) returned 0x3 [0158.838] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.838] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.838] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86d1ec) returned 0x0 [0158.838] IMarshal:GetUnmarshalClass (in: This=0x86d1ec, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.838] IUnknown:Release (This=0x86d1ec) returned 0x3 [0158.838] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.838] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.838] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.838] IUnknown:Release (This=0x86d1e8) returned 0x2 [0158.838] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.838] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.838] IUnknown:QueryInterface (in: This=0x86d1e8, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86d1e8) returned 0x0 [0158.839] IUnknown:AddRef (This=0x86d1e8) returned 0x4 [0158.839] IUnknown:Release (This=0x86d1e8) returned 0x3 [0158.839] IUnknown:Release (This=0x86d1e8) returned 0x2 [0158.839] CoTaskMemFree (pv=0x872ad0) [0158.839] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.839] IUnknown:AddRef (This=0x86d1e8) returned 0x3 [0158.839] IWbemClassObject:Get (in: This=0x86d1e8, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.840] IWbemClassObject:Get (in: This=0x86d1e8, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.840] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82 [0158.840] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82 [0158.841] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0 [0158.841] SetEvent (hEvent=0x2c4) returned 1 [0158.841] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3a0, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.845] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.845] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c270, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c270) returned 0x0 [0158.845] WbemDefPath:IUnknown:AddRef (This=0x86c270) returned 0x3 [0158.845] WbemDefPath:IUnknown:Release (This=0x86c270) returned 0x2 [0158.845] WbemDefPath:IWbemPath:SetText (This=0x86c270, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x0 [0158.845] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.845] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.845] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.845] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.846] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.846] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.846] IWbemClassObject:Get (in: This=0x86d1e8, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d7a38*=0, plFlavor=0x24d7a3c*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d7a38*=11, plFlavor=0x24d7a3c*=0) returned 0x0 [0158.846] IWbemClassObject:Get (in: This=0x86d1e8, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d7a38*=11, plFlavor=0x24d7a3c*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d7a38*=11, plFlavor=0x24d7a3c*=0) returned 0x0 [0158.847] IUnknown:Release (This=0x86d1e8) returned 0x2 [0158.847] CoTaskMemAlloc (cb=0x4) returned 0x872b20 [0158.847] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872b20, puReturned=0x24d4d54 | out: apObjects=0x872b20*=0x86d520, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.848] IUnknown:QueryInterface (in: This=0x86d520, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86d520) returned 0x0 [0158.849] IUnknown:QueryInterface (in: This=0x86d520, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.849] IUnknown:QueryInterface (in: This=0x86d520, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.849] IUnknown:AddRef (This=0x86d520) returned 0x3 [0158.849] IUnknown:QueryInterface (in: This=0x86d520, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.850] IUnknown:QueryInterface (in: This=0x86d520, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.850] IUnknown:QueryInterface (in: This=0x86d520, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86d524) returned 0x0 [0158.850] IMarshal:GetUnmarshalClass (in: This=0x86d524, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.850] IUnknown:Release (This=0x86d524) returned 0x3 [0158.850] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.850] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.850] IUnknown:QueryInterface (in: This=0x86d520, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.851] IUnknown:Release (This=0x86d520) returned 0x2 [0158.851] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.851] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.851] IUnknown:QueryInterface (in: This=0x86d520, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86d520) returned 0x0 [0158.851] IUnknown:AddRef (This=0x86d520) returned 0x4 [0158.851] IUnknown:Release (This=0x86d520) returned 0x3 [0158.851] IUnknown:Release (This=0x86d520) returned 0x2 [0158.851] CoTaskMemFree (pv=0x872b20) [0158.852] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.852] IUnknown:AddRef (This=0x86d520) returned 0x3 [0158.852] IWbemClassObject:Get (in: This=0x86d520, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.853] IWbemClassObject:Get (in: This=0x86d520, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.853] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82 [0158.853] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82 [0158.853] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0158.853] SetEvent (hEvent=0x2c4) returned 1 [0158.853] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3a4, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.859] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.859] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c2e0, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c2e0) returned 0x0 [0158.860] WbemDefPath:IUnknown:AddRef (This=0x86c2e0) returned 0x3 [0158.860] WbemDefPath:IUnknown:Release (This=0x86c2e0) returned 0x2 [0158.860] WbemDefPath:IWbemPath:SetText (This=0x86c2e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x0 [0158.860] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.860] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.860] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.860] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.860] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.860] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.860] IWbemClassObject:Get (in: This=0x86d520, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d82c0*=0, plFlavor=0x24d82c4*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d82c0*=11, plFlavor=0x24d82c4*=0) returned 0x0 [0158.861] IWbemClassObject:Get (in: This=0x86d520, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d82c0*=11, plFlavor=0x24d82c4*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d82c0*=11, plFlavor=0x24d82c4*=0) returned 0x0 [0158.861] IUnknown:Release (This=0x86d520) returned 0x2 [0158.862] CoTaskMemAlloc (cb=0x4) returned 0x872b70 [0158.862] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872b70, puReturned=0x24d4d54 | out: apObjects=0x872b70*=0x86b680, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.863] IUnknown:QueryInterface (in: This=0x86b680, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86b680) returned 0x0 [0158.863] IUnknown:QueryInterface (in: This=0x86b680, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.863] IUnknown:QueryInterface (in: This=0x86b680, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.864] IUnknown:AddRef (This=0x86b680) returned 0x3 [0158.864] IUnknown:QueryInterface (in: This=0x86b680, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.864] IUnknown:QueryInterface (in: This=0x86b680, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.864] IUnknown:QueryInterface (in: This=0x86b680, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86b684) returned 0x0 [0158.864] IMarshal:GetUnmarshalClass (in: This=0x86b684, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.864] IUnknown:Release (This=0x86b684) returned 0x3 [0158.865] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.865] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.865] IUnknown:QueryInterface (in: This=0x86b680, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.865] IUnknown:Release (This=0x86b680) returned 0x2 [0158.865] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.865] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.865] IUnknown:QueryInterface (in: This=0x86b680, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86b680) returned 0x0 [0158.865] IUnknown:AddRef (This=0x86b680) returned 0x4 [0158.865] IUnknown:Release (This=0x86b680) returned 0x3 [0158.865] IUnknown:Release (This=0x86b680) returned 0x2 [0158.865] CoTaskMemFree (pv=0x872b70) [0158.866] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.866] IUnknown:AddRef (This=0x86b680) returned 0x3 [0158.866] IWbemClassObject:Get (in: This=0x86b680, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.867] IWbemClassObject:Get (in: This=0x86b680, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.867] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82 [0158.867] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82 [0158.867] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0158.868] SetEvent (hEvent=0x2c4) returned 1 [0158.868] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3a8, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.872] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.872] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c350, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c350) returned 0x0 [0158.872] WbemDefPath:IUnknown:AddRef (This=0x86c350) returned 0x3 [0158.872] WbemDefPath:IUnknown:Release (This=0x86c350) returned 0x2 [0158.872] WbemDefPath:IWbemPath:SetText (This=0x86c350, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x0 [0158.872] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.872] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.872] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.872] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.872] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.872] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.872] IWbemClassObject:Get (in: This=0x86b680, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d8b3c*=0, plFlavor=0x24d8b40*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d8b3c*=11, plFlavor=0x24d8b40*=0) returned 0x0 [0158.873] IWbemClassObject:Get (in: This=0x86b680, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d8b3c*=11, plFlavor=0x24d8b40*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d8b3c*=11, plFlavor=0x24d8b40*=0) returned 0x0 [0158.874] IUnknown:Release (This=0x86b680) returned 0x2 [0158.874] CoTaskMemAlloc (cb=0x4) returned 0x872bc0 [0158.874] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872bc0, puReturned=0x24d4d54 | out: apObjects=0x872bc0*=0x86d980, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.875] IUnknown:QueryInterface (in: This=0x86d980, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x86d980) returned 0x0 [0158.875] IUnknown:QueryInterface (in: This=0x86d980, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.875] IUnknown:QueryInterface (in: This=0x86d980, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.876] IUnknown:AddRef (This=0x86d980) returned 0x3 [0158.876] IUnknown:QueryInterface (in: This=0x86d980, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.876] IUnknown:QueryInterface (in: This=0x86d980, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.876] IUnknown:QueryInterface (in: This=0x86d980, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x86d984) returned 0x0 [0158.876] IMarshal:GetUnmarshalClass (in: This=0x86d984, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.876] IUnknown:Release (This=0x86d984) returned 0x3 [0158.876] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.876] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.876] IUnknown:QueryInterface (in: This=0x86d980, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.876] IUnknown:Release (This=0x86d980) returned 0x2 [0158.877] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.877] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.877] IUnknown:QueryInterface (in: This=0x86d980, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x86d980) returned 0x0 [0158.877] IUnknown:AddRef (This=0x86d980) returned 0x4 [0158.877] IUnknown:Release (This=0x86d980) returned 0x3 [0158.877] IUnknown:Release (This=0x86d980) returned 0x2 [0158.877] CoTaskMemFree (pv=0x872bc0) [0158.878] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.878] IUnknown:AddRef (This=0x86d980) returned 0x3 [0158.878] IWbemClassObject:Get (in: This=0x86d980, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.879] IWbemClassObject:Get (in: This=0x86d980, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.879] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82 [0158.879] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82 [0158.880] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac [0158.880] SetEvent (hEvent=0x2c4) returned 1 [0158.880] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3ac, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.884] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.884] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c3c0, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c3c0) returned 0x0 [0158.885] WbemDefPath:IUnknown:AddRef (This=0x86c3c0) returned 0x3 [0158.885] WbemDefPath:IUnknown:Release (This=0x86c3c0) returned 0x2 [0158.885] WbemDefPath:IWbemPath:SetText (This=0x86c3c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x0 [0158.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.885] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.885] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.885] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.885] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.885] IWbemClassObject:Get (in: This=0x86d980, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d93b8*=0, plFlavor=0x24d93bc*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d93b8*=11, plFlavor=0x24d93bc*=0) returned 0x0 [0158.886] IWbemClassObject:Get (in: This=0x86d980, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d93b8*=11, plFlavor=0x24d93bc*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d93b8*=11, plFlavor=0x24d93bc*=0) returned 0x0 [0158.887] IUnknown:Release (This=0x86d980) returned 0x2 [0158.887] CoTaskMemAlloc (cb=0x4) returned 0x872c10 [0158.887] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872c10, puReturned=0x24d4d54 | out: apObjects=0x872c10*=0x84afe8, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.889] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x84afe8) returned 0x0 [0158.889] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.889] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.890] IUnknown:AddRef (This=0x84afe8) returned 0x3 [0158.890] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.890] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.890] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x84afec) returned 0x0 [0158.890] IMarshal:GetUnmarshalClass (in: This=0x84afec, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.890] IUnknown:Release (This=0x84afec) returned 0x3 [0158.890] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.890] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.890] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.890] IUnknown:Release (This=0x84afe8) returned 0x2 [0158.890] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.890] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.890] IUnknown:QueryInterface (in: This=0x84afe8, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x84afe8) returned 0x0 [0158.891] IUnknown:AddRef (This=0x84afe8) returned 0x4 [0158.891] IUnknown:Release (This=0x84afe8) returned 0x3 [0158.891] IUnknown:Release (This=0x84afe8) returned 0x2 [0158.891] CoTaskMemFree (pv=0x872c10) [0158.891] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.891] IUnknown:AddRef (This=0x84afe8) returned 0x3 [0158.891] IWbemClassObject:Get (in: This=0x84afe8, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.892] IWbemClassObject:Get (in: This=0x84afe8, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.892] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82 [0158.892] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82 [0158.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0 [0158.893] SetEvent (hEvent=0x2c4) returned 1 [0158.893] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3b0, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.897] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.897] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c430, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c430) returned 0x0 [0158.897] WbemDefPath:IUnknown:AddRef (This=0x86c430) returned 0x3 [0158.897] WbemDefPath:IUnknown:Release (This=0x86c430) returned 0x2 [0158.897] WbemDefPath:IWbemPath:SetText (This=0x86c430, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x0 [0158.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.897] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.897] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.898] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.898] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.898] IWbemClassObject:Get (in: This=0x84afe8, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d9c34*=0, plFlavor=0x24d9c38*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d9c34*=11, plFlavor=0x24d9c38*=0) returned 0x0 [0158.898] IWbemClassObject:Get (in: This=0x84afe8, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d9c34*=11, plFlavor=0x24d9c38*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24d9c34*=11, plFlavor=0x24d9c38*=0) returned 0x0 [0158.898] IUnknown:Release (This=0x84afe8) returned 0x2 [0158.898] CoTaskMemAlloc (cb=0x4) returned 0x872c60 [0158.898] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x872c60, puReturned=0x24d4d54 | out: apObjects=0x872c60*=0x84ade8, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.900] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x84ade8) returned 0x0 [0158.900] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.900] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.900] IUnknown:AddRef (This=0x84ade8) returned 0x3 [0158.900] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.900] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.900] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x84adec) returned 0x0 [0158.901] IMarshal:GetUnmarshalClass (in: This=0x84adec, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.901] IUnknown:Release (This=0x84adec) returned 0x3 [0158.901] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.901] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.901] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.901] IUnknown:Release (This=0x84ade8) returned 0x2 [0158.901] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.901] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.901] IUnknown:QueryInterface (in: This=0x84ade8, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x84ade8) returned 0x0 [0158.901] IUnknown:AddRef (This=0x84ade8) returned 0x4 [0158.901] IUnknown:Release (This=0x84ade8) returned 0x3 [0158.901] IUnknown:Release (This=0x84ade8) returned 0x2 [0158.901] CoTaskMemFree (pv=0x872c60) [0158.901] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.901] IUnknown:AddRef (This=0x84ade8) returned 0x3 [0158.901] IWbemClassObject:Get (in: This=0x84ade8, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.902] IWbemClassObject:Get (in: This=0x84ade8, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.902] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82 [0158.902] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82 [0158.902] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0158.902] SetEvent (hEvent=0x2c4) returned 1 [0158.903] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3b4, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.907] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.907] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.907] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c4a0, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c4a0) returned 0x0 [0158.907] WbemDefPath:IUnknown:AddRef (This=0x86c4a0) returned 0x3 [0158.907] WbemDefPath:IUnknown:Release (This=0x86c4a0) returned 0x2 [0158.907] WbemDefPath:IWbemPath:SetText (This=0x86c4a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x0 [0158.907] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.907] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.907] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.907] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.907] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.907] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.907] IWbemClassObject:Get (in: This=0x84ade8, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24da4bc*=0, plFlavor=0x24da4c0*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24da4bc*=11, plFlavor=0x24da4c0*=0) returned 0x0 [0158.908] IWbemClassObject:Get (in: This=0x84ade8, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24da4bc*=11, plFlavor=0x24da4c0*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24da4bc*=11, plFlavor=0x24da4c0*=0) returned 0x0 [0158.908] IUnknown:Release (This=0x84ade8) returned 0x2 [0158.908] CoTaskMemAlloc (cb=0x4) returned 0x8881c8 [0158.909] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x8881c8, puReturned=0x24d4d54 | out: apObjects=0x8881c8*=0x888580, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.910] IUnknown:QueryInterface (in: This=0x888580, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x888580) returned 0x0 [0158.910] IUnknown:QueryInterface (in: This=0x888580, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.910] IUnknown:QueryInterface (in: This=0x888580, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.911] IUnknown:AddRef (This=0x888580) returned 0x3 [0158.911] IUnknown:QueryInterface (in: This=0x888580, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.911] IUnknown:QueryInterface (in: This=0x888580, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.911] IUnknown:QueryInterface (in: This=0x888580, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x888584) returned 0x0 [0158.911] IMarshal:GetUnmarshalClass (in: This=0x888584, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.911] IUnknown:Release (This=0x888584) returned 0x3 [0158.911] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.911] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.911] IUnknown:QueryInterface (in: This=0x888580, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.912] IUnknown:Release (This=0x888580) returned 0x2 [0158.912] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.912] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.912] IUnknown:QueryInterface (in: This=0x888580, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x888580) returned 0x0 [0158.912] IUnknown:AddRef (This=0x888580) returned 0x4 [0158.912] IUnknown:Release (This=0x888580) returned 0x3 [0158.912] IUnknown:Release (This=0x888580) returned 0x2 [0158.912] CoTaskMemFree (pv=0x8881c8) [0158.912] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.912] IUnknown:AddRef (This=0x888580) returned 0x3 [0158.913] IWbemClassObject:Get (in: This=0x888580, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.913] IWbemClassObject:Get (in: This=0x888580, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.914] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84 [0158.914] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84 [0158.914] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0158.914] SetEvent (hEvent=0x2c4) returned 1 [0158.914] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3b8, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.919] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.919] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.919] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c510, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c510) returned 0x0 [0158.919] WbemDefPath:IUnknown:AddRef (This=0x86c510) returned 0x3 [0158.920] WbemDefPath:IUnknown:Release (This=0x86c510) returned 0x2 [0158.920] WbemDefPath:IWbemPath:SetText (This=0x86c510, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x0 [0158.920] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.920] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.920] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.920] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.920] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.920] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.920] IWbemClassObject:Get (in: This=0x888580, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dad3c*=0, plFlavor=0x24dad40*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dad3c*=11, plFlavor=0x24dad40*=0) returned 0x0 [0158.921] IWbemClassObject:Get (in: This=0x888580, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dad3c*=11, plFlavor=0x24dad40*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dad3c*=11, plFlavor=0x24dad40*=0) returned 0x0 [0158.921] IUnknown:Release (This=0x888580) returned 0x2 [0158.921] CoTaskMemAlloc (cb=0x4) returned 0x888218 [0158.921] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x888218, puReturned=0x24d4d54 | out: apObjects=0x888218*=0x891318, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.923] IUnknown:QueryInterface (in: This=0x891318, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x891318) returned 0x0 [0158.923] IUnknown:QueryInterface (in: This=0x891318, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.923] IUnknown:QueryInterface (in: This=0x891318, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.924] IUnknown:AddRef (This=0x891318) returned 0x3 [0158.924] IUnknown:QueryInterface (in: This=0x891318, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.924] IUnknown:QueryInterface (in: This=0x891318, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.924] IUnknown:QueryInterface (in: This=0x891318, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x89131c) returned 0x0 [0158.924] IMarshal:GetUnmarshalClass (in: This=0x89131c, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.924] IUnknown:Release (This=0x89131c) returned 0x3 [0158.924] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.925] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.925] IUnknown:QueryInterface (in: This=0x891318, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.925] IUnknown:Release (This=0x891318) returned 0x2 [0158.925] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.925] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.925] IUnknown:QueryInterface (in: This=0x891318, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x891318) returned 0x0 [0158.925] IUnknown:AddRef (This=0x891318) returned 0x4 [0158.925] IUnknown:Release (This=0x891318) returned 0x3 [0158.925] IUnknown:Release (This=0x891318) returned 0x2 [0158.926] CoTaskMemFree (pv=0x888218) [0158.926] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.926] IUnknown:AddRef (This=0x891318) returned 0x3 [0158.926] IWbemClassObject:Get (in: This=0x891318, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.927] IWbemClassObject:Get (in: This=0x891318, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.927] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84 [0158.928] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84 [0158.928] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3bc [0158.928] SetEvent (hEvent=0x2c4) returned 1 [0158.928] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3bc, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.934] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.934] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.934] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c580, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c580) returned 0x0 [0158.934] WbemDefPath:IUnknown:AddRef (This=0x86c580) returned 0x3 [0158.935] WbemDefPath:IUnknown:Release (This=0x86c580) returned 0x2 [0158.935] WbemDefPath:IWbemPath:SetText (This=0x86c580, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x0 [0158.935] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.935] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.935] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.935] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.935] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.935] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.935] IWbemClassObject:Get (in: This=0x891318, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24db5bc*=0, plFlavor=0x24db5c0*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24db5bc*=11, plFlavor=0x24db5c0*=0) returned 0x0 [0158.936] IWbemClassObject:Get (in: This=0x891318, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24db5bc*=11, plFlavor=0x24db5c0*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24db5bc*=11, plFlavor=0x24db5c0*=0) returned 0x0 [0158.936] IUnknown:Release (This=0x891318) returned 0x2 [0158.936] CoTaskMemAlloc (cb=0x4) returned 0x888268 [0158.936] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x888268, puReturned=0x24d4d54 | out: apObjects=0x888268*=0x8914b0, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.937] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x8914b0) returned 0x0 [0158.937] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.937] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.938] IUnknown:AddRef (This=0x8914b0) returned 0x3 [0158.938] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.938] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.938] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x8914b4) returned 0x0 [0158.938] IMarshal:GetUnmarshalClass (in: This=0x8914b4, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.938] IUnknown:Release (This=0x8914b4) returned 0x3 [0158.938] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.938] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.939] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.939] IUnknown:Release (This=0x8914b0) returned 0x2 [0158.939] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.939] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.939] IUnknown:QueryInterface (in: This=0x8914b0, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x8914b0) returned 0x0 [0158.939] IUnknown:AddRef (This=0x8914b0) returned 0x4 [0158.939] IUnknown:Release (This=0x8914b0) returned 0x3 [0158.939] IUnknown:Release (This=0x8914b0) returned 0x2 [0158.939] CoTaskMemFree (pv=0x888268) [0158.939] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.939] IUnknown:AddRef (This=0x8914b0) returned 0x3 [0158.940] IWbemClassObject:Get (in: This=0x8914b0, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.940] IWbemClassObject:Get (in: This=0x8914b0, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.941] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84 [0158.941] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84 [0158.941] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c0 [0158.941] SetEvent (hEvent=0x2c4) returned 1 [0158.941] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3c0, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.944] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.944] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c5f0, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c5f0) returned 0x0 [0158.945] WbemDefPath:IUnknown:AddRef (This=0x86c5f0) returned 0x3 [0158.945] WbemDefPath:IUnknown:Release (This=0x86c5f0) returned 0x2 [0158.945] WbemDefPath:IWbemPath:SetText (This=0x86c5f0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x0 [0158.945] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.945] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.945] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.945] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.945] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.945] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.945] IWbemClassObject:Get (in: This=0x8914b0, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dbe3c*=0, plFlavor=0x24dbe40*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dbe3c*=11, plFlavor=0x24dbe40*=0) returned 0x0 [0158.945] IWbemClassObject:Get (in: This=0x8914b0, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dbe3c*=11, plFlavor=0x24dbe40*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dbe3c*=11, plFlavor=0x24dbe40*=0) returned 0x0 [0158.946] IUnknown:Release (This=0x8914b0) returned 0x2 [0158.946] CoTaskMemAlloc (cb=0x4) returned 0x8882b8 [0158.946] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x8882b8, puReturned=0x24d4d54 | out: apObjects=0x8882b8*=0x891648, puReturned=0x24d4d54*=0x1) returned 0x0 [0158.947] IUnknown:QueryInterface (in: This=0x891648, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee71c | out: ppvObject=0x2ee71c*=0x891648) returned 0x0 [0158.947] IUnknown:QueryInterface (in: This=0x891648, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee6d0 | out: ppvObject=0x2ee6d0*=0x0) returned 0x80004002 [0158.947] IUnknown:QueryInterface (in: This=0x891648, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee4f8 | out: ppvObject=0x2ee4f8*=0x0) returned 0x80004002 [0158.948] IUnknown:AddRef (This=0x891648) returned 0x3 [0158.948] IUnknown:QueryInterface (in: This=0x891648, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee02c | out: ppvObject=0x2ee02c*=0x0) returned 0x80004002 [0158.948] IUnknown:QueryInterface (in: This=0x891648, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edfdc | out: ppvObject=0x2edfdc*=0x0) returned 0x80004002 [0158.948] IUnknown:QueryInterface (in: This=0x891648, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x89164c) returned 0x0 [0158.948] IMarshal:GetUnmarshalClass (in: This=0x89164c, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edff0 | out: pCid=0x2edff0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0158.948] IUnknown:Release (This=0x89164c) returned 0x3 [0158.948] CoGetContextToken (in: pToken=0x2ee048 | out: pToken=0x2ee048) returned 0x0 [0158.948] CoGetContextToken (in: pToken=0x2ee45c | out: pToken=0x2ee45c) returned 0x0 [0158.948] IUnknown:QueryInterface (in: This=0x891648, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee4dc | out: ppvObject=0x2ee4dc*=0x0) returned 0x80004002 [0158.948] IUnknown:Release (This=0x891648) returned 0x2 [0158.948] CoGetContextToken (in: pToken=0x2eea4c | out: pToken=0x2eea4c) returned 0x0 [0158.949] CoGetContextToken (in: pToken=0x2ee9ac | out: pToken=0x2ee9ac) returned 0x0 [0158.949] IUnknown:QueryInterface (in: This=0x891648, riid=0x2eea7c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2eea78 | out: ppvObject=0x2eea78*=0x891648) returned 0x0 [0158.949] IUnknown:AddRef (This=0x891648) returned 0x4 [0158.949] IUnknown:Release (This=0x891648) returned 0x3 [0158.949] IUnknown:Release (This=0x891648) returned 0x2 [0158.949] CoTaskMemFree (pv=0x8882b8) [0158.949] CoGetContextToken (in: pToken=0x2eedbc | out: pToken=0x2eedbc) returned 0x0 [0158.949] IUnknown:AddRef (This=0x891648) returned 0x3 [0158.950] IWbemClassObject:Get (in: This=0x891648, wszName="__GENUS", lFlags=0, pVal=0x2ef0b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef138*=0, plFlavor=0x2ef134*=0 | out: pVal=0x2ef0b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ef138*=3, plFlavor=0x2ef134*=64) returned 0x0 [0158.950] IWbemClassObject:Get (in: This=0x891648, wszName="__PATH", lFlags=0, pVal=0x2ef09c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ef120*=0, plFlavor=0x2ef11c*=0 | out: pVal=0x2ef09c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13", varVal2=0x0), pType=0x2ef120*=8, plFlavor=0x2ef11c*=64) returned 0x0 [0158.950] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x84 [0158.950] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x84 [0158.951] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4 [0158.951] SetEvent (hEvent=0x2c4) returned 1 [0158.952] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ef074*=0x3c4, lpdwindex=0x2eee98 | out: lpdwindex=0x2eee98) returned 0x0 [0158.956] CoGetContextToken (in: pToken=0x2eef4c | out: pToken=0x2eef4c) returned 0x0 [0158.956] CoGetContextToken (in: pToken=0x2eeeac | out: pToken=0x2eeeac) returned 0x0 [0158.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c660, riid=0x2eef7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eef78 | out: ppvObject=0x2eef78*=0x86c660) returned 0x0 [0158.956] WbemDefPath:IUnknown:AddRef (This=0x86c660) returned 0x3 [0158.956] WbemDefPath:IUnknown:Release (This=0x86c660) returned 0x2 [0158.956] WbemDefPath:IWbemPath:SetText (This=0x86c660, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x0 [0158.956] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0f4 | out: puCount=0x2ef0f4*=0x2) returned 0x0 [0158.956] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0f0*=0xf, pszText=0x0) returned 0x0 [0158.956] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.956] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.956] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.957] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.957] IWbemClassObject:Get (in: This=0x891648, wszName="IPEnabled", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dc6c8*=0, plFlavor=0x24dc6cc*=0 | out: pVal=0x2ef0bc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x24dc6c8*=11, plFlavor=0x24dc6cc*=0) returned 0x0 [0158.957] IWbemClassObject:Get (in: This=0x891648, wszName="IPEnabled", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dc6c8*=11, plFlavor=0x24dc6cc*=0 | out: pVal=0x2ef0c4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x24dc6c8*=11, plFlavor=0x24dc6cc*=0) returned 0x0 [0158.963] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x2ef0c0 | out: puCount=0x2ef0c0*=0x2) returned 0x0 [0158.963] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0x0, pszText=0x0 | out: puBuffLength=0x2ef0bc*=0xf, pszText=0x0) returned 0x0 [0158.963] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=4, puBuffLength=0x2ef0bc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2ef0bc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.963] IWbemClassObject:Get (in: This=0x891648, wszName="MacAddress", lFlags=0, pVal=0x2ef0bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dc764*=0, plFlavor=0x24dc768*=0 | out: pVal=0x2ef0bc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:0E:C6:E5:7E:A1", varVal2=0x0), pType=0x24dc764*=8, plFlavor=0x24dc768*=0) returned 0x0 [0158.963] SysStringByteLen (bstr="00:0E:C6:E5:7E:A1") returned 0x22 [0158.963] SysStringByteLen (bstr="00:0E:C6:E5:7E:A1") returned 0x22 [0158.963] IWbemClassObject:Get (in: This=0x891648, wszName="MacAddress", lFlags=0, pVal=0x2ef0c4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24dc764*=8, plFlavor=0x24dc768*=0 | out: pVal=0x2ef0c4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:0E:C6:E5:7E:A1", varVal2=0x0), pType=0x24dc764*=8, plFlavor=0x24dc768*=0) returned 0x0 [0158.964] SysStringByteLen (bstr="00:0E:C6:E5:7E:A1") returned 0x22 [0158.964] SysStringByteLen (bstr="00:0E:C6:E5:7E:A1") returned 0x22 [0158.964] IUnknown:Release (This=0x891648) returned 0x2 [0158.964] CoTaskMemAlloc (cb=0x4) returned 0x888308 [0158.964] IEnumWbemClassObject:Next (in: This=0x8357d0, lTimeout=-1, uCount=0x1, apObjects=0x888308, puReturned=0x24d4d54 | out: apObjects=0x888308*=0x0, puReturned=0x24d4d54*=0x0) returned 0x1 [0158.966] CoTaskMemFree (pv=0x888308) [0158.966] CoGetContextToken (in: pToken=0x2eefec | out: pToken=0x2eefec) returned 0x0 [0158.967] IUnknown:Release (This=0x8357d0) returned 0x1 [0158.967] IUnknown:Release (This=0x8357d0) returned 0x0 [0159.039] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", nBufferLength=0x105, lpBuffer=0x2eebe8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe", lpFilePart=0x0) returned 0x45 [0159.049] GetEnvironmentVariableW (in: lpName="%startupfolder%", lpBuffer=0x2eef78, nSize=0xd8 | out: lpBuffer="") returned 0x0 [0159.063] GetUserNameW (in: lpBuffer=0x2eef28, pcbBuffer=0x24dd3bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x24dd3bc) returned 1 [0159.074] GetComputerNameW (in: lpBuffer=0x2eef28, nSize=0x24dd830 | out: lpBuffer="Q9IATRKPRH", nSize=0x24dd830) returned 1 [0159.097] EtwEventRegister () returned 0x0 [0195.742] SetClipboardViewer (hWndNewViewer=0x601ec) returned 0x0 [0196.277] OleInitialize (pvReserved=0x0) returned 0x0 [0196.282] OleGetClipboard (in: ppDataObj=0x2eeee4 | out: ppDataObj=0x2eeee4*=0x8488d8) returned 0x0 [0196.285] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee9a4 | out: ppvObject=0x2ee9a4*=0x8488d8) returned 0x0 [0196.285] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee958 | out: ppvObject=0x2ee958*=0x0) returned 0x80004002 [0196.285] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee780 | out: ppvObject=0x2ee780*=0x0) returned 0x80004002 [0196.286] IUnknown:AddRef (This=0x8488d8) returned 0x3 [0196.286] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ee2b4 | out: ppvObject=0x2ee2b4*=0x0) returned 0x80004002 [0196.286] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ee264 | out: ppvObject=0x2ee264*=0x0) returned 0x80004002 [0196.286] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee270 | out: ppvObject=0x2ee270*=0x0) returned 0x80004002 [0196.286] CoGetContextToken (in: pToken=0x2ee2d0 | out: pToken=0x2ee2d0) returned 0x0 [0196.286] CoGetContextToken (in: pToken=0x2ee6e4 | out: pToken=0x2ee6e4) returned 0x0 [0196.286] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee764 | out: ppvObject=0x2ee764*=0x0) returned 0x80004002 [0196.286] IUnknown:Release (This=0x8488d8) returned 0x2 [0196.286] CoGetContextToken (in: pToken=0x2eecb4 | out: pToken=0x2eecb4) returned 0x0 [0196.286] CoGetContextToken (in: pToken=0x2eec14 | out: pToken=0x2eec14) returned 0x0 [0196.286] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x2eece4*(Data1=0x10e, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eece0 | out: ppvObject=0x2eece0*=0x8488d8) returned 0x0 [0196.286] IUnknown:AddRef (This=0x8488d8) returned 0x4 [0196.287] IUnknown:Release (This=0x8488d8) returned 0x3 [0196.287] IUnknown:Release (This=0x8488d8) returned 0x2 [0196.287] CoGetContextToken (in: pToken=0x2eed3c | out: pToken=0x2eed3c) returned 0x0 [0196.290] CoGetContextToken (in: pToken=0x2eec9c | out: pToken=0x2eec9c) returned 0x0 [0196.290] IUnknown:QueryInterface (in: This=0x8488d8, riid=0x2eed6c*(Data1=0x3cee8cc1, Data2=0x1adb, Data3=0x327f, Data4=([0]=0x9b, [1]=0x97, [2]=0x7a, [3]=0x9c, [4]=0x80, [5]=0x89, [6]=0xbf, [7]=0xb3)), ppvObject=0x2eed68 | out: ppvObject=0x2eed68*=0x0) returned 0x80004002 [0196.315] IDataObject:QueryGetData (This=0x8488d8, pformatetc=0x2eee98) returned 0x0 [0196.320] IDataObject:RemoteGetData (in: This=0x8488d8, pformatetcIn=0x2eee98, pRemoteMedium=0x2eee28 | out: pRemoteMedium=0x2eee28) returned 0x0 [0196.325] GlobalLock (hMem=0x4db0004) returned 0x83f0f0 [0196.325] GlobalUnlock (hMem=0x4db0004) returned 0 [0196.362] SendMessageW (hWnd=0x0, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0196.362] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x601ec, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0237.999] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x2eeb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0238.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x2eeaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0238.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2eea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0238.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2eead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0238.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eed10) returned 1 [0238.013] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2eefd4 | out: lpFileInformation=0x2eefd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0238.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2eed0c) returned 1 [0238.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2eea1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0238.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eef34) returned 1 [0238.017] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0238.017] GetFileType (hFile=0x324) returned 0x1 [0238.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2eef30) returned 1 [0238.017] GetFileType (hFile=0x324) returned 0x1 [0238.024] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x2eef60 | out: lpFileSizeHigh=0x2eef60*=0x0) returned 0x8c8e [0238.025] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eef1c, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eef1c*=0x1000, lpOverlapped=0x0) returned 1 [0238.030] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eeed0, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eeed0*=0x1000, lpOverlapped=0x0) returned 1 [0238.031] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eee4c, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eee4c*=0x1000, lpOverlapped=0x0) returned 1 [0238.031] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eee4c, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eee4c*=0x1000, lpOverlapped=0x0) returned 1 [0238.031] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eee4c, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eee4c*=0x1000, lpOverlapped=0x0) returned 1 [0238.032] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eee4c, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eee4c*=0x1000, lpOverlapped=0x0) returned 1 [0238.032] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eeecc, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eeecc*=0x1000, lpOverlapped=0x0) returned 1 [0238.032] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eee4c, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eee4c*=0x1000, lpOverlapped=0x0) returned 1 [0238.033] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eee4c, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eee4c*=0xc8e, lpOverlapped=0x0) returned 1 [0238.033] ReadFile (in: hFile=0x324, lpBuffer=0x24e451c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2eeef8, lpOverlapped=0x0 | out: lpBuffer=0x24e451c*, lpNumberOfBytesRead=0x2eeef8*=0x0, lpOverlapped=0x0) returned 1 [0238.034] CloseHandle (hObject=0x324) returned 1 [0238.034] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x2eea68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0238.035] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", nBufferLength=0x105, lpBuffer=0x2eeacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config", lpFilePart=0x0) returned 0x4c [0238.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eed0c) returned 1 [0238.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\b0a10bd27d48fea4e569797829057892.virus.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2eefd0 | out: lpFileInformation=0x2eefd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2eed08) returned 1 [0238.298] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0238.299] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0238.304] CoTaskMemFree (pv=0x853ed8) [0238.304] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0238.309] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0238.309] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0238.309] CoTaskMemFree (pv=0x853ed8) [0238.309] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0238.621] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0238.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.621] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.622] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0238.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.622] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x3e [0238.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.623] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0238.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.623] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0238.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.623] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0238.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.624] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0238.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.624] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0238.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.624] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0238.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.625] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0238.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.625] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0238.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.625] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0238.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.626] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0238.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.626] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0238.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.626] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0238.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.627] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0238.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.627] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0238.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.627] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0238.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.627] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0238.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.628] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0238.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.628] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x30 [0238.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.628] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0238.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.629] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0238.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.629] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0238.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.629] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0238.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.630] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0238.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0238.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0238.655] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x2eea24, nSize=0xd8 | out: lpBuffer="") returned 0x2 [0238.657] GetFullPathNameW (in: lpFileName="C:\\FTP Navigator\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x2ee5cc, lpFilePart=0x0 | out: lpBuffer="C:\\FTP Navigator\\Ftplist.txt", lpFilePart=0x0) returned 0x1c [0238.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae4) returned 1 [0238.657] CreateFileW (lpFileName="C:\\FTP Navigator\\Ftplist.txt" (normalized: "c:\\ftp navigator\\ftplist.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0238.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0238.714] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0238.714] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0238.714] CoTaskMemFree (pv=0x853ed8) [0238.714] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee674, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0238.715] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x2ee70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x41 [0238.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee94c) returned 1 [0238.715] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x2eec10 | out: lpFileInformation=0x2eec10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee948) returned 1 [0238.745] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x2eea1c, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0238.747] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x2ee700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2b [0238.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee93c) returned 1 [0238.748] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x2eec00 | out: lpFileInformation=0x2eec00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee938) returned 1 [0238.760] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2ed238, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0238.837] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38 [0238.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0238.838] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0238.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0238.912] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38 [0238.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0238.912] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0238.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0238.977] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40 [0238.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0238.978] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0238.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0238.984] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40 [0238.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0238.985] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0238.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0239.019] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x2eea38, nSize=0xd8 | out: lpBuffer="") returned 0x2 [0239.020] GetFullPathNameW (in: lpFileName="C:\\cftp\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x2ee724, lpFilePart=0x0 | out: lpBuffer="C:\\cftp\\Ftplist.txt", lpFilePart=0x0) returned 0x13 [0239.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee964) returned 1 [0239.020] GetFileAttributesExW (in: lpFileName="C:\\cftp\\Ftplist.txt" (normalized: "c:\\cftp\\ftplist.txt"), fInfoLevelId=0x0, lpFileInformation=0x2eec28 | out: lpFileInformation=0x2eec28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee960) returned 1 [0239.068] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.068] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0239.068] CoTaskMemFree (pv=0x853ed8) [0239.068] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0239.072] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", nBufferLength=0x105, lpBuffer=0x2ee71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", lpFilePart=0x0) returned 0x38 [0239.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee95c) returned 1 [0239.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ftpgetter\\servers.xml"), fInfoLevelId=0x0, lpFileInformation=0x2eec20 | out: lpFileInformation=0x2eec20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee958) returned 1 [0239.117] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\DownloadManager\\Passwords", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eebf4 | out: phkResult=0x2eebf4*=0x0) returned 0x2 [0239.162] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eebe0 | out: phkResult=0x2eebe0*=0x0) returned 0x2 [0239.264] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee59c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x3d [0239.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeab4) returned 1 [0239.265] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed8d0) returned 1 [0239.339] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eebf0 | out: phkResult=0x2eebf0*=0x0) returned 0x2 [0239.365] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2eea24, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0239.368] GetEnvironmentVariableW (in: lpName="Username", lpBuffer=0x2eea24, nSize=0xd8 | out: lpBuffer="") returned 0x9 [0239.374] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", nBufferLength=0x105, lpBuffer=0x2ee720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat", lpFilePart=0x0) returned 0x36 [0239.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee960) returned 1 [0239.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\AppData\\Roaming\\FlashFXP\\3quick.dat" (normalized: "c:\\users\\all users\\appdata\\roaming\\flashfxp\\3quick.dat"), fInfoLevelId=0x0, lpFileInformation=0x2eec24 | out: lpFileInformation=0x2eec24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee95c) returned 1 [0239.410] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2eea14, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0239.413] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x2ee5d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x3e [0239.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeaf0) returned 1 [0239.413] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed910) returned 1 [0239.446] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.446] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0239.446] CoTaskMemFree (pv=0x853ed8) [0239.446] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0239.451] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.452] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0239.452] CoTaskMemFree (pv=0x853ed8) [0239.452] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0239.454] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x2ee714, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2c [0239.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee950) returned 1 [0239.454] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x2eec14 | out: lpFileInformation=0x2eec14*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee94c) returned 1 [0239.469] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.469] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0239.469] CoTaskMemFree (pv=0x853ed8) [0239.469] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0239.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eec14) returned 1 [0239.471] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x2ee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2b [0239.472] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\*", lpFindFileData=0x2ee9c4 | out: lpFindFileData=0x2ee9c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0239.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee984) returned 1 [0239.483] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e [0239.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0239.483] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0239.487] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e [0239.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0239.488] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0239.501] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f [0239.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0239.501] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0239.505] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f [0239.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0239.505] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0239.536] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.536] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0239.536] CoTaskMemFree (pv=0x853ed8) [0239.536] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee64c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0239.541] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x3d [0239.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeac4) returned 1 [0239.542] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed8e0) returned 1 [0239.554] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45 [0239.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0239.554] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0239.558] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45 [0239.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0239.559] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0239.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0239.569] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.569] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0239.572] CoTaskMemFree (pv=0x853ed8) [0239.572] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x2ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0239.574] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.574] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0239.574] CoTaskMemFree (pv=0x853ed8) [0239.574] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0239.594] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x2ee704, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e [0239.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee944) returned 1 [0239.594] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x2eec08 | out: lpFileInformation=0x2eec08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee940) returned 1 [0239.644] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.644] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0239.645] CoTaskMemFree (pv=0x853ed8) [0239.645] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee67c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0239.647] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x2ee714, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x28 [0239.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee988) returned 1 [0239.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x251a324 | out: lpFileInformation=0x251a324*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee984) returned 1 [0239.651] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0239.659] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.659] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0239.659] CoTaskMemFree (pv=0x853ed8) [0239.659] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0239.662] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x2ee6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x39 [0239.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee900) returned 1 [0239.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eebc4 | out: lpFileInformation=0x2eebc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8fc) returned 1 [0239.701] GetEnvironmentVariableW (in: lpName="Programfiles(x86)", lpBuffer=0x2ee9e4, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0239.703] GetEnvironmentVariableW (in: lpName="programfiles(x86)", lpBuffer=0x2ee9e4, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0239.706] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script", nBufferLength=0x105, lpBuffer=0x2ee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\jDownloader\\config\\database.script", lpFilePart=0x0) returned 0x39 [0239.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee920) returned 1 [0239.706] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script" (normalized: "c:\\program files (x86)\\jdownloader\\config\\database.script"), fInfoLevelId=0x0, lpFileInformation=0x2eebe4 | out: lpFileInformation=0x2eebe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee91c) returned 1 [0239.777] CoTaskMemAlloc (cb=0x20c) returned 0x853ed8 [0239.777] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x853ed8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0239.777] CoTaskMemFree (pv=0x853ed8) [0239.777] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0239.778] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x2ee514, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0239.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee750) returned 1 [0239.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eea14 | out: lpFileInformation=0x2eea14*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0239.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee74c) returned 1 [0239.936] VaultEnumerateVaults () returned 0x0 [0240.605] VaultOpenVault () returned 0x0 [0240.615] VaultEnumerateItems () returned 0x0 [0240.616] VaultOpenVault () returned 0x0 [0240.617] VaultEnumerateItems () returned 0x0 [0240.647] CoTaskMemAlloc (cb=0x20c) returned 0x89fd50 [0240.647] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x89fd50 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0240.647] CoTaskMemFree (pv=0x89fd50) [0240.647] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0240.652] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x2ee708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3c [0240.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee944) returned 1 [0240.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x2eec08 | out: lpFileInformation=0x2eec08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee940) returned 1 [0240.653] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x2ee710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x55 [0240.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee950) returned 1 [0240.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x2eec14 | out: lpFileInformation=0x2eec14*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee94c) returned 1 [0240.728] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x2ee9f8, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0240.729] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x2ee6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x38 [0240.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee924) returned 1 [0240.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eebe8 | out: lpFileInformation=0x2eebe8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee920) returned 1 [0240.741] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38 [0240.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0240.742] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0240.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0240.748] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38 [0240.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0240.748] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0240.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0240.765] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2ee9c0, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0240.768] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2ee9c0, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0240.774] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", nBufferLength=0x105, lpBuffer=0x2ee668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFilePart=0x0) returned 0x54 [0240.774] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x2ee648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e [0240.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeb34) returned 1 [0240.776] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x2ee614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e [0240.776] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFindFileData=0x2ee8e4 | out: lpFindFileData=0x2ee8e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0240.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee8a4) returned 1 [0240.796] SetErrorInfo (dwReserved=0x0, perrinfo=0x7b6f34) returned 0x0 [0240.797] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x2ee6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x4f [0240.844] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x2ee9e8, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0240.847] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", nBufferLength=0x105, lpBuffer=0x2ee6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", lpFilePart=0x0) returned 0x43 [0240.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee914) returned 1 [0240.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ipswitch\\ws_ftp\\sites\\ws_ftp.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eebd8 | out: lpFileInformation=0x2eebd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee910) returned 1 [0240.885] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eec04 | out: phkResult=0x2eec04*=0x0) returned 0x2 [0240.933] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2ee9f0, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0240.936] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2ee9f0, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0240.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", nBufferLength=0x105, lpBuffer=0x2ee6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", lpFilePart=0x0) returned 0x2f [0240.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee920) returned 1 [0240.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x2eebe4 | out: lpFileInformation=0x2eebe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee91c) returned 1 [0240.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", nBufferLength=0x105, lpBuffer=0x2ee6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", lpFilePart=0x0) returned 0x30 [0240.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee920) returned 1 [0240.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi+\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x2eebe4 | out: lpFileInformation=0x2eebe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee91c) returned 1 [0240.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41 [0240.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0240.954] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0240.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0240.960] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41 [0240.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0240.960] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0240.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0240.993] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x2eeb08, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0240.993] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x2eeb08, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0240.998] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x2eea40, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0241.001] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x2ee724, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Private Internet Access\\data", lpFilePart=0x0) returned 0x2d [0241.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee960) returned 1 [0241.001] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data" (normalized: "c:\\program files\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x2eec24 | out: lpFileInformation=0x2eec24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee95c) returned 1 [0241.001] GetFullPathNameW (in: lpFileName="\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x2ee724, lpFilePart=0x0 | out: lpBuffer="C:\\Private Internet Access\\data", lpFilePart=0x0) returned 0x1f [0241.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee960) returned 1 [0241.001] GetFileAttributesExW (in: lpFileName="C:\\Private Internet Access\\data" (normalized: "c:\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x2eec24 | out: lpFileInformation=0x2eec24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee95c) returned 1 [0241.036] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eebc8 | out: phkResult=0x2eebc8*=0x0) returned 0x2 [0241.039] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x2ee70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Folder.lst", lpFilePart=0x0) returned 0x25 [0241.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee94c) returned 1 [0241.039] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Folder.lst" (normalized: "c:\\users\\keecfmwgj\\desktop\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x2eec10 | out: lpFileInformation=0x2eec10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee948) returned 1 [0241.084] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeba4 | out: phkResult=0x2eeba4*=0x0) returned 0x2 [0241.087] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeba4 | out: phkResult=0x2eeba4*=0x0) returned 0x2 [0241.091] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeba4 | out: phkResult=0x2eeba4*=0x0) returned 0x2 [0241.094] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeba4 | out: phkResult=0x2eeba4*=0x320) returned 0x0 [0241.095] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2eebcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2eebc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2eebcc*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2eebc8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0241.095] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x2527040, lpcchName=0x2eebe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x2eebe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0241.095] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x2527040, lpcchName=0x2eebe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x2eebe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0241.095] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x2527040, lpcchName=0x2eebe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x2eebe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0241.096] RegOpenKeyExW (in: hKey=0x320, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeba4 | out: phkResult=0x2eeba4*=0x324) returned 0x0 [0241.098] RegQueryValueExW (in: hKey=0x324, lpValueName="Email", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.099] RegQueryValueExW (in: hKey=0x324, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.100] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.101] RegQueryValueExW (in: hKey=0x324, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.102] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.102] RegCloseKey (hKey=0x324) returned 0x0 [0241.102] RegOpenKeyExW (in: hKey=0x320, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeba4 | out: phkResult=0x2eeba4*=0x324) returned 0x0 [0241.102] RegQueryValueExW (in: hKey=0x324, lpValueName="Email", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x1, lpData=0x0, lpcbData=0x2eebc0*=0x1e) returned 0x0 [0241.102] RegQueryValueExW (in: hKey=0x324, lpValueName="Email", lpReserved=0x0, lpType=0x2eebc4, lpData=0x2527634, lpcbData=0x2eebc0*=0x1e | out: lpType=0x2eebc4*=0x1, lpData="franc@gdllo.de", lpcbData=0x2eebc0*=0x1e) returned 0x0 [0241.102] RegQueryValueExW (in: hKey=0x324, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.102] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x3, lpData=0x0, lpcbData=0x2eebc0*=0x111) returned 0x0 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x252768c, lpcbData=0x2eebc0*=0x111 | out: lpType=0x2eebc4*=0x3, lpData=0x252768c*, lpcbData=0x2eebc0*=0x111) returned 0x0 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x3, lpData=0x0, lpcbData=0x2eebc0*=0x111) returned 0x0 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x25277e0, lpcbData=0x2eebc0*=0x111 | out: lpType=0x2eebc4*=0x3, lpData=0x25277e0*, lpcbData=0x2eebc0*=0x111) returned 0x0 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x3, lpData=0x0, lpcbData=0x2eebc0*=0x111) returned 0x0 [0241.103] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x2527900, lpcbData=0x2eebc0*=0x111 | out: lpType=0x2eebc4*=0x3, lpData=0x2527900*, lpcbData=0x2eebc0*=0x111) returned 0x0 [0241.730] CryptUnprotectData (in: pDataIn=0x2eebac, ppszDataDescr=0x0, pOptionalEntropy=0x2eeba4, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x2eebb4 | out: ppszDataDescr=0x0, pDataOut=0x2eebb4) returned 1 [0241.779] LocalFree (hMem=0x4e422d0) returned 0x0 [0241.780] RegQueryValueExW (in: hKey=0x324, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.780] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.780] RegQueryValueExW (in: hKey=0x324, lpValueName="Email", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x1, lpData=0x0, lpcbData=0x2eebc0*=0x1e) returned 0x0 [0241.780] RegQueryValueExW (in: hKey=0x324, lpValueName="Email", lpReserved=0x0, lpType=0x2eebc4, lpData=0x2527bec, lpcbData=0x2eebc0*=0x1e | out: lpType=0x2eebc4*=0x1, lpData="franc@gdllo.de", lpcbData=0x2eebc0*=0x1e) returned 0x0 [0241.787] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x1, lpData=0x0, lpcbData=0x2eebc0*=0x1c) returned 0x0 [0241.787] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2eebc4, lpData=0x2527c68, lpcbData=0x2eebc0*=0x1c | out: lpType=0x2eebc4*=0x1, lpData="smtp.gdllo.de", lpcbData=0x2eebc0*=0x1c) returned 0x0 [0241.787] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x1, lpData=0x0, lpcbData=0x2eebc0*=0x1c) returned 0x0 [0241.787] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2eebc4, lpData=0x2527cb8, lpcbData=0x2eebc0*=0x1c | out: lpType=0x2eebc4*=0x1, lpData="smtp.gdllo.de", lpcbData=0x2eebc0*=0x1c) returned 0x0 [0241.793] RegCloseKey (hKey=0x324) returned 0x0 [0241.793] RegOpenKeyExW (in: hKey=0x320, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeba4 | out: phkResult=0x2eeba4*=0x324) returned 0x0 [0241.793] RegQueryValueExW (in: hKey=0x324, lpValueName="Email", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.793] RegQueryValueExW (in: hKey=0x324, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.793] RegQueryValueExW (in: hKey=0x324, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.793] RegQueryValueExW (in: hKey=0x324, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.793] RegQueryValueExW (in: hKey=0x324, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x2eebc4, lpData=0x0, lpcbData=0x2eebc0*=0x0 | out: lpType=0x2eebc4*=0x0, lpData=0x0, lpcbData=0x2eebc0*=0x0) returned 0x2 [0241.793] RegCloseKey (hKey=0x324) returned 0x0 [0241.860] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eea98 | out: phkResult=0x2eea98*=0x0) returned 0x2 [0241.866] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eea98 | out: phkResult=0x2eea98*=0x0) returned 0x2 [0241.868] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x2ee5dc, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb [0241.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee818) returned 1 [0241.868] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x2eeadc | out: lpFileInformation=0x2eeadc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee814) returned 1 [0241.869] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x2ee5dc, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8 [0241.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee818) returned 1 [0241.869] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x2eeadc | out: lpFileInformation=0x2eeadc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee814) returned 1 [0241.869] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.869] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0241.869] CoTaskMemFree (pv=0x856150) [0241.869] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee550, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0241.870] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x2ee5dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x49 [0241.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee818) returned 1 [0241.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x2eeadc | out: lpFileInformation=0x2eeadc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee814) returned 1 [0241.871] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.871] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0241.871] CoTaskMemFree (pv=0x856150) [0241.871] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee550, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0241.872] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x2ee5dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4f [0241.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee818) returned 1 [0241.872] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x2eeadc | out: lpFileInformation=0x2eeadc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee814) returned 1 [0241.881] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b [0241.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0241.881] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0241.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0241.885] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b [0241.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0241.885] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0241.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0241.898] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37 [0241.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0241.899] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0241.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0241.903] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37 [0241.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0241.903] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0241.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0241.915] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f [0241.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0241.916] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0241.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0241.920] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f [0241.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0241.920] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0241.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0241.948] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.948] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0241.948] CoTaskMemFree (pv=0x856150) [0241.948] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee674, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0241.949] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x2ee70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x45 [0241.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee94c) returned 1 [0241.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x2eec10 | out: lpFileInformation=0x2eec10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee948) returned 1 [0241.980] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.980] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0241.980] CoTaskMemFree (pv=0x856150) [0241.980] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0241.980] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x2ee700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37 [0241.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee93c) returned 1 [0241.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x2eec00 | out: lpFileInformation=0x2eec00*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0241.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee938) returned 1 [0241.981] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.981] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0241.981] CoTaskMemFree (pv=0x856150) [0241.981] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0241.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eebfc) returned 1 [0241.981] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x2ee6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37 [0241.981] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x2ee9ac | out: lpFindFileData=0x2ee9ac*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x823280 [0241.982] FindNextFileW (in: hFindFile=0x823280, lpFindFileData=0x2ee9b4 | out: lpFindFileData=0x2ee9b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0241.982] FindNextFileW (in: hFindFile=0x823280, lpFindFileData=0x2ee9b4 | out: lpFindFileData=0x2ee9b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0241.982] FindClose (in: hFindFile=0x823280 | out: hFindFile=0x823280) returned 1 [0241.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee96c) returned 1 [0241.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2eebcc) returned 1 [0241.986] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.986] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0241.987] CoTaskMemFree (pv=0x856150) [0241.987] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0241.987] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x2ee700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39 [0241.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee93c) returned 1 [0241.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x2eec00 | out: lpFileInformation=0x2eec00*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0241.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee938) returned 1 [0241.987] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.987] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0241.988] CoTaskMemFree (pv=0x856150) [0241.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0241.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eebfc) returned 1 [0241.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x2ee6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39 [0241.988] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x2ee9ac | out: lpFindFileData=0x2ee9ac*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x823280 [0241.988] FindNextFileW (in: hFindFile=0x823280, lpFindFileData=0x2ee9b4 | out: lpFindFileData=0x2ee9b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0241.988] FindNextFileW (in: hFindFile=0x823280, lpFindFileData=0x2ee9b4 | out: lpFindFileData=0x2ee9b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0241.988] FindClose (in: hFindFile=0x823280 | out: hFindFile=0x823280) returned 1 [0241.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee96c) returned 1 [0241.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2eebcc) returned 1 [0241.997] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0241.997] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0241.997] CoTaskMemFree (pv=0x856150) [0241.997] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x2ee6b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0241.999] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x2ee74c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x38 [0241.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee98c) returned 1 [0241.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x2eec50 | out: lpFileInformation=0x2eec50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0241.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee988) returned 1 [0242.067] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.068] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.068] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.068] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.069] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.069] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.069] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.070] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.070] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.070] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.071] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.071] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.071] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.072] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.072] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.072] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x2eeb28 | out: phkResult=0x2eeb28*=0x0) returned 0x2 [0242.073] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.075] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.077] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.077] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.077] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.078] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.078] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.078] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x2ee94c, nSize=0xd8 | out: lpBuffer="") returned 0x16 [0242.078] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0242.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.078] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.078] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0242.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.079] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.079] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0242.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.079] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.079] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0242.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.079] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.079] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0242.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.079] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.079] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0242.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.080] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.080] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0242.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.080] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.080] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x2ee634, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0242.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee874) returned 1 [0242.080] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x2eeb38 | out: lpFileInformation=0x2eeb38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee870) returned 1 [0242.105] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\OpenVPN-GUI\\configs", ulOptions=0x0, samDesired=0x2001f, phkResult=0x2eec14 | out: phkResult=0x2eec14*=0x0) returned 0x2 [0242.113] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e [0242.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0242.114] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0242.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0242.118] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x2ee5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e [0242.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeae0) returned 1 [0242.118] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0242.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed900) returned 1 [0242.148] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0242.148] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0242.148] CoTaskMemFree (pv=0x856150) [0242.148] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee68c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0242.149] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", nBufferLength=0x105, lpBuffer=0x2ee724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", lpFilePart=0x0) returned 0x4a [0242.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee964) returned 1 [0242.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mysql\\workbench\\workbench_user_data.dat"), fInfoLevelId=0x0, lpFileInformation=0x2eec28 | out: lpFileInformation=0x2eec28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee960) returned 1 [0242.232] CoTaskMemAlloc (cb=0x20c) returned 0x856150 [0242.232] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x856150 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0242.233] CoTaskMemFree (pv=0x856150) [0242.233] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x2ee5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0242.235] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x2ee63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x2d [0242.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee878) returned 1 [0242.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x2eeb3c | out: lpFileInformation=0x2eeb3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee874) returned 1 [0242.243] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x2ee644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x35 [0242.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ee884) returned 1 [0242.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x2eeb48 | out: lpFileInformation=0x2eeb48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0242.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ee880) returned 1 [0242.244] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x2eea60, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0242.253] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CoreFTP\\sites.idx", nBufferLength=0x105, lpBuffer=0x2ee618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CoreFTP\\sites.idx", lpFilePart=0x0) returned 0x34 [0242.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2eeb30) returned 1 [0242.254] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\CoreFTP\\sites.idx" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\coreftp\\sites.idx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0242.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ed950) returned 1 [0242.387] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x2eeafc | out: lpclsid=0x2eeafc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0242.398] CoGetClassObject (in: rclsid=0x4e43f24*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee734 | out: ppv=0x2ee734*=0x79ff58) returned 0x0 [0243.687] WshShell:IUnknown:QueryInterface (in: This=0x79ff58, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee94c | out: ppvObject=0x2ee94c*=0x0) returned 0x80004002 [0243.687] WshShell:IClassFactory:CreateInstance (in: This=0x79ff58, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee958 | out: ppvObject=0x2ee958*=0x79ff84) returned 0x0 [0243.688] WshShell:IUnknown:Release (This=0x79ff58) returned 0x0 [0243.688] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee57c | out: ppvObject=0x2ee57c*=0x79ff84) returned 0x0 [0243.688] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee530 | out: ppvObject=0x2ee530*=0x0) returned 0x80004002 [0243.688] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee358 | out: ppvObject=0x2ee358*=0x79ff74) returned 0x0 [0243.688] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x79ff74, ppTI=0x2ee360 | out: ppTI=0x2ee360*=0x4e464b8) returned 0x0 [0243.697] ITypeInfo:RemoteGetTypeAttr (in: This=0x4e464b8, ppTypeAttr=0x2ee354, pDummy=0x21208527 | out: ppTypeAttr=0x2ee354, pDummy=0x21208527) returned 0x0 [0243.697] ITypeInfo:LocalReleaseTypeAttr (This=0x4e464b8) returned 0x815fb8 [0243.697] WshShell:IUnknown:Release (This=0x79ff74) returned 0x2 [0243.697] IUnknown:Release (This=0x4e464b8) returned 0x1 [0243.698] WshShell:IUnknown:AddRef (This=0x79ff84) returned 0x3 [0243.698] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ede8c | out: ppvObject=0x2ede8c*=0x0) returned 0x80004002 [0243.698] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ede3c | out: ppvObject=0x2ede3c*=0x0) returned 0x80004002 [0243.698] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ede48 | out: ppvObject=0x2ede48*=0x0) returned 0x80004002 [0243.698] CoGetContextToken (in: pToken=0x2edea8 | out: pToken=0x2edea8) returned 0x0 [0243.698] CoGetContextToken (in: pToken=0x2ee2bc | out: pToken=0x2ee2bc) returned 0x0 [0243.698] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee33c | out: ppvObject=0x2ee33c*=0x0) returned 0x80004002 [0243.698] WshShell:IUnknown:Release (This=0x79ff84) returned 0x2 [0243.698] WshShell:IUnknown:Release (This=0x79ff84) returned 0x1 [0243.703] CoGetContextToken (in: pToken=0x2ee6c4 | out: pToken=0x2ee6c4) returned 0x0 [0243.703] WshShell:IUnknown:QueryInterface (in: This=0x79ff84, riid=0x721f6a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee734 | out: ppvObject=0x2ee734*=0x79ff70) returned 0x0 [0243.704] WshShell:IDispatch:GetIDsOfNames (in: This=0x79ff70, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x2ee730*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x2ee720 | out: rgDispId=0x2ee720*=2000) returned 0x0 [0243.704] WshShell:IDispatch:Invoke (in: This=0x79ff70, dispIdMember=2000, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838, pExcepInfo=0x2ee60c, puArgErr=0x2ee670 | out: pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x80070002, varVal2=0x9), pExcepInfo=0x2ee60c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070002), puArgErr=0x2ee670*=0x72198c8e) returned 0x80020009 [0243.738] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites\\Host\".") returned 0x55 [0243.738] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0243.744] WshShell:IUnknown:Release (This=0x79ff70) returned 0x1 [0243.749] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x2eeafc | out: lpclsid=0x2eeafc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0243.752] CoGetClassObject (in: rclsid=0x4e43f24*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee734 | out: ppv=0x2ee734*=0x79ff58) returned 0x0 [0243.753] WshShell:IUnknown:QueryInterface (in: This=0x79ff58, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee94c | out: ppvObject=0x2ee94c*=0x0) returned 0x80004002 [0243.753] WshShell:IClassFactory:CreateInstance (in: This=0x79ff58, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee958 | out: ppvObject=0x2ee958*=0x79ffb4) returned 0x0 [0243.753] WshShell:IUnknown:Release (This=0x79ff58) returned 0x0 [0243.753] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee57c | out: ppvObject=0x2ee57c*=0x79ffb4) returned 0x0 [0243.753] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee530 | out: ppvObject=0x2ee530*=0x0) returned 0x80004002 [0243.753] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee358 | out: ppvObject=0x2ee358*=0x79ffa4) returned 0x0 [0243.753] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x79ffa4, ppTI=0x2ee360 | out: ppTI=0x2ee360*=0x4e464b8) returned 0x0 [0243.753] ITypeInfo:RemoteGetTypeAttr (in: This=0x4e464b8, ppTypeAttr=0x2ee354, pDummy=0x21208527 | out: ppTypeAttr=0x2ee354, pDummy=0x21208527) returned 0x0 [0243.753] ITypeInfo:LocalReleaseTypeAttr (This=0x4e464b8) returned 0x819dc8 [0243.753] WshShell:IUnknown:Release (This=0x79ffa4) returned 0x2 [0243.753] IUnknown:Release (This=0x4e464b8) returned 0x1 [0243.754] WshShell:IUnknown:AddRef (This=0x79ffb4) returned 0x3 [0243.754] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ede8c | out: ppvObject=0x2ede8c*=0x0) returned 0x80004002 [0243.754] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ede3c | out: ppvObject=0x2ede3c*=0x0) returned 0x80004002 [0243.754] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ede48 | out: ppvObject=0x2ede48*=0x0) returned 0x80004002 [0243.754] CoGetContextToken (in: pToken=0x2edea8 | out: pToken=0x2edea8) returned 0x0 [0243.754] CoGetContextToken (in: pToken=0x2ee2bc | out: pToken=0x2ee2bc) returned 0x0 [0243.754] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee33c | out: ppvObject=0x2ee33c*=0x0) returned 0x80004002 [0243.754] WshShell:IUnknown:Release (This=0x79ffb4) returned 0x2 [0243.754] WshShell:IUnknown:Release (This=0x79ffb4) returned 0x1 [0243.754] CoGetContextToken (in: pToken=0x2ee6c4 | out: pToken=0x2ee6c4) returned 0x0 [0243.754] WshShell:IUnknown:QueryInterface (in: This=0x79ffb4, riid=0x721f6a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee734 | out: ppvObject=0x2ee734*=0x79ffa0) returned 0x0 [0243.754] WshShell:IDispatch:GetIDsOfNames (in: This=0x79ffa0, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x2ee730*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x2ee720 | out: rgDispId=0x2ee720*=2000) returned 0x0 [0243.755] WshShell:IDispatch:Invoke (in: This=0x79ffa0, dispIdMember=2000, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838, pExcepInfo=0x2ee60c, puArgErr=0x2ee670 | out: pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838*(varType=0x0, wReserved1=0x0, wReserved2=0x3, wReserved3=0x300, varVal1=0x80070003, varVal2=0x3), pExcepInfo=0x2ee60c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x2ee670*=0x72198c8e) returned 0x80020009 [0243.756] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort\".") returned 0x50 [0243.756] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0243.758] WshShell:IUnknown:Release (This=0x79ffa0) returned 0x1 [0243.762] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x2eeafc | out: lpclsid=0x2eeafc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0243.764] CoGetClassObject (in: rclsid=0x4e43f24*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee734 | out: ppv=0x2ee734*=0x79ff58) returned 0x0 [0243.765] WshShell:IUnknown:QueryInterface (in: This=0x79ff58, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee94c | out: ppvObject=0x2ee94c*=0x0) returned 0x80004002 [0243.765] WshShell:IClassFactory:CreateInstance (in: This=0x79ff58, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee958 | out: ppvObject=0x2ee958*=0x792acc) returned 0x0 [0243.765] WshShell:IUnknown:Release (This=0x79ff58) returned 0x0 [0243.765] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee57c | out: ppvObject=0x2ee57c*=0x792acc) returned 0x0 [0243.765] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee530 | out: ppvObject=0x2ee530*=0x0) returned 0x80004002 [0243.765] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee358 | out: ppvObject=0x2ee358*=0x792abc) returned 0x0 [0243.765] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x792abc, ppTI=0x2ee360 | out: ppTI=0x2ee360*=0x4e464b8) returned 0x0 [0243.765] ITypeInfo:RemoteGetTypeAttr (in: This=0x4e464b8, ppTypeAttr=0x2ee354, pDummy=0x21208527 | out: ppTypeAttr=0x2ee354, pDummy=0x21208527) returned 0x0 [0243.765] ITypeInfo:LocalReleaseTypeAttr (This=0x4e464b8) returned 0x895608 [0243.765] WshShell:IUnknown:Release (This=0x792abc) returned 0x2 [0243.765] IUnknown:Release (This=0x4e464b8) returned 0x1 [0243.766] WshShell:IUnknown:AddRef (This=0x792acc) returned 0x3 [0243.766] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ede8c | out: ppvObject=0x2ede8c*=0x0) returned 0x80004002 [0243.766] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ede3c | out: ppvObject=0x2ede3c*=0x0) returned 0x80004002 [0243.766] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ede48 | out: ppvObject=0x2ede48*=0x0) returned 0x80004002 [0243.766] CoGetContextToken (in: pToken=0x2edea8 | out: pToken=0x2edea8) returned 0x0 [0243.766] CoGetContextToken (in: pToken=0x2ee2bc | out: pToken=0x2ee2bc) returned 0x0 [0243.766] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee33c | out: ppvObject=0x2ee33c*=0x0) returned 0x80004002 [0243.766] WshShell:IUnknown:Release (This=0x792acc) returned 0x2 [0243.766] WshShell:IUnknown:Release (This=0x792acc) returned 0x1 [0243.766] CoGetContextToken (in: pToken=0x2ee6c4 | out: pToken=0x2ee6c4) returned 0x0 [0243.766] WshShell:IUnknown:QueryInterface (in: This=0x792acc, riid=0x721f6a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee734 | out: ppvObject=0x2ee734*=0x792ab8) returned 0x0 [0243.766] WshShell:IDispatch:GetIDsOfNames (in: This=0x792ab8, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x2ee730*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x2ee720 | out: rgDispId=0x2ee720*=2000) returned 0x0 [0243.766] WshShell:IDispatch:Invoke (in: This=0x792ab8, dispIdMember=2000, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838, pExcepInfo=0x2ee60c, puArgErr=0x2ee670 | out: pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838*(varType=0x0, wReserved1=0x0, wReserved2=0x3, wReserved3=0x300, varVal1=0x80070003, varVal2=0x3), pExcepInfo=0x2ee60c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x2ee670*=0x72198c8e) returned 0x80020009 [0243.768] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser\".") returned 0x50 [0243.768] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0243.770] WshShell:IUnknown:Release (This=0x792ab8) returned 0x1 [0243.773] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x2eeafc | out: lpclsid=0x2eeafc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0243.776] CoGetClassObject (in: rclsid=0x4e43f24*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee734 | out: ppv=0x2ee734*=0x79ff58) returned 0x0 [0243.776] WshShell:IUnknown:QueryInterface (in: This=0x79ff58, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee94c | out: ppvObject=0x2ee94c*=0x0) returned 0x80004002 [0243.776] WshShell:IClassFactory:CreateInstance (in: This=0x79ff58, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee958 | out: ppvObject=0x2ee958*=0x792afc) returned 0x0 [0243.776] WshShell:IUnknown:Release (This=0x79ff58) returned 0x0 [0243.776] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee57c | out: ppvObject=0x2ee57c*=0x792afc) returned 0x0 [0243.776] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee530 | out: ppvObject=0x2ee530*=0x0) returned 0x80004002 [0243.776] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee358 | out: ppvObject=0x2ee358*=0x792aec) returned 0x0 [0243.776] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x792aec, ppTI=0x2ee360 | out: ppTI=0x2ee360*=0x4e464b8) returned 0x0 [0243.776] ITypeInfo:RemoteGetTypeAttr (in: This=0x4e464b8, ppTypeAttr=0x2ee354, pDummy=0x21208527 | out: ppTypeAttr=0x2ee354, pDummy=0x21208527) returned 0x0 [0243.776] ITypeInfo:LocalReleaseTypeAttr (This=0x4e464b8) returned 0x895608 [0243.776] WshShell:IUnknown:Release (This=0x792aec) returned 0x2 [0243.776] IUnknown:Release (This=0x4e464b8) returned 0x1 [0243.777] WshShell:IUnknown:AddRef (This=0x792afc) returned 0x3 [0243.777] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ede8c | out: ppvObject=0x2ede8c*=0x0) returned 0x80004002 [0243.777] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ede3c | out: ppvObject=0x2ede3c*=0x0) returned 0x80004002 [0243.777] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ede48 | out: ppvObject=0x2ede48*=0x0) returned 0x80004002 [0243.777] CoGetContextToken (in: pToken=0x2edea8 | out: pToken=0x2edea8) returned 0x0 [0243.777] CoGetContextToken (in: pToken=0x2ee2bc | out: pToken=0x2ee2bc) returned 0x0 [0243.777] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee33c | out: ppvObject=0x2ee33c*=0x0) returned 0x80004002 [0243.777] WshShell:IUnknown:Release (This=0x792afc) returned 0x2 [0243.777] WshShell:IUnknown:Release (This=0x792afc) returned 0x1 [0243.777] CoGetContextToken (in: pToken=0x2ee6c4 | out: pToken=0x2ee6c4) returned 0x0 [0243.777] WshShell:IUnknown:QueryInterface (in: This=0x792afc, riid=0x721f6a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee734 | out: ppvObject=0x2ee734*=0x792ae8) returned 0x0 [0243.777] WshShell:IDispatch:GetIDsOfNames (in: This=0x792ae8, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x2ee730*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x2ee720 | out: rgDispId=0x2ee720*=2000) returned 0x0 [0243.778] WshShell:IDispatch:Invoke (in: This=0x792ae8, dispIdMember=2000, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838, pExcepInfo=0x2ee60c, puArgErr=0x2ee670 | out: pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838*(varType=0x0, wReserved1=0x0, wReserved2=0x3, wReserved3=0x300, varVal1=0x80070003, varVal2=0x3), pExcepInfo=0x2ee60c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x2ee670*=0x72198c8e) returned 0x80020009 [0243.778] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW\".") returned 0x4e [0243.779] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0243.780] WshShell:IUnknown:Release (This=0x792ae8) returned 0x1 [0243.784] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x2eeafc | out: lpclsid=0x2eeafc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0243.787] CoGetClassObject (in: rclsid=0x4e43f24*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee734 | out: ppv=0x2ee734*=0x79ff58) returned 0x0 [0243.787] WshShell:IUnknown:QueryInterface (in: This=0x79ff58, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee94c | out: ppvObject=0x2ee94c*=0x0) returned 0x80004002 [0243.787] WshShell:IClassFactory:CreateInstance (in: This=0x79ff58, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee958 | out: ppvObject=0x2ee958*=0x792b2c) returned 0x0 [0243.787] WshShell:IUnknown:Release (This=0x79ff58) returned 0x0 [0243.787] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee57c | out: ppvObject=0x2ee57c*=0x792b2c) returned 0x0 [0243.787] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee530 | out: ppvObject=0x2ee530*=0x0) returned 0x80004002 [0243.787] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ee358 | out: ppvObject=0x2ee358*=0x792b1c) returned 0x0 [0243.787] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x792b1c, ppTI=0x2ee360 | out: ppTI=0x2ee360*=0x4e464b8) returned 0x0 [0243.787] ITypeInfo:RemoteGetTypeAttr (in: This=0x4e464b8, ppTypeAttr=0x2ee354, pDummy=0x21208527 | out: ppTypeAttr=0x2ee354, pDummy=0x21208527) returned 0x0 [0243.787] ITypeInfo:LocalReleaseTypeAttr (This=0x4e464b8) returned 0x888b20 [0243.787] WshShell:IUnknown:Release (This=0x792b1c) returned 0x2 [0243.787] IUnknown:Release (This=0x4e464b8) returned 0x1 [0243.788] WshShell:IUnknown:AddRef (This=0x792b2c) returned 0x3 [0243.788] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ede8c | out: ppvObject=0x2ede8c*=0x0) returned 0x80004002 [0243.788] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ede3c | out: ppvObject=0x2ede3c*=0x0) returned 0x80004002 [0243.788] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ede48 | out: ppvObject=0x2ede48*=0x0) returned 0x80004002 [0243.788] CoGetContextToken (in: pToken=0x2edea8 | out: pToken=0x2edea8) returned 0x0 [0243.788] CoGetContextToken (in: pToken=0x2ee2bc | out: pToken=0x2ee2bc) returned 0x0 [0243.788] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee33c | out: ppvObject=0x2ee33c*=0x0) returned 0x80004002 [0243.788] WshShell:IUnknown:Release (This=0x792b2c) returned 0x2 [0243.788] WshShell:IUnknown:Release (This=0x792b2c) returned 0x1 [0243.788] CoGetContextToken (in: pToken=0x2ee6c4 | out: pToken=0x2ee6c4) returned 0x0 [0243.788] WshShell:IUnknown:QueryInterface (in: This=0x792b2c, riid=0x721f6a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee734 | out: ppvObject=0x2ee734*=0x792b18) returned 0x0 [0243.788] WshShell:IDispatch:GetIDsOfNames (in: This=0x792b18, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x2ee730*="RegRead", cNames=0x1, lcid=0x409, rgDispId=0x2ee720 | out: rgDispId=0x2ee720*=2000) returned 0x0 [0243.789] WshShell:IDispatch:Invoke (in: This=0x792b18, dispIdMember=2000, riid=0x72132d74*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838, pExcepInfo=0x2ee60c, puArgErr=0x2ee670 | out: pDispParams=0x2ee8bc*(rgvarg=([0]=0x2ee740*(varType=0x4008, wReserved1=0x0, wReserved2=0xb645, wReserved3=0x7248, varVal1=0x2ee710*="HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName", varVal2=0x2eea00)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x2ee838*(varType=0x0, wReserved1=0x0, wReserved2=0x3, wReserved3=0x300, varVal1=0x80070003, varVal2=0x3), pExcepInfo=0x2ee60c*(wCode=0x0, wReserved=0x0, bstrSource="WshShell.RegRead", bstrDescription="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070003), puArgErr=0x2ee670*=0x72198c8e) returned 0x80020009 [0243.790] SysStringLen (param_1="Invalid root in registry key \"HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName\".") returned 0x50 [0243.790] SysStringLen (param_1="WshShell.RegRead") returned 0x10 [0243.792] WshShell:IUnknown:Release (This=0x792b18) returned 0x1 [0243.815] GetUserNameW (in: lpBuffer=0x2eea14, pcbBuffer=0x253cdc8 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x253cdc8) returned 1 [0243.816] GetComputerNameW (in: lpBuffer=0x2eea14, nSize=0x253d27c | out: lpBuffer="Q9IATRKPRH", nSize=0x253d27c) returned 1 [0243.834] GetTimeZoneInformation (in: lpTimeZoneInformation=0x2eea88 | out: lpTimeZoneInformation=0x2eea88) returned 0x2 [0243.925] GetUserNameW (in: lpBuffer=0x2eea04, pcbBuffer=0x2540dc8 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x2540dc8) returned 1 [0243.928] GetComputerNameW (in: lpBuffer=0x2eea04, nSize=0x2541258 | out: lpBuffer="Q9IATRKPRH", nSize=0x2541258) returned 1 [0243.932] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418 [0243.932] SetEvent (hEvent=0x2c4) returned 1 [0243.933] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eeb84*=0x418, lpdwindex=0x2ee9a8 | out: lpdwindex=0x2ee9a8) returned 0x0 [0243.936] CoGetContextToken (in: pToken=0x2eea5c | out: pToken=0x2eea5c) returned 0x0 [0243.936] CoGetContextToken (in: pToken=0x2ee9bc | out: pToken=0x2ee9bc) returned 0x0 [0243.936] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c740, riid=0x2eea8c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eea88 | out: ppvObject=0x2eea88*=0x86c740) returned 0x0 [0243.936] WbemDefPath:IUnknown:AddRef (This=0x86c740) returned 0x3 [0243.936] WbemDefPath:IUnknown:Release (This=0x86c740) returned 0x2 [0243.936] WbemDefPath:IWbemPath:SetText (This=0x86c740, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0243.937] WbemDefPath:IWbemPath:GetInfo (in: This=0x86c740, uRequestedInfo=0x0, puResponse=0x2eec30 | out: puResponse=0x2eec30*=0xc15) returned 0x0 [0243.937] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x86c740, puCount=0x2eec28 | out: puCount=0x2eec28*=0x0) returned 0x0 [0243.938] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eec00 | out: puCount=0x2eec00*=0x2) returned 0x0 [0243.938] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebfc*=0x0, pszText=0x0 | out: puBuffLength=0x2eebfc*=0xf, pszText=0x0) returned 0x0 [0243.938] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebfc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eebfc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0243.951] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eea98*=0x434, lpdwindex=0x2ee950 | out: lpdwindex=0x2ee950) returned 0x0 [0243.979] CoGetContextToken (in: pToken=0x2ee94c | out: pToken=0x2ee94c) returned 0x0 [0243.979] CoGetContextToken (in: pToken=0x2ee8ac | out: pToken=0x2ee8ac) returned 0x0 [0243.979] CoGetContextToken (in: pToken=0x2ee8ac | out: pToken=0x2ee8ac) returned 0x0 [0243.979] CoGetContextToken (in: pToken=0x2ee84c | out: pToken=0x2ee84c) returned 0x0 [0243.979] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x722b8ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee824 | out: ppvObject=0x2ee824*=0x7eee78) returned 0x0 [0243.979] CObjectContext::ContextCallback () returned 0x0 [0243.984] IUnknown:Release (This=0x7eee78) returned 0x1 [0243.984] CoUnmarshalInterface (in: pStm=0x893d80, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee8a0 | out: ppv=0x2ee8a0*=0x84fdf4) returned 0x0 [0243.984] CoMarshalInterface (pStm=0x893d80, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x84fdf4, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0243.984] WbemLocator:IUnknown:QueryInterface (in: This=0x84fdf4, riid=0x2ee97c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2ee978 | out: ppvObject=0x2ee978*=0x4e52e80) returned 0x0 [0243.987] WbemLocator:IUnknown:Release (This=0x84fdf4) returned 0x1 [0243.987] IWbemServices:ExecQuery (in: This=0x4e52e80, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x2eeb60 | out: ppEnum=0x2eeb60*=0x835708) returned 0x0 [0243.991] IUnknown:QueryInterface (in: This=0x835708, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee9b0 | out: ppvObject=0x2ee9b0*=0x83570c) returned 0x0 [0243.991] IClientSecurity:QueryBlanket (in: This=0x83570c, pProxy=0x835708, pAuthnSvc=0x2eea00, pAuthzSvc=0x2ee9fc, pServerPrincName=0x2ee9f4, pAuthnLevel=0x2ee9f8, pImpLevel=0x2ee9e8, pAuthInfo=0x2ee9ec, pCapabilites=0x2ee9f0 | out: pAuthnSvc=0x2eea00*=0xa, pAuthzSvc=0x2ee9fc*=0x0, pServerPrincName=0x2ee9f4, pAuthnLevel=0x2ee9f8*=0x6, pImpLevel=0x2ee9e8*=0x2, pAuthInfo=0x2ee9ec, pCapabilites=0x2ee9f0*=0x1) returned 0x0 [0243.991] IUnknown:Release (This=0x83570c) returned 0x1 [0243.991] IUnknown:QueryInterface (in: This=0x835708, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee9a4 | out: ppvObject=0x2ee9a4*=0x84fee4) returned 0x0 [0243.991] IUnknown:QueryInterface (in: This=0x835708, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee990 | out: ppvObject=0x2ee990*=0x83570c) returned 0x0 [0243.991] IClientSecurity:SetBlanket (This=0x83570c, pProxy=0x835708, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0243.999] IUnknown:Release (This=0x83570c) returned 0x2 [0243.999] WbemLocator:IUnknown:Release (This=0x84fee4) returned 0x1 [0243.999] CoTaskMemFree (pv=0x4e44278) [0243.999] IUnknown:AddRef (This=0x835708) returned 0x2 [0243.999] CoGetContextToken (in: pToken=0x2eded0 | out: pToken=0x2eded0) returned 0x0 [0243.999] CoGetContextToken (in: pToken=0x2ee2e4 | out: pToken=0x2ee2e4) returned 0x0 [0243.999] IUnknown:QueryInterface (in: This=0x835708, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee27c | out: ppvObject=0x2ee27c*=0x84fecc) returned 0x0 [0243.999] WbemLocator:IRpcOptions:Query (in: This=0x84fecc, pPrx=0x4e44a78, dwProperty=2, pdwValue=0x2ee370 | out: pdwValue=0x2ee370) returned 0x80004002 [0244.000] WbemLocator:IUnknown:Release (This=0x84fecc) returned 0x2 [0244.000] CoGetContextToken (in: pToken=0x2ee8b4 | out: pToken=0x2ee8b4) returned 0x0 [0244.000] CoGetContextToken (in: pToken=0x2ee814 | out: pToken=0x2ee814) returned 0x0 [0244.000] IUnknown:QueryInterface (in: This=0x835708, riid=0x2ee8e4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee7b0 | out: ppvObject=0x2ee7b0*=0x835708) returned 0x0 [0244.000] IUnknown:Release (This=0x835708) returned 0x2 [0244.000] WbemLocator:IUnknown:Release (This=0x4e52e80) returned 0x0 [0244.000] SysStringLen (param_1=0x0) returned 0x0 [0244.000] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebac | out: puCount=0x2eebac*=0x2) returned 0x0 [0244.001] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eeba8*=0x0, pszText=0x0 | out: puBuffLength=0x2eeba8*=0xf, pszText=0x0) returned 0x0 [0244.001] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eeba8*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eeba8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0244.001] CoGetContextToken (in: pToken=0x2ee9f4 | out: pToken=0x2ee9f4) returned 0x0 [0244.001] IEnumWbemClassObject:Clone (in: This=0x835708, ppEnum=0x2eeba8 | out: ppEnum=0x2eeba8*=0x835898) returned 0x0 [0244.002] IUnknown:QueryInterface (in: This=0x835898, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea64 | out: ppvObject=0x2eea64*=0x83589c) returned 0x0 [0244.002] IClientSecurity:QueryBlanket (in: This=0x83589c, pProxy=0x835898, pAuthnSvc=0x2eeab4, pAuthzSvc=0x2eeab0, pServerPrincName=0x2eeaa8, pAuthnLevel=0x2eeaac, pImpLevel=0x2eea9c, pAuthInfo=0x2eeaa0, pCapabilites=0x2eeaa4 | out: pAuthnSvc=0x2eeab4*=0xa, pAuthzSvc=0x2eeab0*=0x0, pServerPrincName=0x2eeaa8, pAuthnLevel=0x2eeaac*=0x6, pImpLevel=0x2eea9c*=0x2, pAuthInfo=0x2eeaa0, pCapabilites=0x2eeaa4*=0x1) returned 0x0 [0244.002] IUnknown:Release (This=0x83589c) returned 0x1 [0244.002] IUnknown:QueryInterface (in: This=0x835898, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea58 | out: ppvObject=0x2eea58*=0x84fdf4) returned 0x0 [0244.002] IUnknown:QueryInterface (in: This=0x835898, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea44 | out: ppvObject=0x2eea44*=0x83589c) returned 0x0 [0244.002] IClientSecurity:SetBlanket (This=0x83589c, pProxy=0x835898, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0244.004] IUnknown:Release (This=0x83589c) returned 0x2 [0244.004] WbemLocator:IUnknown:Release (This=0x84fdf4) returned 0x1 [0244.004] CoTaskMemFree (pv=0x4e44248) [0244.004] IUnknown:AddRef (This=0x835898) returned 0x2 [0244.004] CoGetContextToken (in: pToken=0x2edf74 | out: pToken=0x2edf74) returned 0x0 [0244.004] CoGetContextToken (in: pToken=0x2ee384 | out: pToken=0x2ee384) returned 0x0 [0244.005] IUnknown:QueryInterface (in: This=0x835898, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee320 | out: ppvObject=0x2ee320*=0x84fddc) returned 0x0 [0244.005] WbemLocator:IRpcOptions:Query (in: This=0x84fddc, pPrx=0x4e44af0, dwProperty=2, pdwValue=0x2ee414 | out: pdwValue=0x2ee414) returned 0x80004002 [0244.005] WbemLocator:IUnknown:Release (This=0x84fddc) returned 0x2 [0244.005] CoGetContextToken (in: pToken=0x2ee954 | out: pToken=0x2ee954) returned 0x0 [0244.005] CoGetContextToken (in: pToken=0x2ee8b4 | out: pToken=0x2ee8b4) returned 0x0 [0244.005] IUnknown:QueryInterface (in: This=0x835898, riid=0x2ee984*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee850 | out: ppvObject=0x2ee850*=0x835898) returned 0x0 [0244.005] IUnknown:Release (This=0x835898) returned 0x2 [0244.005] SysStringLen (param_1=0x0) returned 0x0 [0244.005] IEnumWbemClassObject:Reset (This=0x835898) returned 0x0 [0244.006] CoTaskMemAlloc (cb=0x4) returned 0x888538 [0244.006] IEnumWbemClassObject:Next (in: This=0x835898, lTimeout=-1, uCount=0x1, apObjects=0x888538, puReturned=0x254277c | out: apObjects=0x888538*=0x8917e0, puReturned=0x254277c*=0x1) returned 0x0 [0244.041] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee1fc | out: ppvObject=0x2ee1fc*=0x8917e0) returned 0x0 [0244.041] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee1b0 | out: ppvObject=0x2ee1b0*=0x0) returned 0x80004002 [0244.041] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2edfd8 | out: ppvObject=0x2edfd8*=0x0) returned 0x80004002 [0244.042] IUnknown:AddRef (This=0x8917e0) returned 0x3 [0244.042] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2edb0c | out: ppvObject=0x2edb0c*=0x0) returned 0x80004002 [0244.042] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edabc | out: ppvObject=0x2edabc*=0x0) returned 0x80004002 [0244.042] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edac8 | out: ppvObject=0x2edac8*=0x8917e4) returned 0x0 [0244.042] IMarshal:GetUnmarshalClass (in: This=0x8917e4, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edad0 | out: pCid=0x2edad0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0244.042] IUnknown:Release (This=0x8917e4) returned 0x3 [0244.042] CoGetContextToken (in: pToken=0x2edb28 | out: pToken=0x2edb28) returned 0x0 [0244.042] CoGetContextToken (in: pToken=0x2edf3c | out: pToken=0x2edf3c) returned 0x0 [0244.042] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfbc | out: ppvObject=0x2edfbc*=0x0) returned 0x80004002 [0244.042] IUnknown:Release (This=0x8917e0) returned 0x2 [0244.042] CoGetContextToken (in: pToken=0x2ee52c | out: pToken=0x2ee52c) returned 0x0 [0244.042] CoGetContextToken (in: pToken=0x2ee48c | out: pToken=0x2ee48c) returned 0x0 [0244.042] IUnknown:QueryInterface (in: This=0x8917e0, riid=0x2ee55c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2ee558 | out: ppvObject=0x2ee558*=0x8917e0) returned 0x0 [0244.042] IUnknown:AddRef (This=0x8917e0) returned 0x4 [0244.042] IUnknown:Release (This=0x8917e0) returned 0x3 [0244.042] IUnknown:Release (This=0x8917e0) returned 0x2 [0244.042] CoTaskMemFree (pv=0x888538) [0244.043] CoGetContextToken (in: pToken=0x2ee89c | out: pToken=0x2ee89c) returned 0x0 [0244.043] IUnknown:AddRef (This=0x8917e0) returned 0x3 [0244.043] CoTaskMemAlloc (cb=0x4) returned 0x888538 [0244.043] IEnumWbemClassObject:Next (in: This=0x835898, lTimeout=-1, uCount=0x1, apObjects=0x888538, puReturned=0x254277c | out: apObjects=0x888538*=0x0, puReturned=0x254277c*=0x0) returned 0x1 [0244.044] CoTaskMemFree (pv=0x888538) [0244.044] CoGetContextToken (in: pToken=0x2eea04 | out: pToken=0x2eea04) returned 0x0 [0244.044] IEnumWbemClassObject:Clone (in: This=0x835708, ppEnum=0x2eebb8 | out: ppEnum=0x2eebb8*=0x835960) returned 0x0 [0244.045] IUnknown:QueryInterface (in: This=0x835960, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea74 | out: ppvObject=0x2eea74*=0x835964) returned 0x0 [0244.045] IClientSecurity:QueryBlanket (in: This=0x835964, pProxy=0x835960, pAuthnSvc=0x2eeac4, pAuthzSvc=0x2eeac0, pServerPrincName=0x2eeab8, pAuthnLevel=0x2eeabc, pImpLevel=0x2eeaac, pAuthInfo=0x2eeab0, pCapabilites=0x2eeab4 | out: pAuthnSvc=0x2eeac4*=0xa, pAuthzSvc=0x2eeac0*=0x0, pServerPrincName=0x2eeab8, pAuthnLevel=0x2eeabc*=0x6, pImpLevel=0x2eeaac*=0x2, pAuthInfo=0x2eeab0, pCapabilites=0x2eeab4*=0x1) returned 0x0 [0244.045] IUnknown:Release (This=0x835964) returned 0x1 [0244.045] IUnknown:QueryInterface (in: This=0x835960, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea68 | out: ppvObject=0x2eea68*=0x8501b4) returned 0x0 [0244.045] IUnknown:QueryInterface (in: This=0x835960, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea54 | out: ppvObject=0x2eea54*=0x835964) returned 0x0 [0244.045] IClientSecurity:SetBlanket (This=0x835964, pProxy=0x835960, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0244.047] IUnknown:Release (This=0x835964) returned 0x2 [0244.047] WbemLocator:IUnknown:Release (This=0x8501b4) returned 0x1 [0244.047] CoTaskMemFree (pv=0x4e442d8) [0244.047] IUnknown:AddRef (This=0x835960) returned 0x2 [0244.048] CoGetContextToken (in: pToken=0x2edf84 | out: pToken=0x2edf84) returned 0x0 [0244.048] CoGetContextToken (in: pToken=0x2ee394 | out: pToken=0x2ee394) returned 0x0 [0244.048] IUnknown:QueryInterface (in: This=0x835960, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee330 | out: ppvObject=0x2ee330*=0x85019c) returned 0x0 [0244.048] WbemLocator:IRpcOptions:Query (in: This=0x85019c, pPrx=0x4e44bb0, dwProperty=2, pdwValue=0x2ee424 | out: pdwValue=0x2ee424) returned 0x80004002 [0244.048] WbemLocator:IUnknown:Release (This=0x85019c) returned 0x2 [0244.048] CoGetContextToken (in: pToken=0x2ee964 | out: pToken=0x2ee964) returned 0x0 [0244.048] CoGetContextToken (in: pToken=0x2ee8c4 | out: pToken=0x2ee8c4) returned 0x0 [0244.048] IUnknown:QueryInterface (in: This=0x835960, riid=0x2ee994*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee860 | out: ppvObject=0x2ee860*=0x835960) returned 0x0 [0244.049] IUnknown:Release (This=0x835960) returned 0x2 [0244.049] SysStringLen (param_1=0x0) returned 0x0 [0244.049] IEnumWbemClassObject:Reset (This=0x835960) returned 0x0 [0244.050] CoTaskMemAlloc (cb=0x4) returned 0x81a2f8 [0244.050] IEnumWbemClassObject:Next (in: This=0x835960, lTimeout=-1, uCount=0x1, apObjects=0x81a2f8, puReturned=0x2542860 | out: apObjects=0x81a2f8*=0x891b10, puReturned=0x2542860*=0x1) returned 0x0 [0244.052] IUnknown:QueryInterface (in: This=0x891b10, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee20c | out: ppvObject=0x2ee20c*=0x891b10) returned 0x0 [0244.052] IUnknown:QueryInterface (in: This=0x891b10, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee1c0 | out: ppvObject=0x2ee1c0*=0x0) returned 0x80004002 [0244.052] IUnknown:QueryInterface (in: This=0x891b10, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x0) returned 0x80004002 [0244.052] IUnknown:AddRef (This=0x891b10) returned 0x3 [0244.052] IUnknown:QueryInterface (in: This=0x891b10, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2edb1c | out: ppvObject=0x2edb1c*=0x0) returned 0x80004002 [0244.052] IUnknown:QueryInterface (in: This=0x891b10, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edacc | out: ppvObject=0x2edacc*=0x0) returned 0x80004002 [0244.052] IUnknown:QueryInterface (in: This=0x891b10, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edad8 | out: ppvObject=0x2edad8*=0x891b14) returned 0x0 [0244.052] IMarshal:GetUnmarshalClass (in: This=0x891b14, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edae0 | out: pCid=0x2edae0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0244.052] IUnknown:Release (This=0x891b14) returned 0x3 [0244.052] CoGetContextToken (in: pToken=0x2edb38 | out: pToken=0x2edb38) returned 0x0 [0244.053] CoGetContextToken (in: pToken=0x2edf4c | out: pToken=0x2edf4c) returned 0x0 [0244.053] IUnknown:QueryInterface (in: This=0x891b10, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfcc | out: ppvObject=0x2edfcc*=0x0) returned 0x80004002 [0244.053] IUnknown:Release (This=0x891b10) returned 0x2 [0244.053] CoGetContextToken (in: pToken=0x2ee53c | out: pToken=0x2ee53c) returned 0x0 [0244.053] CoGetContextToken (in: pToken=0x2ee49c | out: pToken=0x2ee49c) returned 0x0 [0244.053] IUnknown:QueryInterface (in: This=0x891b10, riid=0x2ee56c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2ee568 | out: ppvObject=0x2ee568*=0x891b10) returned 0x0 [0244.053] IUnknown:AddRef (This=0x891b10) returned 0x4 [0244.053] IUnknown:Release (This=0x891b10) returned 0x3 [0244.053] IUnknown:Release (This=0x891b10) returned 0x2 [0244.053] CoTaskMemFree (pv=0x81a2f8) [0244.053] CoGetContextToken (in: pToken=0x2ee8ac | out: pToken=0x2ee8ac) returned 0x0 [0244.053] IUnknown:AddRef (This=0x891b10) returned 0x3 [0244.053] IWbemClassObject:Get (in: This=0x891b10, wszName="__GENUS", lFlags=0, pVal=0x2eeba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2eec28*=0, plFlavor=0x2eec24*=0 | out: pVal=0x2eeba8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2eec28*=3, plFlavor=0x2eec24*=64) returned 0x0 [0244.054] IWbemClassObject:Get (in: This=0x891b10, wszName="__PATH", lFlags=0, pVal=0x2eeb8c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2eec10*=0, plFlavor=0x2eec0c*=0 | out: pVal=0x2eeb8c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"", varVal2=0x0), pType=0x2eec10*=8, plFlavor=0x2eec0c*=64) returned 0x0 [0244.054] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0244.054] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0244.054] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x470 [0244.054] SetEvent (hEvent=0x2c4) returned 1 [0244.054] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eeb64*=0x470, lpdwindex=0x2ee988 | out: lpdwindex=0x2ee988) returned 0x0 [0244.057] CoGetContextToken (in: pToken=0x2eea3c | out: pToken=0x2eea3c) returned 0x0 [0244.057] CoGetContextToken (in: pToken=0x2ee99c | out: pToken=0x2ee99c) returned 0x0 [0244.057] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c7b0, riid=0x2eea6c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eea68 | out: ppvObject=0x2eea68*=0x86c7b0) returned 0x0 [0244.057] WbemDefPath:IUnknown:AddRef (This=0x86c7b0) returned 0x3 [0244.057] WbemDefPath:IUnknown:Release (This=0x86c7b0) returned 0x2 [0244.057] WbemDefPath:IWbemPath:SetText (This=0x86c7b0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x0 [0244.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebe4 | out: puCount=0x2eebe4*=0x2) returned 0x0 [0244.057] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebe0*=0x0, pszText=0x0 | out: puBuffLength=0x2eebe0*=0xf, pszText=0x0) returned 0x0 [0244.057] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0244.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebd8 | out: puCount=0x2eebd8*=0x2) returned 0x0 [0244.057] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebd4*=0x0, pszText=0x0 | out: puBuffLength=0x2eebd4*=0xf, pszText=0x0) returned 0x0 [0244.057] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebd4*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eebd4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0244.057] IWbemClassObject:Get (in: This=0x891b10, wszName="Name", lFlags=0, pVal=0x2eebd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25430cc*=0, plFlavor=0x25430d0*=0 | out: pVal=0x2eebd4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x25430cc*=8, plFlavor=0x25430d0*=0) returned 0x0 [0244.057] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0244.057] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0244.058] IWbemClassObject:Get (in: This=0x891b10, wszName="Name", lFlags=0, pVal=0x2eebdc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25430cc*=8, plFlavor=0x25430d0*=0 | out: pVal=0x2eebdc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x25430cc*=8, plFlavor=0x25430d0*=0) returned 0x0 [0244.058] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0244.058] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0244.085] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebf0 | out: puCount=0x2eebf0*=0x2) returned 0x0 [0244.085] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebec*=0x0, pszText=0x0 | out: puBuffLength=0x2eebec*=0xf, pszText=0x0) returned 0x0 [0244.086] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebec*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eebec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0244.094] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eea98*=0x484, lpdwindex=0x2ee950 | out: lpdwindex=0x2ee950) returned 0x0 [0244.105] CoGetContextToken (in: pToken=0x2ee95c | out: pToken=0x2ee95c) returned 0x0 [0244.105] CoGetContextToken (in: pToken=0x2ee8bc | out: pToken=0x2ee8bc) returned 0x0 [0244.106] CoGetContextToken (in: pToken=0x2ee8bc | out: pToken=0x2ee8bc) returned 0x0 [0244.106] CoGetContextToken (in: pToken=0x2ee85c | out: pToken=0x2ee85c) returned 0x0 [0244.106] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x722b8ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee834 | out: ppvObject=0x2ee834*=0x7eee78) returned 0x0 [0244.106] CObjectContext::ContextCallback () returned 0x0 [0244.108] IUnknown:Release (This=0x7eee78) returned 0x1 [0244.108] CoUnmarshalInterface (in: pStm=0x893ec0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ee8b0 | out: ppv=0x2ee8b0*=0x850574) returned 0x0 [0244.108] CoMarshalInterface (pStm=0x893ec0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x850574, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0244.109] WbemLocator:IUnknown:QueryInterface (in: This=0x850574, riid=0x2ee98c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2ee988 | out: ppvObject=0x2ee988*=0x4e5fda8) returned 0x0 [0244.109] WbemLocator:IUnknown:Release (This=0x850574) returned 0x1 [0244.109] IWbemServices:ExecQuery (in: This=0x4e5fda8, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x2eeb60 | out: ppEnum=0x2eeb60*=0x835af0) returned 0x0 [0244.118] IUnknown:QueryInterface (in: This=0x835af0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee9bc | out: ppvObject=0x2ee9bc*=0x835af4) returned 0x0 [0244.118] IClientSecurity:QueryBlanket (in: This=0x835af4, pProxy=0x835af0, pAuthnSvc=0x2eea0c, pAuthzSvc=0x2eea08, pServerPrincName=0x2eea00, pAuthnLevel=0x2eea04, pImpLevel=0x2ee9f4, pAuthInfo=0x2ee9f8, pCapabilites=0x2ee9fc | out: pAuthnSvc=0x2eea0c*=0xa, pAuthzSvc=0x2eea08*=0x0, pServerPrincName=0x2eea00, pAuthnLevel=0x2eea04*=0x6, pImpLevel=0x2ee9f4*=0x2, pAuthInfo=0x2ee9f8, pCapabilites=0x2ee9fc*=0x1) returned 0x0 [0244.119] IUnknown:Release (This=0x835af4) returned 0x1 [0244.119] IUnknown:QueryInterface (in: This=0x835af0, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee9b0 | out: ppvObject=0x2ee9b0*=0x850664) returned 0x0 [0244.119] IUnknown:QueryInterface (in: This=0x835af0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee99c | out: ppvObject=0x2ee99c*=0x835af4) returned 0x0 [0244.119] IClientSecurity:SetBlanket (This=0x835af4, pProxy=0x835af0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0244.173] IUnknown:Release (This=0x835af4) returned 0x2 [0244.173] WbemLocator:IUnknown:Release (This=0x850664) returned 0x1 [0244.173] CoTaskMemFree (pv=0x4e443f8) [0244.173] IUnknown:AddRef (This=0x835af0) returned 0x2 [0244.173] CoGetContextToken (in: pToken=0x2ededc | out: pToken=0x2ededc) returned 0x0 [0244.173] CoGetContextToken (in: pToken=0x2ee2ec | out: pToken=0x2ee2ec) returned 0x0 [0244.173] IUnknown:QueryInterface (in: This=0x835af0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee288 | out: ppvObject=0x2ee288*=0x85064c) returned 0x0 [0244.174] WbemLocator:IRpcOptions:Query (in: This=0x85064c, pPrx=0x4e44eb0, dwProperty=2, pdwValue=0x2ee37c | out: pdwValue=0x2ee37c) returned 0x80004002 [0244.174] WbemLocator:IUnknown:Release (This=0x85064c) returned 0x2 [0244.174] CoGetContextToken (in: pToken=0x2ee8bc | out: pToken=0x2ee8bc) returned 0x0 [0244.174] CoGetContextToken (in: pToken=0x2ee81c | out: pToken=0x2ee81c) returned 0x0 [0244.174] IUnknown:QueryInterface (in: This=0x835af0, riid=0x2ee8ec*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee7b8 | out: ppvObject=0x2ee7b8*=0x835af0) returned 0x0 [0244.174] IUnknown:Release (This=0x835af0) returned 0x2 [0244.174] WbemLocator:IUnknown:Release (This=0x4e5fda8) returned 0x0 [0244.174] SysStringLen (param_1=0x0) returned 0x0 [0244.175] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebac | out: puCount=0x2eebac*=0x2) returned 0x0 [0244.175] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eeba8*=0x0, pszText=0x0 | out: puBuffLength=0x2eeba8*=0xf, pszText=0x0) returned 0x0 [0244.175] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eeba8*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eeba8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0244.175] CoGetContextToken (in: pToken=0x2eea04 | out: pToken=0x2eea04) returned 0x0 [0244.175] IEnumWbemClassObject:Clone (in: This=0x835af0, ppEnum=0x2eebb8 | out: ppEnum=0x2eebb8*=0x835bb8) returned 0x0 [0244.267] IUnknown:QueryInterface (in: This=0x835bb8, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea74 | out: ppvObject=0x2eea74*=0x835bbc) returned 0x0 [0244.267] IClientSecurity:QueryBlanket (in: This=0x835bbc, pProxy=0x835bb8, pAuthnSvc=0x2eeac4, pAuthzSvc=0x2eeac0, pServerPrincName=0x2eeab8, pAuthnLevel=0x2eeabc, pImpLevel=0x2eeaac, pAuthInfo=0x2eeab0, pCapabilites=0x2eeab4 | out: pAuthnSvc=0x2eeac4*=0xa, pAuthzSvc=0x2eeac0*=0x0, pServerPrincName=0x2eeab8, pAuthnLevel=0x2eeabc*=0x6, pImpLevel=0x2eeaac*=0x2, pAuthInfo=0x2eeab0, pCapabilites=0x2eeab4*=0x1) returned 0x0 [0244.267] IUnknown:Release (This=0x835bbc) returned 0x1 [0244.267] IUnknown:QueryInterface (in: This=0x835bb8, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea68 | out: ppvObject=0x2eea68*=0x850574) returned 0x0 [0244.267] IUnknown:QueryInterface (in: This=0x835bb8, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2eea54 | out: ppvObject=0x2eea54*=0x835bbc) returned 0x0 [0244.267] IClientSecurity:SetBlanket (This=0x835bbc, pProxy=0x835bb8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0244.453] IUnknown:Release (This=0x835bbc) returned 0x2 [0244.453] WbemLocator:IUnknown:Release (This=0x850574) returned 0x1 [0244.453] CoTaskMemFree (pv=0x4e44308) [0244.454] IUnknown:AddRef (This=0x835bb8) returned 0x2 [0244.454] CoGetContextToken (in: pToken=0x2edf84 | out: pToken=0x2edf84) returned 0x0 [0244.454] CoGetContextToken (in: pToken=0x2ee394 | out: pToken=0x2ee394) returned 0x0 [0244.454] IUnknown:QueryInterface (in: This=0x835bb8, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee330 | out: ppvObject=0x2ee330*=0x85055c) returned 0x0 [0244.454] WbemLocator:IRpcOptions:Query (in: This=0x85055c, pPrx=0x4e55258, dwProperty=2, pdwValue=0x2ee424 | out: pdwValue=0x2ee424) returned 0x80004002 [0244.455] WbemLocator:IUnknown:Release (This=0x85055c) returned 0x2 [0244.455] CoGetContextToken (in: pToken=0x2ee964 | out: pToken=0x2ee964) returned 0x0 [0244.455] CoGetContextToken (in: pToken=0x2ee8c4 | out: pToken=0x2ee8c4) returned 0x0 [0244.455] IUnknown:QueryInterface (in: This=0x835bb8, riid=0x2ee994*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ee860 | out: ppvObject=0x2ee860*=0x835bb8) returned 0x0 [0244.455] IUnknown:Release (This=0x835bb8) returned 0x2 [0244.455] SysStringLen (param_1=0x0) returned 0x0 [0244.455] IEnumWbemClassObject:Reset (This=0x835bb8) returned 0x0 [0244.531] CoTaskMemAlloc (cb=0x4) returned 0x4e614a8 [0244.532] IEnumWbemClassObject:Next (in: This=0x835bb8, lTimeout=-1, uCount=0x1, apObjects=0x4e614a8, puReturned=0x2543df0 | out: apObjects=0x4e614a8*=0x891e40, puReturned=0x2543df0*=0x1) returned 0x0 [0245.558] IUnknown:QueryInterface (in: This=0x891e40, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ee20c | out: ppvObject=0x2ee20c*=0x891e40) returned 0x0 [0245.559] IUnknown:QueryInterface (in: This=0x891e40, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ee1c0 | out: ppvObject=0x2ee1c0*=0x0) returned 0x80004002 [0245.559] IUnknown:QueryInterface (in: This=0x891e40, riid=0x72201e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2edfe8 | out: ppvObject=0x2edfe8*=0x0) returned 0x80004002 [0245.559] IUnknown:AddRef (This=0x891e40) returned 0x3 [0245.559] IUnknown:QueryInterface (in: This=0x891e40, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2edb1c | out: ppvObject=0x2edb1c*=0x0) returned 0x80004002 [0245.559] IUnknown:QueryInterface (in: This=0x891e40, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2edacc | out: ppvObject=0x2edacc*=0x0) returned 0x80004002 [0245.559] IUnknown:QueryInterface (in: This=0x891e40, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edad8 | out: ppvObject=0x2edad8*=0x891e44) returned 0x0 [0245.559] IMarshal:GetUnmarshalClass (in: This=0x891e44, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2edae0 | out: pCid=0x2edae0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0245.559] IUnknown:Release (This=0x891e44) returned 0x3 [0245.559] CoGetContextToken (in: pToken=0x2edb38 | out: pToken=0x2edb38) returned 0x0 [0245.559] CoGetContextToken (in: pToken=0x2edf4c | out: pToken=0x2edf4c) returned 0x0 [0245.559] IUnknown:QueryInterface (in: This=0x891e40, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2edfcc | out: ppvObject=0x2edfcc*=0x0) returned 0x80004002 [0245.560] IUnknown:Release (This=0x891e40) returned 0x2 [0245.560] CoGetContextToken (in: pToken=0x2ee53c | out: pToken=0x2ee53c) returned 0x0 [0245.560] CoGetContextToken (in: pToken=0x2ee49c | out: pToken=0x2ee49c) returned 0x0 [0245.560] IUnknown:QueryInterface (in: This=0x891e40, riid=0x2ee56c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x2ee568 | out: ppvObject=0x2ee568*=0x891e40) returned 0x0 [0245.560] IUnknown:AddRef (This=0x891e40) returned 0x4 [0245.560] IUnknown:Release (This=0x891e40) returned 0x3 [0245.560] IUnknown:Release (This=0x891e40) returned 0x2 [0245.560] CoTaskMemFree (pv=0x4e614a8) [0245.560] CoGetContextToken (in: pToken=0x2ee8ac | out: pToken=0x2ee8ac) returned 0x0 [0245.560] IUnknown:AddRef (This=0x891e40) returned 0x3 [0245.560] IWbemClassObject:Get (in: This=0x891e40, wszName="__GENUS", lFlags=0, pVal=0x2eeba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2eec28*=0, plFlavor=0x2eec24*=0 | out: pVal=0x2eeba8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2eec28*=3, plFlavor=0x2eec24*=64) returned 0x0 [0245.571] IWbemClassObject:Get (in: This=0x891e40, wszName="__PATH", lFlags=0, pVal=0x2eeb8c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2eec10*=0, plFlavor=0x2eec0c*=0 | out: pVal=0x2eeb8c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x2eec10*=8, plFlavor=0x2eec0c*=64) returned 0x0 [0245.571] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0245.571] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0245.571] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4a0 [0245.571] SetEvent (hEvent=0x2c4) returned 1 [0245.571] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2eeb64*=0x4a0, lpdwindex=0x2ee988 | out: lpdwindex=0x2ee988) returned 0x0 [0245.575] CoGetContextToken (in: pToken=0x2eea3c | out: pToken=0x2eea3c) returned 0x0 [0245.575] CoGetContextToken (in: pToken=0x2ee99c | out: pToken=0x2ee99c) returned 0x0 [0245.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c820, riid=0x2eea6c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2eea68 | out: ppvObject=0x2eea68*=0x86c820) returned 0x0 [0245.575] WbemDefPath:IUnknown:AddRef (This=0x86c820) returned 0x3 [0245.575] WbemDefPath:IUnknown:Release (This=0x86c820) returned 0x2 [0245.575] WbemDefPath:IWbemPath:SetText (This=0x86c820, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0245.575] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebe4 | out: puCount=0x2eebe4*=0x2) returned 0x0 [0245.575] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebe0*=0x0, pszText=0x0 | out: puBuffLength=0x2eebe0*=0xf, pszText=0x0) returned 0x0 [0245.575] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0245.575] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebb4 | out: puCount=0x2eebb4*=0x2) returned 0x0 [0245.575] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebb0*=0x0, pszText=0x0 | out: puBuffLength=0x2eebb0*=0xf, pszText=0x0) returned 0x0 [0245.575] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebb0*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eebb0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0245.575] IWbemClassObject:Get (in: This=0x891e40, wszName="Name", lFlags=0, pVal=0x2eebb0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2544654*=0, plFlavor=0x2544658*=0 | out: pVal=0x2eebb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2544654*=8, plFlavor=0x2544658*=0) returned 0x0 [0245.575] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0245.575] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0245.575] IWbemClassObject:Get (in: This=0x891e40, wszName="Name", lFlags=0, pVal=0x2eebb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2544654*=8, plFlavor=0x2544658*=0 | out: pVal=0x2eebb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2544654*=8, plFlavor=0x2544658*=0) returned 0x0 [0245.575] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0245.575] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0245.575] CoTaskMemAlloc (cb=0x4) returned 0x4e614e8 [0245.576] IEnumWbemClassObject:Next (in: This=0x835bb8, lTimeout=-1, uCount=0x1, apObjects=0x4e614e8, puReturned=0x2543df0 | out: apObjects=0x4e614e8*=0x0, puReturned=0x2543df0*=0x0) returned 0x1 [0245.577] CoTaskMemFree (pv=0x4e614e8) [0245.577] CoGetContextToken (in: pToken=0x2eeadc | out: pToken=0x2eeadc) returned 0x0 [0245.577] IUnknown:Release (This=0x835bb8) returned 0x1 [0245.577] IUnknown:Release (This=0x835bb8) returned 0x0 [0245.581] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x2eebf0 | out: puCount=0x2eebf0*=0x2) returned 0x0 [0245.581] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebec*=0x0, pszText=0x0 | out: puBuffLength=0x2eebec*=0xf, pszText=0x0) returned 0x0 [0245.581] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=4, puBuffLength=0x2eebec*=0xf, pszText="00000000000000" | out: puBuffLength=0x2eebec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0245.582] GlobalMemoryStatusEx (in: lpBuffer=0x2544890 | out: lpBuffer=0x2544890) returned 1 [0245.970] GetCurrentProcess () returned 0xffffffff [0245.970] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee820 | out: TokenHandle=0x2ee820*=0x4a4) returned 1 [0245.990] CloseHandle (hObject=0x4a4) returned 1 [0245.990] GetCurrentProcess () returned 0xffffffff [0245.991] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee838 | out: TokenHandle=0x2ee838*=0x4a4) returned 1 [0245.991] CloseHandle (hObject=0x4a4) returned 1 [0246.384] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x2eeb4c | out: pFixedInfo=0x0, pOutBufLen=0x2eeb4c) returned 0x6f [0247.118] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x856150 [0247.118] GetNetworkParams (in: pFixedInfo=0x856150, pOutBufLen=0x2eeb4c | out: pFixedInfo=0x856150, pOutBufLen=0x2eeb4c) returned 0x0 [0247.134] LocalFree (hMem=0x856150) returned 0x0 [0247.149] SystemFunction041 (in: Memory=0x4e4e09c, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x4e4e09c) returned 0x0 [0247.151] SysStringLen (param_1="CIRcumFerted221") returned 0x10 [0247.151] SystemFunction040 (in: Memory=0x4e4dff4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x4e4dff4) returned 0x0 [0247.180] GetCurrentProcess () returned 0xffffffff [0247.180] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee768 | out: TokenHandle=0x2ee768*=0x4b4) returned 1 [0247.181] CloseHandle (hObject=0x4b4) returned 1 [0247.182] GetCurrentProcess () returned 0xffffffff [0247.182] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee780 | out: TokenHandle=0x2ee780*=0x4b4) returned 1 [0247.182] CloseHandle (hObject=0x4b4) returned 1 [0247.187] SetEvent (hEvent=0x238) returned 1 [0247.204] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x2ee88c | out: lpWSAData=0x2ee88c) returned 0 [0247.211] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4f0 [0247.553] setsockopt (s=0x4f0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0247.553] closesocket (s=0x4f0) returned 0 [0247.554] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4f0 [0247.590] setsockopt (s=0x4f0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0247.590] closesocket (s=0x4f0) returned 0 [0247.593] GetCurrentProcess () returned 0xffffffff [0247.593] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee68c | out: TokenHandle=0x2ee68c*=0x4f0) returned 1 [0247.599] CloseHandle (hObject=0x4f0) returned 1 [0247.599] GetCurrentProcess () returned 0xffffffff [0247.599] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2ee6a4 | out: TokenHandle=0x2ee6a4*=0x4f0) returned 1 [0247.600] CloseHandle (hObject=0x4f0) returned 1 [0247.617] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x4f0 [0247.620] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4f4 [0247.624] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x4f8 [0247.625] SetEvent (hEvent=0x238) returned 1 [0247.625] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x2ee9c0*=0x4f0, lpdwindex=0x2ee884 | out: lpdwindex=0x2ee884) returned 0x0 [0247.630] ReleaseMutex (hMutex=0x4f8) returned 1 [0247.631] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4fc [0247.632] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x500 [0247.634] GetAddrInfoW (in: pNodeName="mail.airseaalliance.com", pServiceName=0x0, pHints=0x2ee970*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x2ee918 | out: ppResult=0x2ee918*=0x4e56be8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="airseaalliance.com", ai_addr=0x4e55900*(sa_family=2, sin_port=0x0, sin_addr="135.181.211.109"), ai_next=0x0)) returned 0 [0247.919] FreeAddrInfoW (pAddrInfo=0x4e56be8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="airseaalliance.com", ai_addr=0x4e55900*(sa_family=2, sin_port=0x0, sin_addr="135.181.211.109"), ai_next=0x0)) [0247.921] GetAddrInfoW (in: pNodeName="mail.airseaalliance.com", pServiceName=0x0, pHints=0x2ee970*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x2ee918 | out: ppResult=0x2ee918*=0x4e56b20*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.airseaalliance.com", ai_addr=0x4e55828*(sa_family=2, sin_port=0x0, sin_addr="135.181.211.109"), ai_next=0x0)) returned 0 [0247.923] FreeAddrInfoW (pAddrInfo=0x4e56b20*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.airseaalliance.com", ai_addr=0x4e55828*(sa_family=2, sin_port=0x0, sin_addr="135.181.211.109"), ai_next=0x0)) [0247.924] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x50c [0247.925] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x510 [0247.926] ioctlsocket (in: s=0x50c, cmd=-2147195266, argp=0x2ee948 | out: argp=0x2ee948) returned 0 [0247.926] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x514 [0247.927] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x518 [0247.927] ioctlsocket (in: s=0x514, cmd=-2147195266, argp=0x2ee948 | out: argp=0x2ee948) returned 0 [0247.928] WSAIoctl (in: s=0x50c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2ee930, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2ee930, lpOverlapped=0x0) returned -1 [0247.929] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ee660, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0247.931] WSAEventSelect (s=0x50c, hEventObject=0x510, lNetworkEvents=512) returned 0 [0247.931] WSAIoctl (in: s=0x514, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2ee930, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2ee930, lpOverlapped=0x0) returned -1 [0247.931] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2ee660, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0247.931] WSAEventSelect (s=0x514, hEventObject=0x518, lNetworkEvents=512) returned 0 [0247.932] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x2ee92c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x2ee92c*=0x7ec) returned 0x6f [0247.940] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x4e70368 [0247.940] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x4e70368, SizePointer=0x2ee92c*=0x7ec | out: AdapterAddresses=0x4e70368*(Alignment=0xf00000178, Length=0x178, IfIndex=0xf, Next=0x4e70634, AdapterName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", FirstUnicastAddress=0x4e705a8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #4", FriendlyName="Local Area Connection 4", PhysicalAddress=([0]=0x0, [1]=0xe, [2]=0xc6, [3]=0xe5, [4]=0x7e, [5]=0xa1, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xf, ZoneIndices=([0]=0xf, [1]=0xf, [2]=0xf, [3]=0xf, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000009000000, Dhcpv4Server.lpSockaddr=0x4e704e0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x12c89f1d, FirstDnsSuffix=0x0), SizePointer=0x2ee92c*=0x7ec) returned 0x0 [0247.955] LocalFree (hMem=0x4e70368) returned 0x0 [0247.956] WSAConnect (in: s=0x4fc, name=0x254f458*(sa_family=2, sin_port=0x24b, sin_addr="135.181.211.109"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0248.005] closesocket (s=0x500) returned 0 [0248.006] setsockopt (s=0x4fc, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0248.010] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 177 [0248.527] send (s=0x4fc, buf=0x25485ec*, len=17, flags=0) returned 17 [0248.527] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 202 [0248.584] send (s=0x4fc, buf=0x25485ec*, len=45, flags=0) returned 45 [0248.584] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 18 [0248.629] SysStringLen (param_1="橬䪂梑ꪔ컪ᄯ桒풠뚿⟨渧凾냪꼋") returned 0x10 [0248.629] SystemFunction041 (in: Memory=0x4e4dff4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x4e4dff4) returned 0x0 [0248.630] SysStringLen (param_1="CIRcumFerted221") returned 0x10 [0248.630] SystemFunction040 (in: Memory=0x4e4dff4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x4e4dff4) returned 0x0 [0248.630] SysStringLen (param_1="CIRcumFerted221") returned 0xf [0248.630] SysStringLen (param_1="CIRcumFerted221") returned 0xf [0248.630] send (s=0x4fc, buf=0x25485ec*, len=22, flags=0) returned 22 [0248.632] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 30 [0248.688] send (s=0x4fc, buf=0x25485ec*, len=38, flags=0) returned 38 [0248.689] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 8 [0248.731] send (s=0x4fc, buf=0x25485ec*, len=36, flags=0) returned 36 [0248.732] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 14 [0248.785] send (s=0x4fc, buf=0x25485ec*, len=6, flags=0) returned 6 [0248.786] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 56 [0248.855] send (s=0x4fc, buf=0x255158c*, len=239, flags=0) returned 239 [0248.858] send (s=0x4fc, buf=0x2557f54*, len=360, flags=0) returned 360 [0248.859] send (s=0x4fc, buf=0x255158c*, len=2, flags=0) returned 2 [0248.860] send (s=0x4fc, buf=0x25485ec*, len=5, flags=0) returned 5 [0248.860] recv (in: s=0x4fc, buf=0x254f54c, len=256, flags=0 | out: buf=0x254f54c*) returned 28 [0248.910] ReleaseSemaphore (in: hSemaphore=0x4f0, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0248.963] SetWindowsHookExW (idHook=13, lpfn=0x75134e, hmod=0x400000, dwThreadId=0x0) returned 0x800cf [0249.005] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1bd [0249.006] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1bb [0249.009] GetSystemMetrics (nIndex=75) returned 1 [0249.020] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0249.031] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772b0000 [0249.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x2eefa4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory!¸gÈn9/® Dþ\x0frTó.", lpUsedDefaultChar=0x0) returned 15 [0249.031] GetProcAddress (hModule=0x772b0000, lpProcName="AddDllDirectory") returned 0x773f1e91 [0249.032] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6db00000 [0249.043] GetStockObject (i=5) returned 0x1900015 [0249.043] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0249.044] CoTaskMemAlloc (cb=0x5c) returned 0x834528 [0249.044] RegisterClassW (lpWndClass=0x2eeed8) returned 0xc1be [0249.045] CoTaskMemFree (pv=0x834528) [0249.045] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0249.045] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.34f5582_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x8010c [0249.047] SetWindowLongW (hWnd=0x8010c, nIndex=-4, dwNewLong=2005870045) returned 7672694 [0249.047] GetWindowLongW (hWnd=0x8010c, nIndex=-4) returned 2005870045 [0249.047] SetWindowLongW (hWnd=0x8010c, nIndex=-4, dwNewLong=7672734) returned 2005870045 [0249.047] GetWindowLongW (hWnd=0x8010c, nIndex=-4) returned 7672734 [0249.047] GetWindowLongW (hWnd=0x8010c, nIndex=-16) returned 113311744 [0249.048] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1bc [0249.048] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x8010c, Msg=0x24, wParam=0x0, lParam=0x2eeac4) returned 0x0 [0249.048] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x8010c, Msg=0x81, wParam=0x0, lParam=0x2eeab8) returned 0x1 [0249.049] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x8010c, Msg=0x83, wParam=0x0, lParam=0x2eeaa4) returned 0x0 [0249.049] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x8010c, Msg=0x1, wParam=0x0, lParam=0x2eeab8) returned 0x0 [0249.049] GetClientRect (in: hWnd=0x8010c, lpRect=0x2ee820 | out: lpRect=0x2ee820) returned 1 [0249.050] GetWindowRect (in: hWnd=0x8010c, lpRect=0x2ee820 | out: lpRect=0x2ee820) returned 1 [0249.051] GetParent (hWnd=0x8010c) returned 0x0 [0249.052] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x2ef108 | out: lplpMessageFilter=0x2ef108*=0x0) returned 0x0 [0249.054] PeekMessageW (in: lpMsg=0x2ef0dc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x2ef0dc) returned 0 [0249.054] PeekMessageW (in: lpMsg=0x2ef0dc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x2ef0dc) returned 0 [0249.054] WaitMessage () Thread: id = 11 os_tid = 0xf68 Thread: id = 12 os_tid = 0xf6c [0131.993] CoGetContextToken (in: pToken=0xf5f5fc | out: pToken=0xf5f5fc) returned 0x800401f0 [0131.993] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 13 os_tid = 0xf70 Thread: id = 14 os_tid = 0xf80 Thread: id = 15 os_tid = 0xf84 Thread: id = 16 os_tid = 0xf88 Thread: id = 75 os_tid = 0xfa8 [0148.171] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0148.209] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x557f11c | out: lpiid=0x557f11c) returned 0x0 [0148.212] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x83f250) returned 0x0 [0148.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x83f250, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0148.213] WbemDefPath:IClassFactory:CreateInstance (in: This=0x83f250, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81a850) returned 0x0 [0148.213] WbemDefPath:IUnknown:Release (This=0x83f250) returned 0x0 [0148.213] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a850, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81a850) returned 0x0 [0148.213] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a850, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0148.213] WbemDefPath:IUnknown:AddRef (This=0x81a850) returned 0x3 [0148.213] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a850, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0148.213] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a850, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0148.214] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a850, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x83f230) returned 0x0 [0148.214] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x83f230, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.214] WbemDefPath:IUnknown:Release (This=0x83f230) returned 0x3 [0148.214] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0148.215] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0148.215] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a850, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0148.215] WbemDefPath:IUnknown:Release (This=0x81a850) returned 0x2 [0148.215] WbemDefPath:IUnknown:Release (This=0x81a850) returned 0x1 [0148.216] SetEvent (hEvent=0x2c0) returned 1 [0148.246] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x83f370) returned 0x0 [0148.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x83f370, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0148.247] WbemDefPath:IClassFactory:CreateInstance (in: This=0x83f370, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81a8c0) returned 0x0 [0148.247] WbemDefPath:IUnknown:Release (This=0x83f370) returned 0x0 [0148.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a8c0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81a8c0) returned 0x0 [0148.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a8c0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0148.248] WbemDefPath:IUnknown:AddRef (This=0x81a8c0) returned 0x3 [0148.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a8c0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0148.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a8c0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0148.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a8c0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x83f380) returned 0x0 [0148.268] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x83f380, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.268] WbemDefPath:IUnknown:Release (This=0x83f380) returned 0x3 [0148.268] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0148.268] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0148.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a8c0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0148.268] WbemDefPath:IUnknown:Release (This=0x81a8c0) returned 0x2 [0148.268] WbemDefPath:IUnknown:Release (This=0x81a8c0) returned 0x1 [0148.268] SetEvent (hEvent=0x2f0) returned 1 [0148.271] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x83f3b0) returned 0x0 [0148.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x83f3b0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0148.272] WbemDefPath:IClassFactory:CreateInstance (in: This=0x83f3b0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81a930) returned 0x0 [0148.272] WbemDefPath:IUnknown:Release (This=0x83f3b0) returned 0x0 [0148.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a930, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81a930) returned 0x0 [0148.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a930, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0148.272] WbemDefPath:IUnknown:AddRef (This=0x81a930) returned 0x3 [0148.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a930, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0148.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a930, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0148.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a930, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x83f3c0) returned 0x0 [0148.272] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x83f3c0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.273] WbemDefPath:IUnknown:Release (This=0x83f3c0) returned 0x3 [0148.273] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0148.273] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0148.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a930, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0148.273] WbemDefPath:IUnknown:Release (This=0x81a930) returned 0x2 [0148.273] WbemDefPath:IUnknown:Release (This=0x81a930) returned 0x1 [0148.273] SetEvent (hEvent=0x2f4) returned 1 [0149.705] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x83f460) returned 0x0 [0149.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x83f460, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0149.706] WbemDefPath:IClassFactory:CreateInstance (in: This=0x83f460, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81a9a0) returned 0x0 [0149.706] WbemDefPath:IUnknown:Release (This=0x83f460) returned 0x0 [0149.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a9a0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81a9a0) returned 0x0 [0149.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a9a0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0149.707] WbemDefPath:IUnknown:AddRef (This=0x81a9a0) returned 0x3 [0149.707] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a9a0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0149.707] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a9a0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0149.707] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a9a0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x83f470) returned 0x0 [0149.707] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x83f470, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0149.707] WbemDefPath:IUnknown:Release (This=0x83f470) returned 0x3 [0149.707] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0149.707] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0149.707] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a9a0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0149.707] WbemDefPath:IUnknown:Release (This=0x81a9a0) returned 0x2 [0149.707] WbemDefPath:IUnknown:Release (This=0x81a9a0) returned 0x1 [0149.707] SetEvent (hEvent=0x348) returned 1 [0158.413] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x83f500) returned 0x0 [0158.414] WbemDefPath:IUnknown:QueryInterface (in: This=0x83f500, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.414] WbemDefPath:IClassFactory:CreateInstance (in: This=0x83f500, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81aa80) returned 0x0 [0158.414] WbemDefPath:IUnknown:Release (This=0x83f500) returned 0x0 [0158.414] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aa80, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81aa80) returned 0x0 [0158.414] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aa80, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.415] WbemDefPath:IUnknown:AddRef (This=0x81aa80) returned 0x3 [0158.415] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aa80, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.415] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aa80, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.415] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aa80, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x83f520) returned 0x0 [0158.415] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x83f520, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.415] WbemDefPath:IUnknown:Release (This=0x83f520) returned 0x3 [0158.415] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.415] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aa80, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.416] WbemDefPath:IUnknown:Release (This=0x81aa80) returned 0x2 [0158.416] WbemDefPath:IUnknown:Release (This=0x81aa80) returned 0x1 [0158.416] SetEvent (hEvent=0x350) returned 1 [0158.466] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x7f35b0) returned 0x0 [0158.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x7f35b0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.467] WbemDefPath:IClassFactory:CreateInstance (in: This=0x7f35b0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81aaf0) returned 0x0 [0158.467] WbemDefPath:IUnknown:Release (This=0x7f35b0) returned 0x0 [0158.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aaf0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81aaf0) returned 0x0 [0158.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aaf0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.467] WbemDefPath:IUnknown:AddRef (This=0x81aaf0) returned 0x3 [0158.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aaf0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aaf0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aaf0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x83f4f0) returned 0x0 [0158.468] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x83f4f0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.468] WbemDefPath:IUnknown:Release (This=0x83f4f0) returned 0x3 [0158.468] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.468] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x81aaf0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.468] WbemDefPath:IUnknown:Release (This=0x81aaf0) returned 0x2 [0158.468] WbemDefPath:IUnknown:Release (This=0x81aaf0) returned 0x1 [0158.468] SetEvent (hEvent=0x354) returned 1 [0158.474] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x83f4e0) returned 0x0 [0158.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x83f4e0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.474] WbemDefPath:IClassFactory:CreateInstance (in: This=0x83f4e0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81ab60) returned 0x0 [0158.474] WbemDefPath:IUnknown:Release (This=0x83f4e0) returned 0x0 [0158.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ab60, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81ab60) returned 0x0 [0158.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ab60, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.474] WbemDefPath:IUnknown:AddRef (This=0x81ab60) returned 0x3 [0158.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ab60, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ab60, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ab60, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x8728a0) returned 0x0 [0158.475] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8728a0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.475] WbemDefPath:IUnknown:Release (This=0x8728a0) returned 0x3 [0158.475] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.475] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ab60, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.475] WbemDefPath:IUnknown:Release (This=0x81ab60) returned 0x2 [0158.475] WbemDefPath:IUnknown:Release (This=0x81ab60) returned 0x1 [0158.475] SetEvent (hEvent=0x35c) returned 1 [0158.542] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x8728e0) returned 0x0 [0158.542] WbemDefPath:IUnknown:QueryInterface (in: This=0x8728e0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.542] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8728e0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81abd0) returned 0x0 [0158.542] WbemDefPath:IUnknown:Release (This=0x8728e0) returned 0x0 [0158.542] WbemDefPath:IUnknown:QueryInterface (in: This=0x81abd0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81abd0) returned 0x0 [0158.542] WbemDefPath:IUnknown:QueryInterface (in: This=0x81abd0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.543] WbemDefPath:IUnknown:AddRef (This=0x81abd0) returned 0x3 [0158.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81abd0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81abd0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81abd0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872910) returned 0x0 [0158.543] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872910, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.543] WbemDefPath:IUnknown:Release (This=0x872910) returned 0x3 [0158.543] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.543] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81abd0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.544] WbemDefPath:IUnknown:Release (This=0x81abd0) returned 0x2 [0158.544] WbemDefPath:IUnknown:Release (This=0x81abd0) returned 0x1 [0158.544] SetEvent (hEvent=0x38c) returned 1 [0158.754] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872990) returned 0x0 [0158.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x872990, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.754] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872990, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81ac40) returned 0x0 [0158.755] WbemDefPath:IUnknown:Release (This=0x872990) returned 0x0 [0158.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ac40, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81ac40) returned 0x0 [0158.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ac40, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.756] WbemDefPath:IUnknown:AddRef (This=0x81ac40) returned 0x3 [0158.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ac40, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ac40, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ac40, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x8729a0) returned 0x0 [0158.756] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8729a0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.756] WbemDefPath:IUnknown:Release (This=0x8729a0) returned 0x3 [0158.756] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.757] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ac40, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.757] WbemDefPath:IUnknown:Release (This=0x81ac40) returned 0x2 [0158.757] WbemDefPath:IUnknown:Release (This=0x81ac40) returned 0x1 [0158.757] SetEvent (hEvent=0x390) returned 1 [0158.801] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x8729e0) returned 0x0 [0158.801] WbemDefPath:IUnknown:QueryInterface (in: This=0x8729e0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.801] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8729e0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81acb0) returned 0x0 [0158.801] WbemDefPath:IUnknown:Release (This=0x8729e0) returned 0x0 [0158.802] WbemDefPath:IUnknown:QueryInterface (in: This=0x81acb0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81acb0) returned 0x0 [0158.802] WbemDefPath:IUnknown:QueryInterface (in: This=0x81acb0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.802] WbemDefPath:IUnknown:AddRef (This=0x81acb0) returned 0x3 [0158.802] WbemDefPath:IUnknown:QueryInterface (in: This=0x81acb0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.802] WbemDefPath:IUnknown:QueryInterface (in: This=0x81acb0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x81acb0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x8729f0) returned 0x0 [0158.803] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8729f0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.803] WbemDefPath:IUnknown:Release (This=0x8729f0) returned 0x3 [0158.803] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.803] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x81acb0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.803] WbemDefPath:IUnknown:Release (This=0x81acb0) returned 0x2 [0158.804] WbemDefPath:IUnknown:Release (This=0x81acb0) returned 0x1 [0158.804] SetEvent (hEvent=0x394) returned 1 [0158.816] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872a30) returned 0x0 [0158.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x872a30, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.817] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872a30, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x81ad20) returned 0x0 [0158.817] WbemDefPath:IUnknown:Release (This=0x872a30) returned 0x0 [0158.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ad20, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x81ad20) returned 0x0 [0158.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ad20, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.817] WbemDefPath:IUnknown:AddRef (This=0x81ad20) returned 0x3 [0158.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ad20, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ad20, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ad20, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872a40) returned 0x0 [0158.818] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872a40, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.818] WbemDefPath:IUnknown:Release (This=0x872a40) returned 0x3 [0158.818] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.818] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x81ad20, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.818] WbemDefPath:IUnknown:Release (This=0x81ad20) returned 0x2 [0158.818] WbemDefPath:IUnknown:Release (This=0x81ad20) returned 0x1 [0158.818] SetEvent (hEvent=0x398) returned 1 [0158.829] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872a80) returned 0x0 [0158.829] WbemDefPath:IUnknown:QueryInterface (in: This=0x872a80, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.830] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872a80, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c200) returned 0x0 [0158.830] WbemDefPath:IUnknown:Release (This=0x872a80) returned 0x0 [0158.830] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c200, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c200) returned 0x0 [0158.830] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c200, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.831] WbemDefPath:IUnknown:AddRef (This=0x86c200) returned 0x3 [0158.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c200, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c200, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c200, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872a90) returned 0x0 [0158.831] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872a90, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.831] WbemDefPath:IUnknown:Release (This=0x872a90) returned 0x3 [0158.831] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.832] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c200, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.832] WbemDefPath:IUnknown:Release (This=0x86c200) returned 0x2 [0158.832] WbemDefPath:IUnknown:Release (This=0x86c200) returned 0x1 [0158.832] SetEvent (hEvent=0x39c) returned 1 [0158.843] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872ad0) returned 0x0 [0158.843] WbemDefPath:IUnknown:QueryInterface (in: This=0x872ad0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.843] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872ad0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c270) returned 0x0 [0158.843] WbemDefPath:IUnknown:Release (This=0x872ad0) returned 0x0 [0158.843] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c270, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c270) returned 0x0 [0158.844] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c270, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.844] WbemDefPath:IUnknown:AddRef (This=0x86c270) returned 0x3 [0158.844] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c270, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.844] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c270, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.844] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c270, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872ae0) returned 0x0 [0158.844] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872ae0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.844] WbemDefPath:IUnknown:Release (This=0x872ae0) returned 0x3 [0158.844] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.844] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.844] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c270, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.845] WbemDefPath:IUnknown:Release (This=0x86c270) returned 0x2 [0158.845] WbemDefPath:IUnknown:Release (This=0x86c270) returned 0x1 [0158.845] SetEvent (hEvent=0x3a0) returned 1 [0158.856] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872b20) returned 0x0 [0158.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x872b20, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.856] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872b20, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c2e0) returned 0x0 [0158.856] WbemDefPath:IUnknown:Release (This=0x872b20) returned 0x0 [0158.857] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c2e0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c2e0) returned 0x0 [0158.857] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c2e0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.857] WbemDefPath:IUnknown:AddRef (This=0x86c2e0) returned 0x3 [0158.857] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c2e0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c2e0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c2e0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872b30) returned 0x0 [0158.858] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872b30, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.858] WbemDefPath:IUnknown:Release (This=0x872b30) returned 0x3 [0158.858] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.858] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c2e0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.858] WbemDefPath:IUnknown:Release (This=0x86c2e0) returned 0x2 [0158.858] WbemDefPath:IUnknown:Release (This=0x86c2e0) returned 0x1 [0158.858] SetEvent (hEvent=0x3a4) returned 1 [0158.869] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872b70) returned 0x0 [0158.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x872b70, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.870] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872b70, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c350) returned 0x0 [0158.870] WbemDefPath:IUnknown:Release (This=0x872b70) returned 0x0 [0158.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c350, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c350) returned 0x0 [0158.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c350, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.870] WbemDefPath:IUnknown:AddRef (This=0x86c350) returned 0x3 [0158.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c350, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c350, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.870] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c350, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872b80) returned 0x0 [0158.871] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872b80, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.871] WbemDefPath:IUnknown:Release (This=0x872b80) returned 0x3 [0158.871] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.871] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.871] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c350, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.871] WbemDefPath:IUnknown:Release (This=0x86c350) returned 0x2 [0158.871] WbemDefPath:IUnknown:Release (This=0x86c350) returned 0x1 [0158.871] SetEvent (hEvent=0x3a8) returned 1 [0158.882] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872bc0) returned 0x0 [0158.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x872bc0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.882] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872bc0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c3c0) returned 0x0 [0158.882] WbemDefPath:IUnknown:Release (This=0x872bc0) returned 0x0 [0158.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c3c0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c3c0) returned 0x0 [0158.883] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c3c0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.883] WbemDefPath:IUnknown:AddRef (This=0x86c3c0) returned 0x3 [0158.883] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c3c0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.883] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c3c0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.883] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c3c0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872bd0) returned 0x0 [0158.884] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872bd0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.884] WbemDefPath:IUnknown:Release (This=0x872bd0) returned 0x3 [0158.884] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.884] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c3c0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.884] WbemDefPath:IUnknown:Release (This=0x86c3c0) returned 0x2 [0158.884] WbemDefPath:IUnknown:Release (This=0x86c3c0) returned 0x1 [0158.884] SetEvent (hEvent=0x3ac) returned 1 [0158.895] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872c10) returned 0x0 [0158.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x872c10, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.895] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872c10, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c430) returned 0x0 [0158.895] WbemDefPath:IUnknown:Release (This=0x872c10) returned 0x0 [0158.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c430, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c430) returned 0x0 [0158.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c430, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.896] WbemDefPath:IUnknown:AddRef (This=0x86c430) returned 0x3 [0158.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c430, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c430, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c430, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872c20) returned 0x0 [0158.896] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872c20, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.896] WbemDefPath:IUnknown:Release (This=0x872c20) returned 0x3 [0158.896] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.897] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c430, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.897] WbemDefPath:IUnknown:Release (This=0x86c430) returned 0x2 [0158.897] WbemDefPath:IUnknown:Release (This=0x86c430) returned 0x1 [0158.897] SetEvent (hEvent=0x3b0) returned 1 [0158.904] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x872c60) returned 0x0 [0158.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x872c60, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.905] WbemDefPath:IClassFactory:CreateInstance (in: This=0x872c60, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c4a0) returned 0x0 [0158.905] WbemDefPath:IUnknown:Release (This=0x872c60) returned 0x0 [0158.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c4a0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c4a0) returned 0x0 [0158.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c4a0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.906] WbemDefPath:IUnknown:AddRef (This=0x86c4a0) returned 0x3 [0158.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c4a0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c4a0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c4a0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x872c70) returned 0x0 [0158.906] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x872c70, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.906] WbemDefPath:IUnknown:Release (This=0x872c70) returned 0x3 [0158.906] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.906] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c4a0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.906] WbemDefPath:IUnknown:Release (This=0x86c4a0) returned 0x2 [0158.906] WbemDefPath:IUnknown:Release (This=0x86c4a0) returned 0x1 [0158.906] SetEvent (hEvent=0x3b4) returned 1 [0158.916] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x8881c8) returned 0x0 [0158.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x8881c8, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.917] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8881c8, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c510) returned 0x0 [0158.917] WbemDefPath:IUnknown:Release (This=0x8881c8) returned 0x0 [0158.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c510, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c510) returned 0x0 [0158.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c510, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.918] WbemDefPath:IUnknown:AddRef (This=0x86c510) returned 0x3 [0158.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c510, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c510, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c510, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x8881d8) returned 0x0 [0158.918] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8881d8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.918] WbemDefPath:IUnknown:Release (This=0x8881d8) returned 0x3 [0158.918] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.919] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.919] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c510, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.919] WbemDefPath:IUnknown:Release (This=0x86c510) returned 0x2 [0158.919] WbemDefPath:IUnknown:Release (This=0x86c510) returned 0x1 [0158.919] SetEvent (hEvent=0x3b8) returned 1 [0158.931] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x888218) returned 0x0 [0158.931] WbemDefPath:IUnknown:QueryInterface (in: This=0x888218, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.931] WbemDefPath:IClassFactory:CreateInstance (in: This=0x888218, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c580) returned 0x0 [0158.931] WbemDefPath:IUnknown:Release (This=0x888218) returned 0x0 [0158.931] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c580, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c580) returned 0x0 [0158.931] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c580, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.932] WbemDefPath:IUnknown:AddRef (This=0x86c580) returned 0x3 [0158.932] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c580, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.933] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c580, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.933] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c580, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x888228) returned 0x0 [0158.933] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x888228, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.933] WbemDefPath:IUnknown:Release (This=0x888228) returned 0x3 [0158.933] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.933] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.933] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c580, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.933] WbemDefPath:IUnknown:Release (This=0x86c580) returned 0x2 [0158.933] WbemDefPath:IUnknown:Release (This=0x86c580) returned 0x1 [0158.934] SetEvent (hEvent=0x3bc) returned 1 [0158.943] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x888268) returned 0x0 [0158.943] WbemDefPath:IUnknown:QueryInterface (in: This=0x888268, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.943] WbemDefPath:IClassFactory:CreateInstance (in: This=0x888268, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c5f0) returned 0x0 [0158.943] WbemDefPath:IUnknown:Release (This=0x888268) returned 0x0 [0158.943] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c5f0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c5f0) returned 0x0 [0158.943] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c5f0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.944] WbemDefPath:IUnknown:AddRef (This=0x86c5f0) returned 0x3 [0158.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c5f0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c5f0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c5f0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x888278) returned 0x0 [0158.944] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x888278, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.944] WbemDefPath:IUnknown:Release (This=0x888278) returned 0x3 [0158.944] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.944] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c5f0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.944] WbemDefPath:IUnknown:Release (This=0x86c5f0) returned 0x2 [0158.944] WbemDefPath:IUnknown:Release (This=0x86c5f0) returned 0x1 [0158.944] SetEvent (hEvent=0x3c0) returned 1 [0158.953] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x8882b8) returned 0x0 [0158.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x8882b8, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0158.954] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8882b8, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c660) returned 0x0 [0158.954] WbemDefPath:IUnknown:Release (This=0x8882b8) returned 0x0 [0158.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c660, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c660) returned 0x0 [0158.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c660, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0158.954] WbemDefPath:IUnknown:AddRef (This=0x86c660) returned 0x3 [0158.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c660, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0158.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c660, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0158.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c660, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x8882c8) returned 0x0 [0158.955] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8882c8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.955] WbemDefPath:IUnknown:Release (This=0x8882c8) returned 0x3 [0158.955] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0158.955] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0158.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c660, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0158.955] WbemDefPath:IUnknown:Release (This=0x86c660) returned 0x2 [0158.955] WbemDefPath:IUnknown:Release (This=0x86c660) returned 0x1 [0158.955] SetEvent (hEvent=0x3c4) returned 1 [0243.934] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x888378) returned 0x0 [0243.935] WbemDefPath:IUnknown:QueryInterface (in: This=0x888378, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0243.935] WbemDefPath:IClassFactory:CreateInstance (in: This=0x888378, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c740) returned 0x0 [0243.935] WbemDefPath:IUnknown:Release (This=0x888378) returned 0x0 [0243.935] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c740, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c740) returned 0x0 [0243.935] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c740, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0243.935] WbemDefPath:IUnknown:AddRef (This=0x86c740) returned 0x3 [0243.935] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c740, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0243.935] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c740, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0243.936] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c740, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x888388) returned 0x0 [0243.936] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x888388, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0243.936] WbemDefPath:IUnknown:Release (This=0x888388) returned 0x3 [0243.936] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0243.936] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0243.936] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c740, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0243.936] WbemDefPath:IUnknown:Release (This=0x86c740) returned 0x2 [0243.936] WbemDefPath:IUnknown:Release (This=0x86c740) returned 0x1 [0243.936] SetEvent (hEvent=0x418) returned 1 [0244.055] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x81a2f8) returned 0x0 [0244.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x81a2f8, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0244.056] WbemDefPath:IClassFactory:CreateInstance (in: This=0x81a2f8, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c7b0) returned 0x0 [0244.056] WbemDefPath:IUnknown:Release (This=0x81a2f8) returned 0x0 [0244.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c7b0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c7b0) returned 0x0 [0244.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c7b0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0244.056] WbemDefPath:IUnknown:AddRef (This=0x86c7b0) returned 0x3 [0244.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c7b0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0244.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c7b0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0244.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c7b0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x888568) returned 0x0 [0244.056] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x888568, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0244.056] WbemDefPath:IUnknown:Release (This=0x888568) returned 0x3 [0244.056] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0244.056] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0244.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c7b0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0244.057] WbemDefPath:IUnknown:Release (This=0x86c7b0) returned 0x2 [0244.057] WbemDefPath:IUnknown:Release (This=0x86c7b0) returned 0x1 [0244.057] SetEvent (hEvent=0x470) returned 1 [0245.573] CoGetClassObject (in: rclsid=0x848914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x557ee38 | out: ppv=0x557ee38*=0x4e614a8) returned 0x0 [0245.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x4e614a8, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x557f050 | out: ppvObject=0x557f050*=0x0) returned 0x80004002 [0245.573] WbemDefPath:IClassFactory:CreateInstance (in: This=0x4e614a8, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557f05c | out: ppvObject=0x557f05c*=0x86c820) returned 0x0 [0245.573] WbemDefPath:IUnknown:Release (This=0x4e614a8) returned 0x0 [0245.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c820, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ec7c | out: ppvObject=0x557ec7c*=0x86c820) returned 0x0 [0245.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c820, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x557ec30 | out: ppvObject=0x557ec30*=0x0) returned 0x80004002 [0245.574] WbemDefPath:IUnknown:AddRef (This=0x86c820) returned 0x3 [0245.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c820, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x557e58c | out: ppvObject=0x557e58c*=0x0) returned 0x80004002 [0245.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c820, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x557e53c | out: ppvObject=0x557e53c*=0x0) returned 0x80004002 [0245.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c820, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557e548 | out: ppvObject=0x557e548*=0x4e614b8) returned 0x0 [0245.574] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x4e614b8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x557e550 | out: pCid=0x557e550*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0245.574] WbemDefPath:IUnknown:Release (This=0x4e614b8) returned 0x3 [0245.574] CoGetContextToken (in: pToken=0x557e5a8 | out: pToken=0x557e5a8) returned 0x0 [0245.574] CoGetContextToken (in: pToken=0x557e9bc | out: pToken=0x557e9bc) returned 0x0 [0245.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x86c820, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x557ea3c | out: ppvObject=0x557ea3c*=0x0) returned 0x80004002 [0245.574] WbemDefPath:IUnknown:Release (This=0x86c820) returned 0x2 [0245.574] WbemDefPath:IUnknown:Release (This=0x86c820) returned 0x1 [0245.574] SetEvent (hEvent=0x4a0) returned 1 Thread: id = 76 os_tid = 0xfac [0148.282] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0148.282] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x579f1d4 | out: lpiid=0x579f1d4) returned 0x0 [0148.284] CoGetClassObject (in: rclsid=0x8489a4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x579eef0 | out: ppv=0x579eef0*=0x84a2e0) returned 0x0 [0148.284] WbemLocator:IUnknown:QueryInterface (in: This=0x84a2e0, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x579f108 | out: ppvObject=0x579f108*=0x0) returned 0x80004002 [0148.284] WbemLocator:IClassFactory:CreateInstance (in: This=0x84a2e0, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579f114 | out: ppvObject=0x579f114*=0x83f3f0) returned 0x0 [0148.284] WbemLocator:IUnknown:Release (This=0x84a2e0) returned 0x0 [0148.284] WbemLocator:IUnknown:QueryInterface (in: This=0x83f3f0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579ed34 | out: ppvObject=0x579ed34*=0x83f3f0) returned 0x0 [0148.285] WbemLocator:IUnknown:QueryInterface (in: This=0x83f3f0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x579ece8 | out: ppvObject=0x579ece8*=0x0) returned 0x80004002 [0148.285] WbemLocator:IUnknown:AddRef (This=0x83f3f0) returned 0x3 [0148.285] WbemLocator:IUnknown:QueryInterface (in: This=0x83f3f0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x579e644 | out: ppvObject=0x579e644*=0x0) returned 0x80004002 [0148.285] WbemLocator:IUnknown:QueryInterface (in: This=0x83f3f0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x579e5f4 | out: ppvObject=0x579e5f4*=0x0) returned 0x80004002 [0148.285] WbemLocator:IUnknown:QueryInterface (in: This=0x83f3f0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579e600 | out: ppvObject=0x579e600*=0x0) returned 0x80004002 [0148.285] CoGetContextToken (in: pToken=0x579e660 | out: pToken=0x579e660) returned 0x0 [0148.285] CoGetObjectContext (in: riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x84a2e4 | out: ppv=0x84a2e4*=0x7eee68) returned 0x0 [0148.288] CoGetContextToken (in: pToken=0x579ea74 | out: pToken=0x579ea74) returned 0x0 [0148.288] WbemLocator:IUnknown:QueryInterface (in: This=0x83f3f0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579eaf4 | out: ppvObject=0x579eaf4*=0x0) returned 0x80004002 [0148.288] WbemLocator:IUnknown:Release (This=0x83f3f0) returned 0x2 [0148.288] WbemLocator:IUnknown:Release (This=0x83f3f0) returned 0x1 [0148.288] CoGetContextToken (in: pToken=0x579f0ec | out: pToken=0x579f0ec) returned 0x0 [0148.288] CoGetContextToken (in: pToken=0x579f04c | out: pToken=0x579f04c) returned 0x0 [0148.288] WbemLocator:IUnknown:QueryInterface (in: This=0x83f3f0, riid=0x579f11c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x579f118 | out: ppvObject=0x579f118*=0x83f3f0) returned 0x0 [0148.288] WbemLocator:IUnknown:AddRef (This=0x83f3f0) returned 0x3 [0148.288] WbemLocator:IUnknown:Release (This=0x83f3f0) returned 0x2 [0148.295] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a930, puCount=0x579f2ac | out: puCount=0x579f2ac*=0x2) returned 0x0 [0148.295] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=8, puBuffLength=0x579f2a8*=0x0, pszText=0x0 | out: puBuffLength=0x579f2a8*=0xf, pszText=0x0) returned 0x0 [0148.296] WbemDefPath:IWbemPath:GetText (in: This=0x81a930, lFlags=8, puBuffLength=0x579f2a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x579f2a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x579e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0148.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x579e9f8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0148.423] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6dd30000 [0148.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x579ea2c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymâm9/® Dþ\x0fr\x08íy\x05\x01", lpUsedDefaultChar=0x0) returned 13 [0148.994] GetProcAddress (hModule=0x6dd30000, lpProcName="ResetSecurity") returned 0x6dd37dd0 [0149.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x579ea2c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0149.009] GetProcAddress (hModule=0x6dd30000, lpProcName="SetSecurity") returned 0x6dd37e20 [0149.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x579ea28, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 18 [0149.027] GetProcAddress (hModule=0x6dd30000, lpProcName="BlessIWbemServices") returned 0x6dd36e70 [0149.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x579ea20, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 24 [0149.076] GetProcAddress (hModule=0x6dd30000, lpProcName="BlessIWbemServicesObject") returned 0x6dd36ed0 [0149.117] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x579ea28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 17 [0149.118] GetProcAddress (hModule=0x6dd30000, lpProcName="GetPropertyHandle") returned 0x6dd37820 [0149.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x579ea28, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 18 [0149.139] GetProcAddress (hModule=0x6dd30000, lpProcName="WritePropertyValue") returned 0x6dd37fa0 [0149.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x579ea34, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonemâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 5 [0149.169] GetProcAddress (hModule=0x6dd30000, lpProcName="Clone") returned 0x6dd36f30 [0149.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x579ea28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0149.183] GetProcAddress (hModule=0x6dd30000, lpProcName="VerifyClientKey") returned 0x6dd37f20 [0149.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x579ea28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0149.191] GetProcAddress (hModule=0x6dd30000, lpProcName="GetQualifierSet") returned 0x6dd378e0 [0149.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x579ea34, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0149.194] GetProcAddress (hModule=0x6dd30000, lpProcName="Get") returned 0x6dd375c0 [0149.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x579ea34, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0149.223] GetProcAddress (hModule=0x6dd30000, lpProcName="Put") returned 0x6dd37a00 [0149.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x579ea34, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Deleteâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 6 [0149.251] GetProcAddress (hModule=0x6dd30000, lpProcName="Delete") returned 0x6dd37300 [0149.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x579ea30, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 8 [0149.266] GetProcAddress (hModule=0x6dd30000, lpProcName="GetNames") returned 0x6dd377c0 [0149.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x579ea28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 16 [0149.296] GetProcAddress (hModule=0x6dd30000, lpProcName="BeginEnumeration") returned 0x6dd36e30 [0149.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x579ea34, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 4 [0149.313] GetProcAddress (hModule=0x6dd30000, lpProcName="Next") returned 0x6dd379a0 [0149.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x579ea2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 14 [0149.330] GetProcAddress (hModule=0x6dd30000, lpProcName="EndEnumeration") returned 0x6dd373c0 [0149.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x579ea20, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0149.338] GetProcAddress (hModule=0x6dd30000, lpProcName="GetPropertyQualifierSet") returned 0x6dd378b0 [0149.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x579ea34, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonemâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 5 [0149.351] GetProcAddress (hModule=0x6dd30000, lpProcName="Clone") returned 0x6dd36f30 [0149.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x579ea2c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 13 [0149.352] GetProcAddress (hModule=0x6dd30000, lpProcName="GetObjectText") returned 0x6dd377f0 [0149.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x579ea28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 17 [0149.367] GetProcAddress (hModule=0x6dd30000, lpProcName="SpawnDerivedClass") returned 0x6dd37e80 [0149.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x579ea2c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancemâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 13 [0149.379] GetProcAddress (hModule=0x6dd30000, lpProcName="SpawnInstance") returned 0x6dd37eb0 [0149.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x579ea30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTomâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 9 [0149.381] GetProcAddress (hModule=0x6dd30000, lpProcName="CompareTo") returned 0x6dd37020 [0149.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x579ea28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 17 [0149.392] GetProcAddress (hModule=0x6dd30000, lpProcName="GetPropertyOrigin") returned 0x6dd37880 [0149.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x579ea2c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 12 [0149.408] GetProcAddress (hModule=0x6dd30000, lpProcName="InheritsFrom") returned 0x6dd37900 [0149.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x579ea30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 9 [0149.410] GetProcAddress (hModule=0x6dd30000, lpProcName="GetMethod") returned 0x6dd37730 [0149.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x579ea30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 9 [0149.427] GetProcAddress (hModule=0x6dd30000, lpProcName="PutMethod") returned 0x6dd37bf0 [0149.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x579ea2c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 12 [0149.445] GetProcAddress (hModule=0x6dd30000, lpProcName="DeleteMethod") returned 0x6dd37320 [0149.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x579ea24, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 22 [0149.446] GetProcAddress (hModule=0x6dd30000, lpProcName="BeginMethodEnumeration") returned 0x6dd36e50 [0149.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x579ea30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 10 [0149.448] GetProcAddress (hModule=0x6dd30000, lpProcName="NextMethod") returned 0x6dd379d0 [0149.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x579ea24, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 20 [0149.462] GetProcAddress (hModule=0x6dd30000, lpProcName="EndMethodEnumeration") returned 0x6dd373e0 [0149.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x579ea24, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 21 [0149.464] GetProcAddress (hModule=0x6dd30000, lpProcName="GetMethodQualifierSet") returned 0x6dd37790 [0149.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x579ea28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0149.466] GetProcAddress (hModule=0x6dd30000, lpProcName="GetMethodOrigin") returned 0x6dd37760 [0149.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x579ea28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 16 [0149.468] GetProcAddress (hModule=0x6dd30000, lpProcName="QualifierSet_Get") returned 0x6dd37c80 [0149.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x579ea28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 16 [0149.484] GetProcAddress (hModule=0x6dd30000, lpProcName="QualifierSet_Put") returned 0x6dd37d10 [0149.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x579ea24, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0149.500] GetProcAddress (hModule=0x6dd30000, lpProcName="QualifierSet_Delete") returned 0x6dd37c40 [0149.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x579ea24, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNamesmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 21 [0149.502] GetProcAddress (hModule=0x6dd30000, lpProcName="QualifierSet_GetNames") returned 0x6dd37cb0 [0149.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x579ea1c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumerationmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 29 [0149.517] GetProcAddress (hModule=0x6dd30000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6dd37c20 [0149.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x579ea28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Nextmâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 17 [0149.519] GetProcAddress (hModule=0x6dd30000, lpProcName="QualifierSet_Next") returned 0x6dd37ce0 [0149.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x579ea1c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0149.525] GetProcAddress (hModule=0x6dd30000, lpProcName="QualifierSet_EndEnumeration") returned 0x6dd37c60 [0149.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x579ea20, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0149.526] GetProcAddress (hModule=0x6dd30000, lpProcName="GetCurrentApartmentType") returned 0x6dd378e0 [0149.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x579ea24, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 20 [0149.527] GetProcAddress (hModule=0x6dd30000, lpProcName="GetDemultiplexedStub") returned 0x6dd375f0 [0149.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x579ea24, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmimâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 21 [0149.528] GetProcAddress (hModule=0x6dd30000, lpProcName="CreateInstanceEnumWmi") returned 0x6dd37230 [0149.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x579ea28, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 18 [0149.549] GetProcAddress (hModule=0x6dd30000, lpProcName="CreateClassEnumWmi") returned 0x6dd37160 [0149.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x579ea2c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 12 [0149.551] GetProcAddress (hModule=0x6dd30000, lpProcName="ExecQueryWmi") returned 0x6dd374e0 [0149.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x579ea20, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 24 [0149.583] GetProcAddress (hModule=0x6dd30000, lpProcName="ExecNotificationQueryWmi") returned 0x6dd37400 [0149.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x579ea2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 14 [0149.585] GetProcAddress (hModule=0x6dd30000, lpProcName="PutInstanceWmi") returned 0x6dd37b10 [0149.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x579ea2c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0149.613] GetProcAddress (hModule=0x6dd30000, lpProcName="PutClassWmi") returned 0x6dd37a30 [0149.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x579ea20, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 24 [0149.616] GetProcAddress (hModule=0x6dd30000, lpProcName="CloneEnumWbemClassObject") returned 0x6dd36f50 [0149.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x579ea28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 16 [0149.623] GetProcAddress (hModule=0x6dd30000, lpProcName="ConnectServerWmi") returned 0x6dd37050 [0149.630] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetErrorInfo", cchWideChar=12, lpMultiByteStr=0x579ea2c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetErrorInfo»mâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 12 [0149.631] GetProcAddress (hModule=0x6dd30000, lpProcName="GetErrorInfo") returned 0x6dd37650 [0149.631] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Initialize", cchWideChar=10, lpMultiByteStr=0x579ea30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Initializeâm9/® Dþ\x0fr\x08íy\x05", lpUsedDefaultChar=0x0) returned 10 [0149.632] GetProcAddress (hModule=0x6dd30000, lpProcName="Initialize") returned 0x6dd37920 [0149.633] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x579e9e0 | out: phkResult=0x579e9e0*=0x31c) returned 0x0 [0149.634] RegQueryValueExW (in: hKey=0x31c, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x579e9fc, lpData=0x0, lpcbData=0x579e9f8*=0x0 | out: lpType=0x579e9fc*=0x0, lpData=0x0, lpcbData=0x579e9f8*=0x0) returned 0x2 [0149.634] RegCloseKey (hKey=0x31c) returned 0x0 [0149.634] CoCreateInstance (in: rclsid=0x6dd33734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dd33794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x579f158 | out: ppv=0x579f158*=0x83f430) returned 0x0 [0149.634] WbemLocator:IWbemLocator:ConnectServer (in: This=0x83f430, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x579f1f8 | out: ppNamespace=0x579f1f8*=0x852620) returned 0x0 [0149.644] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579f07c | out: ppvObject=0x579f07c*=0x84f474) returned 0x0 [0149.644] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x84f474, pProxy=0x852620, pAuthnSvc=0x579f0cc, pAuthzSvc=0x579f0c8, pServerPrincName=0x579f0c0, pAuthnLevel=0x579f0c4, pImpLevel=0x579f0b4, pAuthInfo=0x579f0b8, pCapabilites=0x579f0bc | out: pAuthnSvc=0x579f0cc*=0xa, pAuthzSvc=0x579f0c8*=0x0, pServerPrincName=0x579f0c0, pAuthnLevel=0x579f0c4*=0x6, pImpLevel=0x579f0b4*=0x2, pAuthInfo=0x579f0b8, pCapabilites=0x579f0bc*=0x1) returned 0x0 [0149.644] WbemLocator:IUnknown:Release (This=0x84f474) returned 0x1 [0149.645] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579f070 | out: ppvObject=0x579f070*=0x84f494) returned 0x0 [0149.645] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579f05c | out: ppvObject=0x579f05c*=0x84f474) returned 0x0 [0149.645] WbemLocator:IClientSecurity:SetBlanket (This=0x84f474, pProxy=0x852620, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0149.645] WbemLocator:IUnknown:Release (This=0x84f474) returned 0x2 [0149.645] WbemLocator:IUnknown:Release (This=0x84f494) returned 0x1 [0149.645] CoTaskMemFree (pv=0x848a58) [0149.645] WbemLocator:IUnknown:AddRef (This=0x852620) returned 0x2 [0149.645] WbemLocator:IUnknown:Release (This=0x83f430) returned 0x0 [0149.646] CoGetContextToken (in: pToken=0x579e5b0 | out: pToken=0x579e5b0) returned 0x0 [0149.646] CoGetContextToken (in: pToken=0x579e9c4 | out: pToken=0x579e9c4) returned 0x0 [0149.646] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x579e95c | out: ppvObject=0x579e95c*=0x84f47c) returned 0x0 [0149.647] WbemLocator:IRpcOptions:Query (in: This=0x84f47c, pPrx=0x84a460, dwProperty=2, pdwValue=0x579ea50 | out: pdwValue=0x579ea50) returned 0x80004002 [0149.647] WbemLocator:IUnknown:Release (This=0x84f47c) returned 0x2 [0149.647] CoGetContextToken (in: pToken=0x579ef94 | out: pToken=0x579ef94) returned 0x0 [0149.647] CoGetContextToken (in: pToken=0x579eef4 | out: pToken=0x579eef4) returned 0x0 [0149.647] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x579efc4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x579ee90 | out: ppvObject=0x579ee90*=0x852620) returned 0x0 [0149.647] WbemLocator:IUnknown:Release (This=0x852620) returned 0x2 [0149.654] SysStringLen (param_1=0x0) returned 0x0 [0149.655] CoUninitialize () Thread: id = 77 os_tid = 0xfb0 [0149.672] CoGetContextToken (in: pToken=0x579f410 | out: pToken=0x579f410) returned 0x0 [0149.672] CoGetContextToken (in: pToken=0x579f3fc | out: pToken=0x579f3fc) returned 0x0 [0149.672] CoGetMarshalSizeMax (in: pulSize=0x579f3b8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x84a460, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x579f3b8) returned 0x0 [0149.674] CoMarshalInterface (pStm=0x824408, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x84a460, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 78 os_tid = 0xfb4 [0149.680] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x8251f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x569f210 | out: ppvObject=0x569f210*=0x852620) returned 0x0 [0149.680] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x569f1ac | out: ppvObject=0x569f1ac*=0x852620) returned 0x0 [0149.680] WbemLocator:IUnknown:QueryInterface (in: This=0x852620, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x569f164 | out: ppvObject=0x569f164*=0x852620) returned 0x0 [0149.682] IWbemServices:GetObject (in: This=0x852620, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x569f328*=0x0, ppCallResult=0x0 | out: ppObject=0x569f328*=0x867ac0, ppCallResult=0x0) returned 0x0 [0158.506] CoGetContextToken (in: pToken=0x569f328 | out: pToken=0x569f328) returned 0x0 [0158.507] CoGetContextToken (in: pToken=0x569f314 | out: pToken=0x569f314) returned 0x0 [0158.507] CoGetMarshalSizeMax (in: pulSize=0x569f2d0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x873550, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x569f2d0) returned 0x0 [0158.507] CoMarshalInterface (pStm=0x824468, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x873550, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0158.509] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x8253d8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x569f210 | out: ppvObject=0x569f210*=0x8529e0) returned 0x0 [0158.509] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x569f1ac | out: ppvObject=0x569f1ac*=0x8529e0) returned 0x0 [0158.510] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x569f164 | out: ppvObject=0x569f164*=0x8529e0) returned 0x0 [0158.511] IWbemServices:GetObject (in: This=0x8529e0, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x569f328*=0x0, ppCallResult=0x0 | out: ppObject=0x569f328*=0x86fdd8, ppCallResult=0x0) returned 0x0 Thread: id = 80 os_tid = 0xfbc [0158.483] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0158.485] CoGetClassObject (in: rclsid=0x8489a4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x59fef90 | out: ppv=0x59fef90*=0x863378) returned 0x0 [0158.485] WbemLocator:IUnknown:QueryInterface (in: This=0x863378, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x59ff1a8 | out: ppvObject=0x59ff1a8*=0x0) returned 0x80004002 [0158.485] WbemLocator:IClassFactory:CreateInstance (in: This=0x863378, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59ff1b4 | out: ppvObject=0x59ff1b4*=0x8728d0) returned 0x0 [0158.485] WbemLocator:IUnknown:Release (This=0x863378) returned 0x0 [0158.485] WbemLocator:IUnknown:QueryInterface (in: This=0x8728d0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59fedd4 | out: ppvObject=0x59fedd4*=0x8728d0) returned 0x0 [0158.485] WbemLocator:IUnknown:QueryInterface (in: This=0x8728d0, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x59fed88 | out: ppvObject=0x59fed88*=0x0) returned 0x80004002 [0158.486] WbemLocator:IUnknown:AddRef (This=0x8728d0) returned 0x3 [0158.486] WbemLocator:IUnknown:QueryInterface (in: This=0x8728d0, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x59fe6e4 | out: ppvObject=0x59fe6e4*=0x0) returned 0x80004002 [0158.486] WbemLocator:IUnknown:QueryInterface (in: This=0x8728d0, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x59fe694 | out: ppvObject=0x59fe694*=0x0) returned 0x80004002 [0158.486] WbemLocator:IUnknown:QueryInterface (in: This=0x8728d0, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59fe6a0 | out: ppvObject=0x59fe6a0*=0x0) returned 0x80004002 [0158.486] CoGetContextToken (in: pToken=0x59fe700 | out: pToken=0x59fe700) returned 0x0 [0158.486] CoGetContextToken (in: pToken=0x59feb14 | out: pToken=0x59feb14) returned 0x0 [0158.486] WbemLocator:IUnknown:QueryInterface (in: This=0x8728d0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59feb94 | out: ppvObject=0x59feb94*=0x0) returned 0x80004002 [0158.486] WbemLocator:IUnknown:Release (This=0x8728d0) returned 0x2 [0158.487] WbemLocator:IUnknown:Release (This=0x8728d0) returned 0x1 [0158.487] CoGetContextToken (in: pToken=0x59ff18c | out: pToken=0x59ff18c) returned 0x0 [0158.487] CoGetContextToken (in: pToken=0x59ff0ec | out: pToken=0x59ff0ec) returned 0x0 [0158.487] WbemLocator:IUnknown:QueryInterface (in: This=0x8728d0, riid=0x59ff1bc*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x59ff1b8 | out: ppvObject=0x59ff1b8*=0x8728d0) returned 0x0 [0158.487] WbemLocator:IUnknown:AddRef (This=0x8728d0) returned 0x3 [0158.487] WbemLocator:IUnknown:Release (This=0x8728d0) returned 0x2 [0158.487] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81ab60, puCount=0x59ff34c | out: puCount=0x59ff34c*=0x2) returned 0x0 [0158.487] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=8, puBuffLength=0x59ff348*=0x0, pszText=0x0 | out: puBuffLength=0x59ff348*=0xf, pszText=0x0) returned 0x0 [0158.487] WbemDefPath:IWbemPath:GetText (in: This=0x81ab60, lFlags=8, puBuffLength=0x59ff348*=0xf, pszText="00000000000000" | out: puBuffLength=0x59ff348*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.487] CoCreateInstance (in: rclsid=0x6dd33734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dd33794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x59ff1f8 | out: ppv=0x59ff1f8*=0x8728f0) returned 0x0 [0158.487] WbemLocator:IWbemLocator:ConnectServer (in: This=0x8728f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x59ff298 | out: ppNamespace=0x59ff298*=0x8529e0) returned 0x0 [0158.494] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59ff11c | out: ppvObject=0x59ff11c*=0x84f924) returned 0x0 [0158.494] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x84f924, pProxy=0x8529e0, pAuthnSvc=0x59ff16c, pAuthzSvc=0x59ff168, pServerPrincName=0x59ff160, pAuthnLevel=0x59ff164, pImpLevel=0x59ff154, pAuthInfo=0x59ff158, pCapabilites=0x59ff15c | out: pAuthnSvc=0x59ff16c*=0xa, pAuthzSvc=0x59ff168*=0x0, pServerPrincName=0x59ff160, pAuthnLevel=0x59ff164*=0x6, pImpLevel=0x59ff154*=0x2, pAuthInfo=0x59ff158, pCapabilites=0x59ff15c*=0x1) returned 0x0 [0158.494] WbemLocator:IUnknown:Release (This=0x84f924) returned 0x1 [0158.494] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59ff110 | out: ppvObject=0x59ff110*=0x84f944) returned 0x0 [0158.494] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59ff0fc | out: ppvObject=0x59ff0fc*=0x84f924) returned 0x0 [0158.494] WbemLocator:IClientSecurity:SetBlanket (This=0x84f924, pProxy=0x8529e0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.495] WbemLocator:IUnknown:Release (This=0x84f924) returned 0x2 [0158.495] WbemLocator:IUnknown:Release (This=0x84f944) returned 0x1 [0158.495] CoTaskMemFree (pv=0x848c98) [0158.495] WbemLocator:IUnknown:AddRef (This=0x8529e0) returned 0x2 [0158.495] WbemLocator:IUnknown:Release (This=0x8728f0) returned 0x0 [0158.496] CoGetContextToken (in: pToken=0x59fe650 | out: pToken=0x59fe650) returned 0x0 [0158.496] CoGetContextToken (in: pToken=0x59fea64 | out: pToken=0x59fea64) returned 0x0 [0158.496] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59fe9fc | out: ppvObject=0x59fe9fc*=0x84f92c) returned 0x0 [0158.496] WbemLocator:IRpcOptions:Query (in: This=0x84f92c, pPrx=0x873550, dwProperty=2, pdwValue=0x59feaf0 | out: pdwValue=0x59feaf0) returned 0x80004002 [0158.497] WbemLocator:IUnknown:Release (This=0x84f92c) returned 0x2 [0158.497] CoGetContextToken (in: pToken=0x59ff034 | out: pToken=0x59ff034) returned 0x0 [0158.497] CoGetContextToken (in: pToken=0x59fef94 | out: pToken=0x59fef94) returned 0x0 [0158.497] WbemLocator:IUnknown:QueryInterface (in: This=0x8529e0, riid=0x59ff064*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x59fef30 | out: ppvObject=0x59fef30*=0x8529e0) returned 0x0 [0158.497] WbemLocator:IUnknown:Release (This=0x8529e0) returned 0x2 [0158.497] SysStringLen (param_1=0x0) returned 0x0 [0158.498] CoUninitialize () Thread: id = 81 os_tid = 0xfc0 [0159.122] CoGetContextToken (in: pToken=0x580f92c | out: pToken=0x580f92c) returned 0x0 [0159.124] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x580f950 | out: ppvObject=0x580f950*=0x7eee74) returned 0x0 [0159.124] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x580f97c | out: pThreadType=0x580f97c*=0) returned 0x0 [0159.124] IUnknown:Release (This=0x7eee74) returned 0x1 [0159.125] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 82 os_tid = 0xfc4 [0159.241] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0159.251] CoGetContextToken (in: pToken=0x590fad4 | out: pToken=0x590fad4) returned 0x0 [0159.251] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x590faf8 | out: ppvObject=0x590faf8*=0x7eee74) returned 0x0 [0159.252] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x590fb24 | out: pThreadType=0x590fb24*=0) returned 0x0 [0159.252] IUnknown:Release (This=0x7eee74) returned 0x1 [0159.252] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0159.252] CoUninitialize () [0179.356] CoUninitialize () Thread: id = 83 os_tid = 0xfc8 Thread: id = 84 os_tid = 0xfdc [0189.225] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0189.227] CoGetContextToken (in: pToken=0x56bf654 | out: pToken=0x56bf654) returned 0x0 [0189.227] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x56bf678 | out: ppvObject=0x56bf678*=0x7eee74) returned 0x0 [0189.227] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x56bf6a4 | out: pThreadType=0x56bf6a4*=0) returned 0x0 [0189.227] IUnknown:Release (This=0x7eee74) returned 0x1 [0189.227] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0189.227] CoUninitialize () [0189.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x56bf23c | out: lpSystemTimeAsFileTime=0x56bf23c*(dwLowDateTime=0xeed281f0, dwHighDateTime=0x1d7b380)) [0189.269] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x56beeac | out: pTimeZoneInformation=0x56beeac) returned 0x2 [0189.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x56bef90 | out: phkResult=0x56bef90*=0x374) returned 0x0 [0189.316] RegQueryValueExW (in: hKey=0x374, lpValueName="TZI", lpReserved=0x0, lpType=0x56befac, lpData=0x0, lpcbData=0x56befa8*=0x0 | out: lpType=0x56befac*=0x3, lpData=0x0, lpcbData=0x56befa8*=0x2c) returned 0x0 [0189.316] RegQueryValueExW (in: hKey=0x374, lpValueName="TZI", lpReserved=0x0, lpType=0x56befac, lpData=0x24deeac, lpcbData=0x56befa8*=0x2c | out: lpType=0x56befac*=0x3, lpData=0x24deeac*, lpcbData=0x56befa8*=0x2c) returned 0x0 [0189.317] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x56bede4 | out: phkResult=0x56bede4*=0x0) returned 0x2 [0189.319] RegQueryValueExW (in: hKey=0x374, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x56bef84, lpData=0x0, lpcbData=0x56bef80*=0x0 | out: lpType=0x56bef84*=0x1, lpData=0x0, lpcbData=0x56bef80*=0x20) returned 0x0 [0189.319] RegQueryValueExW (in: hKey=0x374, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x56bef84, lpData=0x24df3b8, lpcbData=0x56bef80*=0x20 | out: lpType=0x56bef84*=0x1, lpData="@tzres.dll,-320", lpcbData=0x56bef80*=0x20) returned 0x0 [0189.319] RegQueryValueExW (in: hKey=0x374, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x56bef84, lpData=0x0, lpcbData=0x56bef80*=0x0 | out: lpType=0x56bef84*=0x1, lpData=0x0, lpcbData=0x56bef80*=0x20) returned 0x0 [0189.319] RegQueryValueExW (in: hKey=0x374, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x56bef84, lpData=0x24df410, lpcbData=0x56bef80*=0x20 | out: lpType=0x56bef84*=0x1, lpData="@tzres.dll,-322", lpcbData=0x56bef80*=0x20) returned 0x0 [0189.319] RegQueryValueExW (in: hKey=0x374, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x56bef84, lpData=0x0, lpcbData=0x56bef80*=0x0 | out: lpType=0x56bef84*=0x1, lpData=0x0, lpcbData=0x56bef80*=0x20) returned 0x0 [0189.319] RegQueryValueExW (in: hKey=0x374, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x56bef84, lpData=0x24df468, lpcbData=0x56bef80*=0x20 | out: lpType=0x56bef84*=0x1, lpData="@tzres.dll,-321", lpcbData=0x56bef80*=0x20) returned 0x0 [0189.329] CoTaskMemAlloc (cb=0x20c) returned 0x8589e0 [0189.329] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x8589e0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0189.332] CoTaskMemFree (pv=0x8589e0) [0189.333] CoTaskMemAlloc (cb=0x20c) returned 0x8589e0 [0189.333] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x56befa0, pwszFileMUIPath=0x8589e0, pcchFileMUIPath=0x56befa4, pululEnumerator=0x56bef98 | out: pwszLanguage=0x0, pcchLanguage=0x56befa0, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x56befa4, pululEnumerator=0x56bef98) returned 1 [0189.340] CoTaskMemFree (pv=0x0) [0189.340] CoTaskMemFree (pv=0x8589e0) [0189.341] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0189.344] CoTaskMemAlloc (cb=0x3ec) returned 0x89abf0 [0189.344] LoadStringW (in: hInstance=0x3d0001, uID=0x140, lpBuffer=0x89abf0, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0189.344] CoTaskMemFree (pv=0x89abf0) [0189.345] FreeLibrary (hLibModule=0x3d0001) returned 1 [0189.345] CoTaskMemAlloc (cb=0x20c) returned 0x8589e0 [0189.345] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x8589e0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0189.345] CoTaskMemFree (pv=0x8589e0) [0189.345] CoTaskMemAlloc (cb=0x20c) returned 0x8589e0 [0189.345] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x56befa0, pwszFileMUIPath=0x8589e0, pcchFileMUIPath=0x56befa4, pululEnumerator=0x56bef98 | out: pwszLanguage=0x0, pcchLanguage=0x56befa0, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x56befa4, pululEnumerator=0x56bef98) returned 1 [0189.348] CoTaskMemFree (pv=0x0) [0189.348] CoTaskMemFree (pv=0x8589e0) [0189.348] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0189.351] CoTaskMemAlloc (cb=0x3ec) returned 0x89abf0 [0189.351] LoadStringW (in: hInstance=0x3d0001, uID=0x142, lpBuffer=0x89abf0, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0189.351] CoTaskMemFree (pv=0x89abf0) [0189.351] FreeLibrary (hLibModule=0x3d0001) returned 1 [0189.352] CoTaskMemAlloc (cb=0x20c) returned 0x8589e0 [0189.352] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x8589e0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0189.352] CoTaskMemFree (pv=0x8589e0) [0189.352] CoTaskMemAlloc (cb=0x20c) returned 0x8589e0 [0189.352] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x56befa0, pwszFileMUIPath=0x8589e0, pcchFileMUIPath=0x56befa4, pululEnumerator=0x56bef98 | out: pwszLanguage=0x0, pcchLanguage=0x56befa0, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x56befa4, pululEnumerator=0x56bef98) returned 1 [0189.355] CoTaskMemFree (pv=0x0) [0189.355] CoTaskMemFree (pv=0x8589e0) [0189.356] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0189.359] CoTaskMemAlloc (cb=0x3ec) returned 0x89abf0 [0189.359] LoadStringW (in: hInstance=0x3d0001, uID=0x141, lpBuffer=0x89abf0, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0189.359] CoTaskMemFree (pv=0x89abf0) [0189.359] FreeLibrary (hLibModule=0x3d0001) returned 1 [0189.360] RegCloseKey (hKey=0x374) returned 0x0 [0189.384] GetLastInputInfo (in: plii=0x2442328 | out: plii=0x2442328*(cbSize=0x8, dwTime=0x1a0f464)) returned 1 [0209.410] CoUninitialize () Thread: id = 85 os_tid = 0xfe0 Thread: id = 86 os_tid = 0xfe4 [0189.388] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0189.389] CoGetContextToken (in: pToken=0x598f414 | out: pToken=0x598f414) returned 0x0 [0189.389] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x598f438 | out: ppvObject=0x598f438*=0x7eee74) returned 0x0 [0189.389] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x598f464 | out: pThreadType=0x598f464*=0) returned 0x0 [0189.389] IUnknown:Release (This=0x7eee74) returned 0x1 [0189.389] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0189.389] CoUninitialize () [0209.400] CoUninitialize () Thread: id = 87 os_tid = 0xaf4 [0219.251] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0219.253] CoGetContextToken (in: pToken=0x573f9b4 | out: pToken=0x573f9b4) returned 0x0 [0219.253] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x573f9d8 | out: ppvObject=0x573f9d8*=0x7eee74) returned 0x0 [0219.253] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x573fa04 | out: pThreadType=0x573fa04*=0) returned 0x0 [0219.253] IUnknown:Release (This=0x7eee74) returned 0x1 [0219.253] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0219.253] CoUninitialize () [0219.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x573f59c | out: lpSystemTimeAsFileTime=0x573f59c*(dwLowDateTime=0xb3f610, dwHighDateTime=0x1d7b381)) [0219.256] GetLastInputInfo (in: plii=0x2442328 | out: plii=0x2442328*(cbSize=0x8, dwTime=0x1a16a3f)) returned 1 [0239.275] CoUninitialize () Thread: id = 88 os_tid = 0xb00 Thread: id = 89 os_tid = 0xb08 [0219.264] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0219.265] CoGetContextToken (in: pToken=0x5a4f6c4 | out: pToken=0x5a4f6c4) returned 0x0 [0219.265] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a4f6e8 | out: ppvObject=0x5a4f6e8*=0x7eee74) returned 0x0 [0219.265] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x5a4f714 | out: pThreadType=0x5a4f714*=0) returned 0x0 [0219.265] IUnknown:Release (This=0x7eee74) returned 0x1 [0219.265] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0219.265] CoUninitialize () [0239.279] CoUninitialize () Thread: id = 91 os_tid = 0xb90 [0243.943] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0243.944] CoGetClassObject (in: rclsid=0x8489a4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x577ed90 | out: ppv=0x577ed90*=0x4e448f8) returned 0x0 [0243.945] WbemLocator:IUnknown:QueryInterface (in: This=0x4e448f8, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x577efa8 | out: ppvObject=0x577efa8*=0x0) returned 0x80004002 [0243.945] WbemLocator:IClassFactory:CreateInstance (in: This=0x4e448f8, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577efb4 | out: ppvObject=0x577efb4*=0x888458) returned 0x0 [0243.945] WbemLocator:IUnknown:Release (This=0x4e448f8) returned 0x0 [0243.945] WbemLocator:IUnknown:QueryInterface (in: This=0x888458, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577ebd4 | out: ppvObject=0x577ebd4*=0x888458) returned 0x0 [0243.945] WbemLocator:IUnknown:QueryInterface (in: This=0x888458, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x577eb88 | out: ppvObject=0x577eb88*=0x0) returned 0x80004002 [0243.946] WbemLocator:IUnknown:AddRef (This=0x888458) returned 0x3 [0243.946] WbemLocator:IUnknown:QueryInterface (in: This=0x888458, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x577e4e4 | out: ppvObject=0x577e4e4*=0x0) returned 0x80004002 [0243.946] WbemLocator:IUnknown:QueryInterface (in: This=0x888458, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x577e494 | out: ppvObject=0x577e494*=0x0) returned 0x80004002 [0243.946] WbemLocator:IUnknown:QueryInterface (in: This=0x888458, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577e4a0 | out: ppvObject=0x577e4a0*=0x0) returned 0x80004002 [0243.946] CoGetContextToken (in: pToken=0x577e500 | out: pToken=0x577e500) returned 0x0 [0243.947] CoGetContextToken (in: pToken=0x577e914 | out: pToken=0x577e914) returned 0x0 [0243.947] WbemLocator:IUnknown:QueryInterface (in: This=0x888458, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577e994 | out: ppvObject=0x577e994*=0x0) returned 0x80004002 [0243.947] WbemLocator:IUnknown:Release (This=0x888458) returned 0x2 [0243.947] WbemLocator:IUnknown:Release (This=0x888458) returned 0x1 [0243.947] CoGetContextToken (in: pToken=0x577ef8c | out: pToken=0x577ef8c) returned 0x0 [0243.947] CoGetContextToken (in: pToken=0x577eeec | out: pToken=0x577eeec) returned 0x0 [0243.947] WbemLocator:IUnknown:QueryInterface (in: This=0x888458, riid=0x577efbc*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x577efb8 | out: ppvObject=0x577efb8*=0x888458) returned 0x0 [0243.947] WbemLocator:IUnknown:AddRef (This=0x888458) returned 0x3 [0243.947] WbemLocator:IUnknown:Release (This=0x888458) returned 0x2 [0243.948] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x577f14c | out: puCount=0x577f14c*=0x2) returned 0x0 [0243.948] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=8, puBuffLength=0x577f148*=0x0, pszText=0x0 | out: puBuffLength=0x577f148*=0xf, pszText=0x0) returned 0x0 [0243.948] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=8, puBuffLength=0x577f148*=0xf, pszText="00000000000000" | out: puBuffLength=0x577f148*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0243.948] CoCreateInstance (in: rclsid=0x6dd33734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dd33794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x577eff8 | out: ppv=0x577eff8*=0x8884a8) returned 0x0 [0243.948] WbemLocator:IWbemLocator:ConnectServer (in: This=0x8884a8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x577f098 | out: ppNamespace=0x577f098*=0x88c2f0) returned 0x0 [0243.972] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577ef1c | out: ppvObject=0x577ef1c*=0x84fce4) returned 0x0 [0243.972] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x84fce4, pProxy=0x88c2f0, pAuthnSvc=0x577ef6c, pAuthzSvc=0x577ef68, pServerPrincName=0x577ef60, pAuthnLevel=0x577ef64, pImpLevel=0x577ef54, pAuthInfo=0x577ef58, pCapabilites=0x577ef5c | out: pAuthnSvc=0x577ef6c*=0xa, pAuthzSvc=0x577ef68*=0x0, pServerPrincName=0x577ef60, pAuthnLevel=0x577ef64*=0x6, pImpLevel=0x577ef54*=0x2, pAuthInfo=0x577ef58, pCapabilites=0x577ef5c*=0x1) returned 0x0 [0243.972] WbemLocator:IUnknown:Release (This=0x84fce4) returned 0x1 [0243.972] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577ef10 | out: ppvObject=0x577ef10*=0x84fd04) returned 0x0 [0243.972] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577eefc | out: ppvObject=0x577eefc*=0x84fce4) returned 0x0 [0243.972] WbemLocator:IClientSecurity:SetBlanket (This=0x84fce4, pProxy=0x88c2f0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0243.972] WbemLocator:IUnknown:Release (This=0x84fce4) returned 0x2 [0243.972] WbemLocator:IUnknown:Release (This=0x84fd04) returned 0x1 [0243.972] CoTaskMemFree (pv=0x4e44068) [0243.972] WbemLocator:IUnknown:AddRef (This=0x88c2f0) returned 0x2 [0243.972] WbemLocator:IUnknown:Release (This=0x8884a8) returned 0x0 [0243.973] CoGetContextToken (in: pToken=0x577e450 | out: pToken=0x577e450) returned 0x0 [0243.973] CoGetContextToken (in: pToken=0x577e864 | out: pToken=0x577e864) returned 0x0 [0243.973] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x577e7fc | out: ppvObject=0x577e7fc*=0x84fcec) returned 0x0 [0243.973] WbemLocator:IRpcOptions:Query (in: This=0x84fcec, pPrx=0x4e449b8, dwProperty=2, pdwValue=0x577e8f0 | out: pdwValue=0x577e8f0) returned 0x80004002 [0243.973] WbemLocator:IUnknown:Release (This=0x84fcec) returned 0x2 [0243.974] CoGetContextToken (in: pToken=0x577ee34 | out: pToken=0x577ee34) returned 0x0 [0243.974] CoGetContextToken (in: pToken=0x577ed94 | out: pToken=0x577ed94) returned 0x0 [0243.974] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x577ee64*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x577ed30 | out: ppvObject=0x577ed30*=0x88c2f0) returned 0x0 [0243.974] WbemLocator:IUnknown:Release (This=0x88c2f0) returned 0x2 [0243.974] SysStringLen (param_1=0x0) returned 0x0 [0243.974] CoUninitialize () Thread: id = 92 os_tid = 0xb98 Thread: id = 93 os_tid = 0xb9c [0243.983] CoGetContextToken (in: pToken=0x579f250 | out: pToken=0x579f250) returned 0x0 [0243.983] CoGetContextToken (in: pToken=0x579f23c | out: pToken=0x579f23c) returned 0x0 [0243.983] CoGetMarshalSizeMax (in: pulSize=0x579f1f8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x4e449b8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x579f1f8) returned 0x0 [0243.983] CoMarshalInterface (pStm=0x893d80, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x4e449b8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 94 os_tid = 0xaf8 [0243.987] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x8255b8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5a0ef00 | out: ppvObject=0x5a0ef00*=0x88c2f0) returned 0x0 [0243.987] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5a0ee9c | out: ppvObject=0x5a0ee9c*=0x88c2f0) returned 0x0 [0243.987] WbemLocator:IUnknown:QueryInterface (in: This=0x88c2f0, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5a0ee54 | out: ppvObject=0x5a0ee54*=0x88c2f0) returned 0x0 [0244.107] CoGetContextToken (in: pToken=0x5a0f020 | out: pToken=0x5a0f020) returned 0x0 [0244.107] CoGetContextToken (in: pToken=0x5a0f00c | out: pToken=0x5a0f00c) returned 0x0 [0244.107] CoGetMarshalSizeMax (in: pulSize=0x5a0efc8, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x4e44e20, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x5a0efc8) returned 0x0 [0244.108] CoMarshalInterface (pStm=0x893ec0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x4e44e20, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0244.109] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x825978*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5a0ef00 | out: ppvObject=0x5a0ef00*=0x4e5fd58) returned 0x0 [0244.109] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5a0ee9c | out: ppvObject=0x5a0ee9c*=0x4e5fd58) returned 0x0 [0244.109] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x6ded62ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5a0ee54 | out: ppvObject=0x5a0ee54*=0x4e5fd58) returned 0x0 Thread: id = 102 os_tid = 0xb64 [0244.089] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0244.091] CoGetClassObject (in: rclsid=0x8489a4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72266bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5b5ef00 | out: ppv=0x5b5ef00*=0x4e44d78) returned 0x0 [0244.091] WbemLocator:IUnknown:QueryInterface (in: This=0x4e44d78, riid=0x7222dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5b5f118 | out: ppvObject=0x5b5f118*=0x0) returned 0x80004002 [0244.091] WbemLocator:IClassFactory:CreateInstance (in: This=0x4e44d78, pUnkOuter=0x0, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5f124 | out: ppvObject=0x5b5f124*=0x872970) returned 0x0 [0244.091] WbemLocator:IUnknown:Release (This=0x4e44d78) returned 0x0 [0244.091] WbemLocator:IUnknown:QueryInterface (in: This=0x872970, riid=0x72112a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5ed44 | out: ppvObject=0x5b5ed44*=0x872970) returned 0x0 [0244.091] WbemLocator:IUnknown:QueryInterface (in: This=0x872970, riid=0x72201b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5b5ecf8 | out: ppvObject=0x5b5ecf8*=0x0) returned 0x80004002 [0244.092] WbemLocator:IUnknown:AddRef (This=0x872970) returned 0x3 [0244.092] WbemLocator:IUnknown:QueryInterface (in: This=0x872970, riid=0x7220182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5b5e654 | out: ppvObject=0x5b5e654*=0x0) returned 0x80004002 [0244.092] WbemLocator:IUnknown:QueryInterface (in: This=0x872970, riid=0x72201764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5b5e604 | out: ppvObject=0x5b5e604*=0x0) returned 0x80004002 [0244.092] WbemLocator:IUnknown:QueryInterface (in: This=0x872970, riid=0x72131388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5e610 | out: ppvObject=0x5b5e610*=0x0) returned 0x80004002 [0244.092] CoGetContextToken (in: pToken=0x5b5e670 | out: pToken=0x5b5e670) returned 0x0 [0244.092] CoGetContextToken (in: pToken=0x5b5ea84 | out: pToken=0x5b5ea84) returned 0x0 [0244.092] WbemLocator:IUnknown:QueryInterface (in: This=0x872970, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5eb04 | out: ppvObject=0x5b5eb04*=0x0) returned 0x80004002 [0244.093] WbemLocator:IUnknown:Release (This=0x872970) returned 0x2 [0244.093] WbemLocator:IUnknown:Release (This=0x872970) returned 0x1 [0244.093] CoGetContextToken (in: pToken=0x5b5f0fc | out: pToken=0x5b5f0fc) returned 0x0 [0244.093] CoGetContextToken (in: pToken=0x5b5f05c | out: pToken=0x5b5f05c) returned 0x0 [0244.093] WbemLocator:IUnknown:QueryInterface (in: This=0x872970, riid=0x5b5f12c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5b5f128 | out: ppvObject=0x5b5f128*=0x872970) returned 0x0 [0244.093] WbemLocator:IUnknown:AddRef (This=0x872970) returned 0x3 [0244.093] WbemLocator:IUnknown:Release (This=0x872970) returned 0x2 [0244.093] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a8c0, puCount=0x5b5f2bc | out: puCount=0x5b5f2bc*=0x2) returned 0x0 [0244.093] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=8, puBuffLength=0x5b5f2b8*=0x0, pszText=0x0 | out: puBuffLength=0x5b5f2b8*=0xf, pszText=0x0) returned 0x0 [0244.093] WbemDefPath:IWbemPath:GetText (in: This=0x81a8c0, lFlags=8, puBuffLength=0x5b5f2b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x5b5f2b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0244.093] CoCreateInstance (in: rclsid=0x6dd33734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dd33794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5b5f168 | out: ppv=0x5b5f168*=0x4e61448) returned 0x0 [0244.093] WbemLocator:IWbemLocator:ConnectServer (in: This=0x4e61448, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5b5f208 | out: ppNamespace=0x5b5f208*=0x4e5fd58) returned 0x0 [0244.100] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5f08c | out: ppvObject=0x5b5f08c*=0x850464) returned 0x0 [0244.100] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x850464, pProxy=0x4e5fd58, pAuthnSvc=0x5b5f0dc, pAuthzSvc=0x5b5f0d8, pServerPrincName=0x5b5f0d0, pAuthnLevel=0x5b5f0d4, pImpLevel=0x5b5f0c4, pAuthInfo=0x5b5f0c8, pCapabilites=0x5b5f0cc | out: pAuthnSvc=0x5b5f0dc*=0xa, pAuthzSvc=0x5b5f0d8*=0x0, pServerPrincName=0x5b5f0d0, pAuthnLevel=0x5b5f0d4*=0x6, pImpLevel=0x5b5f0c4*=0x2, pAuthInfo=0x5b5f0c8, pCapabilites=0x5b5f0cc*=0x1) returned 0x0 [0244.101] WbemLocator:IUnknown:Release (This=0x850464) returned 0x1 [0244.101] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x6dd335a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5f080 | out: ppvObject=0x5b5f080*=0x850484) returned 0x0 [0244.101] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x6dd335b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5f06c | out: ppvObject=0x5b5f06c*=0x850464) returned 0x0 [0244.101] WbemLocator:IClientSecurity:SetBlanket (This=0x850464, pProxy=0x4e5fd58, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0244.101] WbemLocator:IUnknown:Release (This=0x850464) returned 0x2 [0244.101] WbemLocator:IUnknown:Release (This=0x850484) returned 0x1 [0244.101] CoTaskMemFree (pv=0x4e443f8) [0244.101] WbemLocator:IUnknown:AddRef (This=0x4e5fd58) returned 0x2 [0244.101] WbemLocator:IUnknown:Release (This=0x4e61448) returned 0x0 [0244.102] CoGetContextToken (in: pToken=0x5b5e5c0 | out: pToken=0x5b5e5c0) returned 0x0 [0244.102] CoGetContextToken (in: pToken=0x5b5e9d4 | out: pToken=0x5b5e9d4) returned 0x0 [0244.102] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x72201aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b5e96c | out: ppvObject=0x5b5e96c*=0x85046c) returned 0x0 [0244.102] WbemLocator:IRpcOptions:Query (in: This=0x85046c, pPrx=0x4e44e20, dwProperty=2, pdwValue=0x5b5ea60 | out: pdwValue=0x5b5ea60) returned 0x80004002 [0244.102] WbemLocator:IUnknown:Release (This=0x85046c) returned 0x2 [0244.102] CoGetContextToken (in: pToken=0x5b5efa4 | out: pToken=0x5b5efa4) returned 0x0 [0244.102] CoGetContextToken (in: pToken=0x5b5ef04 | out: pToken=0x5b5ef04) returned 0x0 [0244.102] WbemLocator:IUnknown:QueryInterface (in: This=0x4e5fd58, riid=0x5b5efd4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5b5eea0 | out: ppvObject=0x5b5eea0*=0x4e5fd58) returned 0x0 [0244.103] WbemLocator:IUnknown:Release (This=0x4e5fd58) returned 0x2 [0244.103] SysStringLen (param_1=0x0) returned 0x0 [0244.103] CoUninitialize () Thread: id = 103 os_tid = 0xb6c [0247.192] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0247.516] ResetEvent (hEvent=0x238) returned 1 Thread: id = 104 os_tid = 0xb74 [0252.009] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0252.011] CoGetContextToken (in: pToken=0x5fbf754 | out: pToken=0x5fbf754) returned 0x0 [0252.011] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fbf778 | out: ppvObject=0x5fbf778*=0x7eee74) returned 0x0 [0252.011] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x5fbf7a4 | out: pThreadType=0x5fbf7a4*=0) returned 0x0 [0252.011] IUnknown:Release (This=0x7eee74) returned 0x1 [0252.011] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0252.011] CoUninitialize () [0252.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x5fbf33c | out: lpSystemTimeAsFileTime=0x5fbf33c*(dwLowDateTime=0x1297cb90, dwHighDateTime=0x1d7b381)) [0252.012] GetLastInputInfo (in: plii=0x2442328 | out: plii=0x2442328*(cbSize=0x8, dwTime=0x1a1db87)) returned 1 [0272.035] CoUninitialize () Thread: id = 105 os_tid = 0xb58 Thread: id = 106 os_tid = 0xb4c [0282.046] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0282.048] CoGetContextToken (in: pToken=0x5c8f744 | out: pToken=0x5c8f744) returned 0x0 [0282.048] IUnknown:QueryInterface (in: This=0x7eee68, riid=0x7219b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c8f768 | out: ppvObject=0x5c8f768*=0x7eee74) returned 0x0 [0282.048] IComThreadingInfo:GetCurrentThreadType (in: This=0x7eee74, pThreadType=0x5c8f794 | out: pThreadType=0x5c8f794*=0) returned 0x0 [0282.048] IUnknown:Release (This=0x7eee74) returned 0x1 [0282.048] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0282.048] CoUninitialize () [0282.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x5c8f32c | out: lpSystemTimeAsFileTime=0x5c8f32c*(dwLowDateTime=0x247e0270, dwHighDateTime=0x1d7b381)) [0282.051] GetLastInputInfo (in: plii=0x2442328 | out: plii=0x2442328*(cbSize=0x8, dwTime=0x1a24c53)) returned 1 Thread: id = 107 os_tid = 0xb80 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x76036000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1c0" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d1f9" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1587 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1588 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1589 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1590 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1591 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1592 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1593 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1594 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1595 start_va = 0xf0000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1596 start_va = 0x170000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1597 start_va = 0x230000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1598 start_va = 0x330000 end_va = 0x330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 1599 start_va = 0x340000 end_va = 0x340fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1600 start_va = 0x350000 end_va = 0x35afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1601 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1602 start_va = 0x370000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1603 start_va = 0x3f0000 end_va = 0x3f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 1604 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1605 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1606 start_va = 0x510000 end_va = 0x697fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1607 start_va = 0x6a0000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1608 start_va = 0x830000 end_va = 0x839fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 1609 start_va = 0x840000 end_va = 0x841fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1610 start_va = 0x850000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 1611 start_va = 0x950000 end_va = 0x953fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1612 start_va = 0x960000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1613 start_va = 0x9e0000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1614 start_va = 0xa60000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 1615 start_va = 0xa70000 end_va = 0xa71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 1616 start_va = 0xa80000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 1617 start_va = 0xab0000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 1618 start_va = 0xb30000 end_va = 0xb33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1619 start_va = 0xb40000 end_va = 0xb4dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1620 start_va = 0xb50000 end_va = 0xb57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1621 start_va = 0xb60000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 1622 start_va = 0xb70000 end_va = 0xb89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 1623 start_va = 0xb90000 end_va = 0xb90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 1624 start_va = 0xba0000 end_va = 0xba0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 1625 start_va = 0xbb0000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 1626 start_va = 0xbc0000 end_va = 0xbc7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 1627 start_va = 0xbd0000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 1628 start_va = 0xbf0000 end_va = 0xebefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1629 start_va = 0xec0000 end_va = 0xf25fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1630 start_va = 0xf30000 end_va = 0xf4bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1631 start_va = 0xf50000 end_va = 0xf50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f50000" filename = "" Region: id = 1632 start_va = 0xf60000 end_va = 0xf60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1633 start_va = 0xf70000 end_va = 0xf70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1634 start_va = 0xf80000 end_va = 0xf80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 1635 start_va = 0xf90000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 1636 start_va = 0xfa0000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 1637 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fb0000" filename = "" Region: id = 1638 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fc0000" filename = "" Region: id = 1639 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 1640 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 1641 start_va = 0xff0000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 1642 start_va = 0x1000000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1643 start_va = 0x1010000 end_va = 0x1010fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001010000" filename = "" Region: id = 1644 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1645 start_va = 0x10a0000 end_va = 0x10a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010a0000" filename = "" Region: id = 1646 start_va = 0x10b0000 end_va = 0x10bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 1647 start_va = 0x10c0000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 1648 start_va = 0x11c0000 end_va = 0x11c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1649 start_va = 0x11d0000 end_va = 0x11d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 1650 start_va = 0x11e0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Region: id = 1651 start_va = 0x11f0000 end_va = 0x126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 1652 start_va = 0x1270000 end_va = 0x1270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 1653 start_va = 0x1280000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 1654 start_va = 0x1290000 end_va = 0x1297fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001290000" filename = "" Region: id = 1655 start_va = 0x12a0000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 1656 start_va = 0x12b0000 end_va = 0x12bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 1657 start_va = 0x12c0000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 1658 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001340000" filename = "" Region: id = 1659 start_va = 0x1350000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001350000" filename = "" Region: id = 1660 start_va = 0x1360000 end_va = 0x136ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001360000" filename = "" Region: id = 1661 start_va = 0x1370000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001370000" filename = "" Region: id = 1662 start_va = 0x1380000 end_va = 0x138ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001380000" filename = "" Region: id = 1663 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001390000" filename = "" Region: id = 1664 start_va = 0x13a0000 end_va = 0x141ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1665 start_va = 0x1420000 end_va = 0x1427fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001420000" filename = "" Region: id = 1666 start_va = 0x1430000 end_va = 0x143ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1667 start_va = 0x1440000 end_va = 0x144ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1668 start_va = 0x1450000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001450000" filename = "" Region: id = 1669 start_va = 0x1460000 end_va = 0x146ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 1670 start_va = 0x1470000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 1671 start_va = 0x1480000 end_va = 0x148ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 1672 start_va = 0x1490000 end_va = 0x1490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1673 start_va = 0x14a0000 end_va = 0x14bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014a0000" filename = "" Region: id = 1674 start_va = 0x14d0000 end_va = 0x14d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1675 start_va = 0x1510000 end_va = 0x1517fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 1676 start_va = 0x1530000 end_va = 0x15affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001530000" filename = "" Region: id = 1677 start_va = 0x15c0000 end_va = 0x15cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1678 start_va = 0x15d0000 end_va = 0x15d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 1679 start_va = 0x15e0000 end_va = 0x15effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1680 start_va = 0x15f0000 end_va = 0x166ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015f0000" filename = "" Region: id = 1681 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 1682 start_va = 0x1850000 end_va = 0x18cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 1683 start_va = 0x18e0000 end_va = 0x195ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 1684 start_va = 0x1980000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001980000" filename = "" Region: id = 1685 start_va = 0x1a70000 end_va = 0x1aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a70000" filename = "" Region: id = 1686 start_va = 0x1af0000 end_va = 0x1beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001af0000" filename = "" Region: id = 1687 start_va = 0x1bf0000 end_va = 0x1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 1688 start_va = 0x1c80000 end_va = 0x1d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 1689 start_va = 0x1e30000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 1690 start_va = 0x1eb0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001eb0000" filename = "" Region: id = 1691 start_va = 0x2050000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1692 start_va = 0x2130000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1693 start_va = 0x21c0000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 1694 start_va = 0x22b0000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1695 start_va = 0x2340000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 1696 start_va = 0x23f0000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 1697 start_va = 0x2470000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002470000" filename = "" Region: id = 1698 start_va = 0x24b0000 end_va = 0x24effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 1699 start_va = 0x2510000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 1700 start_va = 0x2590000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 1701 start_va = 0x26a0000 end_va = 0x279ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 1702 start_va = 0x2840000 end_va = 0x28bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 1703 start_va = 0x28c0000 end_va = 0x29bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 1704 start_va = 0x29c0000 end_va = 0x29cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 1705 start_va = 0x29d0000 end_va = 0x2a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 1706 start_va = 0x2a70000 end_va = 0x2a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 1707 start_va = 0x2aa0000 end_va = 0x2b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 1708 start_va = 0x2b20000 end_va = 0x2bdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1709 start_va = 0x2bf0000 end_va = 0x2c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 1710 start_va = 0x2c70000 end_va = 0x2ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 1711 start_va = 0x2cf0000 end_va = 0x2deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cf0000" filename = "" Region: id = 1712 start_va = 0x2e20000 end_va = 0x2e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 1713 start_va = 0x2ea0000 end_va = 0x309ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 1714 start_va = 0x3210000 end_va = 0x328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 1715 start_va = 0x3340000 end_va = 0x33bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 1716 start_va = 0x33c0000 end_va = 0x33cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 1717 start_va = 0x3450000 end_va = 0x34cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003450000" filename = "" Region: id = 1718 start_va = 0x3720000 end_va = 0x379ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 1719 start_va = 0x3880000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003880000" filename = "" Region: id = 1720 start_va = 0x3910000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 1721 start_va = 0x3990000 end_va = 0x3d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003990000" filename = "" Region: id = 1722 start_va = 0x3e80000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 1723 start_va = 0x3fe0000 end_va = 0x405ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fe0000" filename = "" Region: id = 1724 start_va = 0x4080000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1725 start_va = 0x4190000 end_va = 0x420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 1726 start_va = 0x4210000 end_va = 0x440ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 1727 start_va = 0x44c0000 end_va = 0x453ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 1728 start_va = 0x45e0000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045e0000" filename = "" Region: id = 1729 start_va = 0x4660000 end_va = 0x475ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 1730 start_va = 0x4760000 end_va = 0x485ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1731 start_va = 0x4860000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 1732 start_va = 0x4a50000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a50000" filename = "" Region: id = 1733 start_va = 0x4b50000 end_va = 0x4c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 1734 start_va = 0x4c50000 end_va = 0x5c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 1735 start_va = 0x5c90000 end_va = 0x5d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c90000" filename = "" Region: id = 1736 start_va = 0x5dd0000 end_va = 0x5e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 1737 start_va = 0x5ed0000 end_va = 0x5f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ed0000" filename = "" Region: id = 1738 start_va = 0x60b0000 end_va = 0x612ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060b0000" filename = "" Region: id = 1739 start_va = 0x6130000 end_va = 0x652ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006130000" filename = "" Region: id = 1740 start_va = 0x6660000 end_va = 0x66dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006660000" filename = "" Region: id = 1741 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1742 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1743 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1744 start_va = 0x778b0000 end_va = 0x778b6fff monitored = 0 entry_point = 0x778b106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1745 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1746 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1747 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1748 start_va = 0xff8c0000 end_va = 0xff8cafff monitored = 0 entry_point = 0xff8c246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1749 start_va = 0x7fef02e0000 end_va = 0x7fef0311fff monitored = 0 entry_point = 0x7fef02e1060 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 1750 start_va = 0x7fef0b50000 end_va = 0x7fef0d23fff monitored = 0 entry_point = 0x7fef0b86b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1751 start_va = 0x7fef0f80000 end_va = 0x7fef11d2fff monitored = 0 entry_point = 0x7fef0f8236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1752 start_va = 0x7fef1540000 end_va = 0x7fef154efff monitored = 0 entry_point = 0x7fef1549a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1753 start_va = 0x7fef1a40000 end_va = 0x7fef1a84fff monitored = 0 entry_point = 0x7fef1a73644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1754 start_va = 0x7fef1a90000 end_va = 0x7fef1b61fff monitored = 0 entry_point = 0x7fef1b21a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1755 start_va = 0x7fef1c10000 end_va = 0x7fef1c21fff monitored = 0 entry_point = 0x7fef1c190bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1756 start_va = 0x7fef1c30000 end_va = 0x7fef1c39fff monitored = 0 entry_point = 0x7fef1c33994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1757 start_va = 0x7fef2630000 end_va = 0x7fef28a9fff monitored = 0 entry_point = 0x7fef2662200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1758 start_va = 0x7fef3fe0000 end_va = 0x7fef3ffbfff monitored = 0 entry_point = 0x7fef3fe11a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1759 start_va = 0x7fef4000000 end_va = 0x7fef4061fff monitored = 0 entry_point = 0x7fef4001198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1760 start_va = 0x7fef4070000 end_va = 0x7fef40a9fff monitored = 0 entry_point = 0x7fef4071010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1761 start_va = 0x7fef4720000 end_va = 0x7fef4790fff monitored = 0 entry_point = 0x7fef475ecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1762 start_va = 0x7fef49a0000 end_va = 0x7fef49abfff monitored = 0 entry_point = 0x7fef49a602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1763 start_va = 0x7fef4d10000 end_va = 0x7fef4d17fff monitored = 0 entry_point = 0x7fef4d11414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1764 start_va = 0x7fef4d20000 end_va = 0x7fef4d90fff monitored = 0 entry_point = 0x7fef4d651d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1765 start_va = 0x7fef4da0000 end_va = 0x7fef4db1fff monitored = 0 entry_point = 0x7fef4da89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1766 start_va = 0x7fef4dc0000 end_va = 0x7fef4e74fff monitored = 0 entry_point = 0x7fef4e3cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1767 start_va = 0x7fef4e80000 end_va = 0x7fef4e98fff monitored = 0 entry_point = 0x7fef4e81104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1768 start_va = 0x7fef4ea0000 end_va = 0x7fef4eeffff monitored = 0 entry_point = 0x7fef4ea1190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1769 start_va = 0x7fef4ef0000 end_va = 0x7fef4ef7fff monitored = 0 entry_point = 0x7fef4ef1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1770 start_va = 0x7fef4f00000 end_va = 0x7fef4f59fff monitored = 0 entry_point = 0x7fef4f3dde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1771 start_va = 0x7fef4f60000 end_va = 0x7fef4f80fff monitored = 0 entry_point = 0x7fef4f703b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1772 start_va = 0x7fef4f90000 end_va = 0x7fef4ffafff monitored = 0 entry_point = 0x7fef4fd4344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1773 start_va = 0x7fef5000000 end_va = 0x7fef5012fff monitored = 0 entry_point = 0x7fef5001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1774 start_va = 0x7fef5020000 end_va = 0x7fef5081fff monitored = 0 entry_point = 0x7fef505bd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1775 start_va = 0x7fef5090000 end_va = 0x7fef51bbfff monitored = 0 entry_point = 0x7fef5140ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1776 start_va = 0x7fef51c0000 end_va = 0x7fef51d9fff monitored = 0 entry_point = 0x7fef51d3fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1777 start_va = 0x7fef51e0000 end_va = 0x7fef5263fff monitored = 0 entry_point = 0x7fef5231118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1778 start_va = 0x7fef5270000 end_va = 0x7fef5294fff monitored = 0 entry_point = 0x7fef5288c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1779 start_va = 0x7fef52a0000 end_va = 0x7fef52dcfff monitored = 0 entry_point = 0x7fef52a1070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1780 start_va = 0x7fef52e0000 end_va = 0x7fef52edfff monitored = 0 entry_point = 0x7fef52e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1781 start_va = 0x7fef52f0000 end_va = 0x7fef5316fff monitored = 0 entry_point = 0x7fef52f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1782 start_va = 0x7fef5320000 end_va = 0x7fef53f2fff monitored = 0 entry_point = 0x7fef5398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1783 start_va = 0x7fef5440000 end_va = 0x7fef5486fff monitored = 0 entry_point = 0x7fef5441040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1784 start_va = 0x7fef5490000 end_va = 0x7fef54d1fff monitored = 0 entry_point = 0x7fef54917e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1785 start_va = 0x7fef54e0000 end_va = 0x7fef54f0fff monitored = 0 entry_point = 0x7fef54e14c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1786 start_va = 0x7fef5500000 end_va = 0x7fef5591fff monitored = 0 entry_point = 0x7fef55751ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1787 start_va = 0x7fef55a0000 end_va = 0x7fef5616fff monitored = 0 entry_point = 0x7fef55de7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1788 start_va = 0x7fef5620000 end_va = 0x7fef5659fff monitored = 0 entry_point = 0x7fef563d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1789 start_va = 0x7fef5880000 end_va = 0x7fef5a2ffff monitored = 0 entry_point = 0x7fef5881010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1790 start_va = 0x7fef69e0000 end_va = 0x7fef6a53fff monitored = 0 entry_point = 0x7fef69e66f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1791 start_va = 0x7fef7bd0000 end_va = 0x7fef7beafff monitored = 0 entry_point = 0x7fef7bd1198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1792 start_va = 0x7fef8230000 end_va = 0x7fef824cfff monitored = 0 entry_point = 0x7fef8232f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 1793 start_va = 0x7fef8260000 end_va = 0x7fef8268fff monitored = 0 entry_point = 0x7fef82611a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1794 start_va = 0x7fef85f0000 end_va = 0x7fef8604fff monitored = 0 entry_point = 0x7fef85f1020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1795 start_va = 0x7fef87c0000 end_va = 0x7fef883bfff monitored = 0 entry_point = 0x7fef87c11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1796 start_va = 0x7fef8c40000 end_va = 0x7fef8d2dfff monitored = 0 entry_point = 0x7fef8c412a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1797 start_va = 0x7fef8dc0000 end_va = 0x7fef8dd6fff monitored = 0 entry_point = 0x7fef8dc9d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1798 start_va = 0x7fef9000000 end_va = 0x7fef9041fff monitored = 0 entry_point = 0x7fef9030048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1799 start_va = 0x7fef9050000 end_va = 0x7fef9069fff monitored = 0 entry_point = 0x7fef9061ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1800 start_va = 0x7fef9090000 end_va = 0x7fef909efff monitored = 0 entry_point = 0x7fef9096894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1801 start_va = 0x7fefabb0000 end_va = 0x7fefac26fff monitored = 0 entry_point = 0x7fefabbafd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1802 start_va = 0x7fefac50000 end_va = 0x7fefac59fff monitored = 0 entry_point = 0x7fefac5260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1803 start_va = 0x7fefac60000 end_va = 0x7fefad71fff monitored = 0 entry_point = 0x7fefac7f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1804 start_va = 0x7fefad80000 end_va = 0x7fefad8efff monitored = 0 entry_point = 0x7fefad87e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1805 start_va = 0x7fefad90000 end_va = 0x7fefad98fff monitored = 0 entry_point = 0x7fefad93668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1806 start_va = 0x7fefada0000 end_va = 0x7fefada8fff monitored = 0 entry_point = 0x7fefada1020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1807 start_va = 0x7fefadb0000 end_va = 0x7fefae05fff monitored = 0 entry_point = 0x7fefadb1040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1808 start_va = 0x7fefae10000 end_va = 0x7fefae6dfff monitored = 0 entry_point = 0x7fefae19024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1809 start_va = 0x7fefae70000 end_va = 0x7fefae87fff monitored = 0 entry_point = 0x7fefae71bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1810 start_va = 0x7fefae90000 end_va = 0x7fefaea0fff monitored = 0 entry_point = 0x7fefae916ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1811 start_va = 0x7fefaee0000 end_va = 0x7fefaf32fff monitored = 0 entry_point = 0x7fefaee2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1812 start_va = 0x7fefb0f0000 end_va = 0x7fefb103fff monitored = 0 entry_point = 0x7fefb0f3e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1813 start_va = 0x7fefb110000 end_va = 0x7fefb11afff monitored = 0 entry_point = 0x7fefb111198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1814 start_va = 0x7fefb120000 end_va = 0x7fefb146fff monitored = 0 entry_point = 0x7fefb1298bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1815 start_va = 0x7fefb150000 end_va = 0x7fefb1b6fff monitored = 0 entry_point = 0x7fefb166060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1816 start_va = 0x7fefb1d0000 end_va = 0x7fefb1dafff monitored = 0 entry_point = 0x7fefb1d4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1817 start_va = 0x7fefb1e0000 end_va = 0x7fefb1ebfff monitored = 0 entry_point = 0x7fefb1e15d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1818 start_va = 0x7fefb1f0000 end_va = 0x7fefb1fffff monitored = 0 entry_point = 0x7fefb1f835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1819 start_va = 0x7fefb200000 end_va = 0x7fefb218fff monitored = 0 entry_point = 0x7fefb2011a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1820 start_va = 0x7fefb220000 end_va = 0x7fefb256fff monitored = 0 entry_point = 0x7fefb228424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1821 start_va = 0x7fefb2a0000 end_va = 0x7fefb2b4fff monitored = 0 entry_point = 0x7fefb2a60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1822 start_va = 0x7fefb2c0000 end_va = 0x7fefb381fff monitored = 0 entry_point = 0x7fefb2c101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1823 start_va = 0x7fefb5c0000 end_va = 0x7fefb5c8fff monitored = 0 entry_point = 0x7fefb5c1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1824 start_va = 0x7fefb6b0000 end_va = 0x7fefb6dcfff monitored = 0 entry_point = 0x7fefb6b1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1825 start_va = 0x7fefb6e0000 end_va = 0x7fefb6f0fff monitored = 0 entry_point = 0x7fefb6e9e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1826 start_va = 0x7fefb700000 end_va = 0x7fefb763fff monitored = 0 entry_point = 0x7fefb701254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1827 start_va = 0x7fefb770000 end_va = 0x7fefb7e0fff monitored = 0 entry_point = 0x7fefb771010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1828 start_va = 0x7fefb830000 end_va = 0x7fefb843fff monitored = 0 entry_point = 0x7fefb8316b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1829 start_va = 0x7fefb850000 end_va = 0x7fefb864fff monitored = 0 entry_point = 0x7fefb851050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1830 start_va = 0x7fefb870000 end_va = 0x7fefb87bfff monitored = 0 entry_point = 0x7fefb8718a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1831 start_va = 0x7fefb880000 end_va = 0x7fefb895fff monitored = 0 entry_point = 0x7fefb8811a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1832 start_va = 0x7fefb910000 end_va = 0x7fefb926fff monitored = 0 entry_point = 0x7fefb911060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1833 start_va = 0x7fefb9b0000 end_va = 0x7fefb9c0fff monitored = 0 entry_point = 0x7fefb9b1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1834 start_va = 0x7fefbb10000 end_va = 0x7fefbb44fff monitored = 0 entry_point = 0x7fefbb11064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1835 start_va = 0x7fefbf80000 end_va = 0x7fefbfd5fff monitored = 0 entry_point = 0x7fefbf8bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1836 start_va = 0x7fefbfe0000 end_va = 0x7fefc10bfff monitored = 0 entry_point = 0x7fefbfe94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1837 start_va = 0x7fefc110000 end_va = 0x7fefc12cfff monitored = 0 entry_point = 0x7fefc111ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1838 start_va = 0x7fefc160000 end_va = 0x7fefc353fff monitored = 0 entry_point = 0x7fefc2ec924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1839 start_va = 0x7fefc7f0000 end_va = 0x7fefc7fbfff monitored = 0 entry_point = 0x7fefc7f1064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1840 start_va = 0x7fefc800000 end_va = 0x7fefc8bafff monitored = 0 entry_point = 0x7fefc806de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1841 start_va = 0x7fefc8c0000 end_va = 0x7fefc8c6fff monitored = 0 entry_point = 0x7fefc8c14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1842 start_va = 0x7fefc9b0000 end_va = 0x7fefc9cafff monitored = 0 entry_point = 0x7fefc9b2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1843 start_va = 0x7fefc9d0000 end_va = 0x7fefc9edfff monitored = 0 entry_point = 0x7fefc9d13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1844 start_va = 0x7fefc9f0000 end_va = 0x7fefca01fff monitored = 0 entry_point = 0x7fefc9f1060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1845 start_va = 0x7fefca10000 end_va = 0x7fefca2efff monitored = 0 entry_point = 0x7fefca15c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1846 start_va = 0x7fefcae0000 end_va = 0x7fefcb18fff monitored = 0 entry_point = 0x7fefcaec0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1847 start_va = 0x7fefcb20000 end_va = 0x7fefcb29fff monitored = 0 entry_point = 0x7fefcb23cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1848 start_va = 0x7fefcb30000 end_va = 0x7fefcb3cfff monitored = 0 entry_point = 0x7fefcb31348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1849 start_va = 0x7fefcc20000 end_va = 0x7fefcc66fff monitored = 0 entry_point = 0x7fefcc21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1850 start_va = 0x7fefcd10000 end_va = 0x7fefcd3ffff monitored = 0 entry_point = 0x7fefcd1194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1851 start_va = 0x7fefcd40000 end_va = 0x7fefcd9afff monitored = 0 entry_point = 0x7fefcd46940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1852 start_va = 0x7fefceb0000 end_va = 0x7fefceb6fff monitored = 0 entry_point = 0x7fefceb142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1853 start_va = 0x7fefcec0000 end_va = 0x7fefcf14fff monitored = 0 entry_point = 0x7fefcec1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1854 start_va = 0x7fefcf20000 end_va = 0x7fefcf37fff monitored = 0 entry_point = 0x7fefcf23b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1855 start_va = 0x7fefd030000 end_va = 0x7fefd061fff monitored = 0 entry_point = 0x7fefd03144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1856 start_va = 0x7fefd070000 end_va = 0x7fefd077fff monitored = 0 entry_point = 0x7fefd072a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1857 start_va = 0x7fefd080000 end_va = 0x7fefd089fff monitored = 0 entry_point = 0x7fefd083b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1858 start_va = 0x7fefd090000 end_va = 0x7fefd0b1fff monitored = 0 entry_point = 0x7fefd095d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1859 start_va = 0x7fefd110000 end_va = 0x7fefd13efff monitored = 0 entry_point = 0x7fefd111064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1860 start_va = 0x7fefd150000 end_va = 0x7fefd1bcfff monitored = 0 entry_point = 0x7fefd151010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1861 start_va = 0x7fefd1c0000 end_va = 0x7fefd1d3fff monitored = 0 entry_point = 0x7fefd1c4160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1862 start_va = 0x7fefd420000 end_va = 0x7fefd442fff monitored = 0 entry_point = 0x7fefd421198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1863 start_va = 0x7fefd4c0000 end_va = 0x7fefd4cafff monitored = 0 entry_point = 0x7fefd4c1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1864 start_va = 0x7fefd4f0000 end_va = 0x7fefd514fff monitored = 0 entry_point = 0x7fefd4f9658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1865 start_va = 0x7fefd520000 end_va = 0x7fefd52efff monitored = 0 entry_point = 0x7fefd521010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1866 start_va = 0x7fefd530000 end_va = 0x7fefd5c0fff monitored = 0 entry_point = 0x7fefd531440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1867 start_va = 0x7fefd5d0000 end_va = 0x7fefd60cfff monitored = 0 entry_point = 0x7fefd5d18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1868 start_va = 0x7fefd610000 end_va = 0x7fefd623fff monitored = 0 entry_point = 0x7fefd6110e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1869 start_va = 0x7fefd630000 end_va = 0x7fefd63efff monitored = 0 entry_point = 0x7fefd6319b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1870 start_va = 0x7fefd6d0000 end_va = 0x7fefd6defff monitored = 0 entry_point = 0x7fefd6d1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1871 start_va = 0x7fefd6e0000 end_va = 0x7fefd6f9fff monitored = 0 entry_point = 0x7fefd6e1558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1872 start_va = 0x7fefd700000 end_va = 0x7fefd735fff monitored = 0 entry_point = 0x7fefd701474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1873 start_va = 0x7fefd7e0000 end_va = 0x7fefd84bfff monitored = 0 entry_point = 0x7fefd7e2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1874 start_va = 0x7fefd850000 end_va = 0x7fefd9bcfff monitored = 0 entry_point = 0x7fefd8510b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1875 start_va = 0x7fefd9c0000 end_va = 0x7fefd9fafff monitored = 0 entry_point = 0x7fefd9c1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1876 start_va = 0x7fefda00000 end_va = 0x7fefdb2cfff monitored = 0 entry_point = 0x7fefda4ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1877 start_va = 0x7fefdb30000 end_va = 0x7fefdbf8fff monitored = 0 entry_point = 0x7fefdbaa874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1878 start_va = 0x7fefdc00000 end_va = 0x7fefdc0dfff monitored = 0 entry_point = 0x7fefdc01080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1879 start_va = 0x7fefdc10000 end_va = 0x7fefdc17fff monitored = 0 entry_point = 0x7fefdc11504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1880 start_va = 0x7fefdc20000 end_va = 0x7fefdc90fff monitored = 0 entry_point = 0x7fefdc31e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1881 start_va = 0x7fefdca0000 end_va = 0x7fefdd06fff monitored = 0 entry_point = 0x7fefdcab03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1882 start_va = 0x7fefdd10000 end_va = 0x7fefdd5cfff monitored = 0 entry_point = 0x7fefdd11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1883 start_va = 0x7fefdd60000 end_va = 0x7fefdd7efff monitored = 0 entry_point = 0x7fefdd660e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1884 start_va = 0x7fefdd80000 end_va = 0x7fefdf82fff monitored = 0 entry_point = 0x7fefdda3330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1885 start_va = 0x7fefdf90000 end_va = 0x7fefdfe1fff monitored = 0 entry_point = 0x7fefdf910d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1886 start_va = 0x7fefdff0000 end_va = 0x7fefe01dfff monitored = 0 entry_point = 0x7fefdff1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1887 start_va = 0x7fefe020000 end_va = 0x7fefe0fafff monitored = 0 entry_point = 0x7fefe040760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1888 start_va = 0x7fefe280000 end_va = 0x7fefe456fff monitored = 0 entry_point = 0x7fefe281010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1889 start_va = 0x7fefe4e0000 end_va = 0x7fefe5e8fff monitored = 0 entry_point = 0x7fefe4e1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1890 start_va = 0x7fefe850000 end_va = 0x7fefe8e8fff monitored = 0 entry_point = 0x7fefe851c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1891 start_va = 0x7fefe8f0000 end_va = 0x7fefe9c6fff monitored = 0 entry_point = 0x7fefe8f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1892 start_va = 0x7fefea70000 end_va = 0x7feff7f7fff monitored = 0 entry_point = 0x7fefeaecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1893 start_va = 0x7feff930000 end_va = 0x7feff9cefff monitored = 0 entry_point = 0x7feff9325a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1894 start_va = 0x7feffa00000 end_va = 0x7feffa00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1895 start_va = 0x7fffff50000 end_va = 0x7fffff51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 1896 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 1897 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 1898 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1899 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 1900 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 1901 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1902 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1903 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1904 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1905 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1906 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1907 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1908 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1909 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1910 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1911 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1912 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1913 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1914 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1915 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1916 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1917 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1918 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1919 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1920 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1921 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1922 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1923 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1924 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1925 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1926 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1927 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1928 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1929 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2733 start_va = 0x1730000 end_va = 0x17affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 2734 start_va = 0x17b0000 end_va = 0x182ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017b0000" filename = "" Region: id = 2735 start_va = 0x1d90000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 2736 start_va = 0x30b0000 end_va = 0x312ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 2737 start_va = 0x3170000 end_va = 0x31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 2738 start_va = 0x34f0000 end_va = 0x356ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 2739 start_va = 0x35c0000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 2740 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 2741 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 2742 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 2743 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2744 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2745 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2746 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Thread: id = 17 os_tid = 0xf40 Thread: id = 18 os_tid = 0xf0c Thread: id = 19 os_tid = 0xe78 Thread: id = 20 os_tid = 0xe74 Thread: id = 21 os_tid = 0xd08 Thread: id = 22 os_tid = 0xcd4 Thread: id = 23 os_tid = 0x86c Thread: id = 24 os_tid = 0x6ec Thread: id = 25 os_tid = 0x5f8 Thread: id = 26 os_tid = 0x62c Thread: id = 27 os_tid = 0x23c Thread: id = 28 os_tid = 0x238 Thread: id = 29 os_tid = 0x394 Thread: id = 30 os_tid = 0x418 Thread: id = 31 os_tid = 0x2a8 Thread: id = 32 os_tid = 0x7a8 Thread: id = 33 os_tid = 0x768 Thread: id = 34 os_tid = 0x70c Thread: id = 35 os_tid = 0x6e8 Thread: id = 36 os_tid = 0x6c8 Thread: id = 37 os_tid = 0x6ac Thread: id = 38 os_tid = 0x69c Thread: id = 39 os_tid = 0x688 Thread: id = 40 os_tid = 0x44c Thread: id = 41 os_tid = 0x440 Thread: id = 42 os_tid = 0x430 Thread: id = 43 os_tid = 0x428 Thread: id = 44 os_tid = 0x41c Thread: id = 45 os_tid = 0x3f0 Thread: id = 46 os_tid = 0x3e8 Thread: id = 47 os_tid = 0x3dc Thread: id = 48 os_tid = 0x380 Thread: id = 49 os_tid = 0x370 Thread: id = 50 os_tid = 0x368 Thread: id = 68 os_tid = 0xf8c Thread: id = 69 os_tid = 0xf90 Thread: id = 70 os_tid = 0xf94 Thread: id = 71 os_tid = 0xf98 Thread: id = 72 os_tid = 0xf9c Thread: id = 73 os_tid = 0xfa0 Thread: id = 79 os_tid = 0xfb8 Thread: id = 95 os_tid = 0xb38 Thread: id = 96 os_tid = 0xb3c Thread: id = 97 os_tid = 0xb40 Thread: id = 98 os_tid = 0xb44 Thread: id = 99 os_tid = 0xb48 Thread: id = 100 os_tid = 0xb68 Thread: id = 101 os_tid = 0xb60 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4822e000" os_pid = "0xcb0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x248" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004a020" [0xc000000f] Region: id = 1937 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1938 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1939 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1940 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1941 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1942 start_va = 0xc0000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1943 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1944 start_va = 0x190000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1945 start_va = 0x210000 end_va = 0x214fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1946 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1947 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1948 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1949 start_va = 0x250000 end_va = 0x25cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1950 start_va = 0x260000 end_va = 0x261fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1951 start_va = 0x280000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1952 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1953 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1954 start_va = 0x330000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 1955 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1956 start_va = 0x530000 end_va = 0x6b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1957 start_va = 0x6c0000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1958 start_va = 0x850000 end_va = 0xb1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1959 start_va = 0xc00000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 1960 start_va = 0xe00000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1961 start_va = 0xe80000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 1962 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1963 start_va = 0x1030000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1964 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1965 start_va = 0x11c0000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1966 start_va = 0x72cb0000 end_va = 0x72cb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1967 start_va = 0x72cc0000 end_va = 0x72cc2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1968 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1969 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1970 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1971 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1972 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1973 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1974 start_va = 0x13f8a0000 end_va = 0x13f90bfff monitored = 0 entry_point = 0x13f8db450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1975 start_va = 0x7fef03a0000 end_va = 0x7fef0599fff monitored = 0 entry_point = 0x7fef03b4c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1976 start_va = 0x7fef0e00000 end_va = 0x7fef0e07fff monitored = 0 entry_point = 0x7fef0e011a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1977 start_va = 0x7fef0e10000 end_va = 0x7fef0e21fff monitored = 0 entry_point = 0x7fef0e1aab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1978 start_va = 0x7fef0f10000 end_va = 0x7fef0f19fff monitored = 0 entry_point = 0x7fef0f131c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1979 start_va = 0x7fef4da0000 end_va = 0x7fef4db1fff monitored = 0 entry_point = 0x7fef4da89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1980 start_va = 0x7fef4f60000 end_va = 0x7fef4f80fff monitored = 0 entry_point = 0x7fef4f703b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1981 start_va = 0x7fef5000000 end_va = 0x7fef5012fff monitored = 0 entry_point = 0x7fef5001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1982 start_va = 0x7fef52e0000 end_va = 0x7fef52edfff monitored = 0 entry_point = 0x7fef52e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1983 start_va = 0x7fef52f0000 end_va = 0x7fef5316fff monitored = 0 entry_point = 0x7fef52f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1984 start_va = 0x7fef5320000 end_va = 0x7fef53f2fff monitored = 0 entry_point = 0x7fef5398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1985 start_va = 0x7fef55a0000 end_va = 0x7fef5616fff monitored = 0 entry_point = 0x7fef55de7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1986 start_va = 0x7fef8200000 end_va = 0x7fef822bfff monitored = 0 entry_point = 0x7fef8218194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 1987 start_va = 0x7fef8e60000 end_va = 0x7fef8ea2fff monitored = 0 entry_point = 0x7fef8e81b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1988 start_va = 0x7fef9140000 end_va = 0x7fef914efff monitored = 0 entry_point = 0x7fef9141040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1989 start_va = 0x7fefb1e0000 end_va = 0x7fefb1ebfff monitored = 0 entry_point = 0x7fefb1e15d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1990 start_va = 0x7fefb5d0000 end_va = 0x7fefb5fbfff monitored = 0 entry_point = 0x7fefb5d15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1991 start_va = 0x7fefb6b0000 end_va = 0x7fefb6dcfff monitored = 0 entry_point = 0x7fefb6b1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1992 start_va = 0x7fefb830000 end_va = 0x7fefb843fff monitored = 0 entry_point = 0x7fefb8316b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1993 start_va = 0x7fefb850000 end_va = 0x7fefb864fff monitored = 0 entry_point = 0x7fefb851050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1994 start_va = 0x7fefb870000 end_va = 0x7fefb87bfff monitored = 0 entry_point = 0x7fefb8718a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1995 start_va = 0x7fefb880000 end_va = 0x7fefb895fff monitored = 0 entry_point = 0x7fefb8811a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1996 start_va = 0x7fefb9b0000 end_va = 0x7fefb9c0fff monitored = 0 entry_point = 0x7fefb9b1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1997 start_va = 0x7fefcb20000 end_va = 0x7fefcb29fff monitored = 0 entry_point = 0x7fefcb23cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1998 start_va = 0x7fefcc20000 end_va = 0x7fefcc66fff monitored = 0 entry_point = 0x7fefcc21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1999 start_va = 0x7fefccb0000 end_va = 0x7fefcd06fff monitored = 0 entry_point = 0x7fefccb5e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2000 start_va = 0x7fefcd10000 end_va = 0x7fefcd3ffff monitored = 0 entry_point = 0x7fefcd1194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2001 start_va = 0x7fefcf20000 end_va = 0x7fefcf37fff monitored = 0 entry_point = 0x7fefcf23b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2002 start_va = 0x7fefd090000 end_va = 0x7fefd0b1fff monitored = 0 entry_point = 0x7fefd095d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2003 start_va = 0x7fefd420000 end_va = 0x7fefd442fff monitored = 0 entry_point = 0x7fefd421198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2004 start_va = 0x7fefd4c0000 end_va = 0x7fefd4cafff monitored = 0 entry_point = 0x7fefd4c1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2005 start_va = 0x7fefd4f0000 end_va = 0x7fefd514fff monitored = 0 entry_point = 0x7fefd4f9658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2006 start_va = 0x7fefd520000 end_va = 0x7fefd52efff monitored = 0 entry_point = 0x7fefd521010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2007 start_va = 0x7fefd5d0000 end_va = 0x7fefd60cfff monitored = 0 entry_point = 0x7fefd5d18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2008 start_va = 0x7fefd610000 end_va = 0x7fefd623fff monitored = 0 entry_point = 0x7fefd6110e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2009 start_va = 0x7fefd6d0000 end_va = 0x7fefd6defff monitored = 0 entry_point = 0x7fefd6d1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2010 start_va = 0x7fefd6e0000 end_va = 0x7fefd6f9fff monitored = 0 entry_point = 0x7fefd6e1558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2011 start_va = 0x7fefd700000 end_va = 0x7fefd735fff monitored = 0 entry_point = 0x7fefd701474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2012 start_va = 0x7fefd7e0000 end_va = 0x7fefd84bfff monitored = 0 entry_point = 0x7fefd7e2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2013 start_va = 0x7fefd850000 end_va = 0x7fefd9bcfff monitored = 0 entry_point = 0x7fefd8510b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2014 start_va = 0x7fefd9c0000 end_va = 0x7fefd9fafff monitored = 0 entry_point = 0x7fefd9c1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2015 start_va = 0x7fefda00000 end_va = 0x7fefdb2cfff monitored = 0 entry_point = 0x7fefda4ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2016 start_va = 0x7fefdb30000 end_va = 0x7fefdbf8fff monitored = 0 entry_point = 0x7fefdbaa874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2017 start_va = 0x7fefdc00000 end_va = 0x7fefdc0dfff monitored = 0 entry_point = 0x7fefdc01080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2018 start_va = 0x7fefdc10000 end_va = 0x7fefdc17fff monitored = 0 entry_point = 0x7fefdc11504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2019 start_va = 0x7fefdca0000 end_va = 0x7fefdd06fff monitored = 0 entry_point = 0x7fefdcab03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2020 start_va = 0x7fefdd10000 end_va = 0x7fefdd5cfff monitored = 0 entry_point = 0x7fefdd11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2021 start_va = 0x7fefdd60000 end_va = 0x7fefdd7efff monitored = 0 entry_point = 0x7fefdd660e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2022 start_va = 0x7fefdd80000 end_va = 0x7fefdf82fff monitored = 0 entry_point = 0x7fefdda3330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2023 start_va = 0x7fefdf90000 end_va = 0x7fefdfe1fff monitored = 0 entry_point = 0x7fefdf910d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2024 start_va = 0x7fefdff0000 end_va = 0x7fefe01dfff monitored = 0 entry_point = 0x7fefdff1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2025 start_va = 0x7fefe020000 end_va = 0x7fefe0fafff monitored = 0 entry_point = 0x7fefe040760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2026 start_va = 0x7fefe280000 end_va = 0x7fefe456fff monitored = 0 entry_point = 0x7fefe281010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2027 start_va = 0x7fefe4e0000 end_va = 0x7fefe5e8fff monitored = 0 entry_point = 0x7fefe4e1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2028 start_va = 0x7fefe850000 end_va = 0x7fefe8e8fff monitored = 0 entry_point = 0x7fefe851c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2029 start_va = 0x7fefe8f0000 end_va = 0x7fefe9c6fff monitored = 0 entry_point = 0x7fefe8f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2030 start_va = 0x7feff930000 end_va = 0x7feff9cefff monitored = 0 entry_point = 0x7feff9325a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2031 start_va = 0x7feffa00000 end_va = 0x7feffa00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2032 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2033 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2034 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2035 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2036 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2037 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2038 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2039 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 2040 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2041 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 2070 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2071 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2072 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2073 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2074 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2075 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2076 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2077 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2078 start_va = 0xb20000 end_va = 0xb40fff monitored = 0 entry_point = 0xb3a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2079 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2080 start_va = 0xb20000 end_va = 0xb40fff monitored = 0 entry_point = 0xb3a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2081 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2082 start_va = 0xb20000 end_va = 0xb40fff monitored = 0 entry_point = 0xb3a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2083 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2084 start_va = 0xb20000 end_va = 0xb40fff monitored = 0 entry_point = 0xb3a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2085 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2086 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2087 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2088 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2089 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2090 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2091 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2092 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2093 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2094 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2095 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2096 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2097 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2098 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2099 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2100 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2101 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2102 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2103 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2104 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2105 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2106 start_va = 0xb20000 end_va = 0xbfbfff monitored = 0 entry_point = 0xb95ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2107 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2108 start_va = 0xb20000 end_va = 0xbfbfff monitored = 0 entry_point = 0xb95ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2109 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2110 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2111 start_va = 0xb20000 end_va = 0xb48fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2112 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2113 start_va = 0xb20000 end_va = 0xb48fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2114 start_va = 0xb20000 end_va = 0xbc8fff monitored = 0 entry_point = 0xb318d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2115 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2116 start_va = 0xb20000 end_va = 0xbc8fff monitored = 0 entry_point = 0xb318d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2117 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2118 start_va = 0xb20000 end_va = 0xbc8fff monitored = 0 entry_point = 0xb318d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2119 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2120 start_va = 0xb20000 end_va = 0xbc8fff monitored = 0 entry_point = 0xb318d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2121 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2122 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2123 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2124 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2125 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2126 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2127 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2128 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2129 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2130 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2131 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2132 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2133 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2134 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2135 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2136 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2137 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2138 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2139 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2140 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2141 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2142 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2143 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2144 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2145 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2146 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2147 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2148 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2149 start_va = 0xb70000 end_va = 0xb82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2150 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2151 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2152 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2153 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2154 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2155 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2156 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2157 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2158 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2159 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2160 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2161 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2162 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2163 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2164 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2165 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2166 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2167 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2168 start_va = 0xb20000 end_va = 0xbaafff monitored = 0 entry_point = 0xb951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2169 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2170 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2171 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2172 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2173 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2174 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2175 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2176 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2177 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2178 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2179 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2180 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2181 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2182 start_va = 0xb20000 end_va = 0xb47fff monitored = 0 entry_point = 0xb21860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2183 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2184 start_va = 0xb20000 end_va = 0xb47fff monitored = 0 entry_point = 0xb21860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2185 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2186 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2187 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2188 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2189 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2190 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2191 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2192 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2193 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2194 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2195 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2196 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2197 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2198 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2199 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2200 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2201 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2202 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2203 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2204 start_va = 0xb20000 end_va = 0xbc9fff monitored = 0 entry_point = 0xb34100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2205 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2206 start_va = 0xb20000 end_va = 0xbc9fff monitored = 0 entry_point = 0xb34100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2207 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2208 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2209 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2210 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2211 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2212 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2213 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2214 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2215 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2216 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2217 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2218 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2219 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2220 start_va = 0xb20000 end_va = 0xb71fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui") Region: id = 2221 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2222 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2223 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2224 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2225 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2226 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2227 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2228 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2229 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2230 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2231 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2232 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2233 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2234 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2235 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2236 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2237 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2238 start_va = 0xb80000 end_va = 0xbd3fff monitored = 0 entry_point = 0xb93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2239 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2240 start_va = 0xb80000 end_va = 0xbd3fff monitored = 0 entry_point = 0xb93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2241 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2242 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2243 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2244 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2245 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2246 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2247 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2248 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2249 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2250 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2251 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2252 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2253 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2254 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2255 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2256 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2257 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2258 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2259 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2260 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2261 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2262 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2263 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2264 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2265 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2266 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2267 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2268 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xbc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2269 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2270 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xbc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2271 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2272 start_va = 0xc80000 end_va = 0xd5bfff monitored = 0 entry_point = 0xcf5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2273 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2274 start_va = 0xc80000 end_va = 0xd5bfff monitored = 0 entry_point = 0xcf5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2275 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2276 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2277 start_va = 0xb80000 end_va = 0xba8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2278 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2279 start_va = 0xb80000 end_va = 0xba8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2280 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2281 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2282 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2283 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2284 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2285 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2286 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2287 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2288 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2289 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2290 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2291 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2292 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2293 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2294 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2295 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2296 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2297 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2298 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2299 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2300 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2301 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2302 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2303 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2304 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2305 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2306 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2307 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2308 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2309 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2310 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2311 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2312 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2313 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2314 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2315 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2316 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2317 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2318 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2319 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2320 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2321 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2322 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2323 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2324 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2325 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2326 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2327 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2328 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2329 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2330 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2331 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2332 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2333 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2334 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2335 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2336 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2337 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2338 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2339 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2340 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2341 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2342 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2343 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2344 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2345 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2346 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2347 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2348 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2349 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2350 start_va = 0xb80000 end_va = 0xba7fff monitored = 0 entry_point = 0xb81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2351 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2352 start_va = 0xb80000 end_va = 0xba7fff monitored = 0 entry_point = 0xb81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2353 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2354 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2355 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2356 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2357 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2358 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2359 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2360 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2361 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2362 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2363 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2364 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2365 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2366 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2367 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2368 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2369 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2370 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2371 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2372 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2373 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2374 start_va = 0xc80000 end_va = 0xd29fff monitored = 0 entry_point = 0xc94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2375 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2376 start_va = 0xc80000 end_va = 0xd29fff monitored = 0 entry_point = 0xc94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2377 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2378 start_va = 0xb80000 end_va = 0xbc7fff monitored = 0 entry_point = 0xbbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2379 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2380 start_va = 0xb80000 end_va = 0xbc7fff monitored = 0 entry_point = 0xbbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2381 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2382 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2383 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2384 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2385 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2386 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2387 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2388 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2389 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2390 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2391 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2392 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2393 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2394 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2395 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2396 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2397 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2398 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2399 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2400 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2401 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2402 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2403 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2404 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2405 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2406 start_va = 0xb80000 end_va = 0xbd3fff monitored = 0 entry_point = 0xb93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2407 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2408 start_va = 0xb80000 end_va = 0xbd3fff monitored = 0 entry_point = 0xb93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2409 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2410 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2411 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2412 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2413 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2414 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2415 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2416 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2417 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2418 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2419 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2420 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2421 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2422 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2423 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2424 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2425 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2426 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2427 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2428 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2429 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2430 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2431 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2432 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2433 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2434 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xbc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2435 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2436 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xbc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2437 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2438 start_va = 0xc80000 end_va = 0xd5bfff monitored = 0 entry_point = 0xcf5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2439 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2440 start_va = 0xc80000 end_va = 0xd5bfff monitored = 0 entry_point = 0xcf5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2441 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2442 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2443 start_va = 0xb80000 end_va = 0xba8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2444 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2445 start_va = 0xb80000 end_va = 0xba8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2446 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2447 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2448 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2449 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2450 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2451 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2452 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2453 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2454 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2455 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2456 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2457 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2458 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2459 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2460 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2461 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2462 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2463 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2464 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2465 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2466 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2467 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2468 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2469 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2470 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2471 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2472 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2473 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2474 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2475 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2476 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2477 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2478 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2479 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2480 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2481 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2482 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2483 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2484 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2485 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2486 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2487 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2488 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2489 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2490 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2491 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2492 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2493 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2494 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2495 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2496 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2497 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2498 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2499 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2500 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2501 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2502 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2503 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2504 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2505 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2506 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2507 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2508 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2509 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2510 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2511 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2512 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2513 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2514 start_va = 0xb80000 end_va = 0xba7fff monitored = 0 entry_point = 0xb81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2515 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2516 start_va = 0xb80000 end_va = 0xba7fff monitored = 0 entry_point = 0xb81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2517 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2518 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2519 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2520 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2521 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2522 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2523 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2524 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2525 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2526 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2527 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2528 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2529 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2530 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2531 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2532 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2533 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2534 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2535 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2536 start_va = 0xc80000 end_va = 0xd29fff monitored = 0 entry_point = 0xc94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2537 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2538 start_va = 0xc80000 end_va = 0xd29fff monitored = 0 entry_point = 0xc94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2539 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2540 start_va = 0xb80000 end_va = 0xbc7fff monitored = 0 entry_point = 0xbbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2541 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2542 start_va = 0xb80000 end_va = 0xbc7fff monitored = 0 entry_point = 0xbbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2543 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2544 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2545 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2546 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2547 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2548 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2549 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2550 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2551 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2552 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2553 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2554 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2555 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2556 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2557 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2558 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2559 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2560 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2561 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2562 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2563 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2564 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2565 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2566 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2567 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2568 start_va = 0xb80000 end_va = 0xbd3fff monitored = 0 entry_point = 0xb93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2569 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2570 start_va = 0xb80000 end_va = 0xbd3fff monitored = 0 entry_point = 0xb93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2571 start_va = 0x270000 end_va = 0x271fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2572 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2573 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2574 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2575 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2576 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2577 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2578 start_va = 0xb80000 end_va = 0xba0fff monitored = 0 entry_point = 0xb9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2579 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2580 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2581 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2582 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2583 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2584 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2585 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2586 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2587 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2588 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2589 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2590 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2591 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2592 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2593 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2594 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2595 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2596 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xbc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2597 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2598 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xbc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2599 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2600 start_va = 0xc80000 end_va = 0xd5bfff monitored = 0 entry_point = 0xcf5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2601 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2602 start_va = 0xc80000 end_va = 0xd5bfff monitored = 0 entry_point = 0xcf5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2603 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2604 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2605 start_va = 0xb80000 end_va = 0xba8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2606 start_va = 0xc80000 end_va = 0xd61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2607 start_va = 0xb80000 end_va = 0xba8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2608 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2609 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2610 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2611 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2612 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2613 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2614 start_va = 0xc80000 end_va = 0xd28fff monitored = 0 entry_point = 0xc918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2615 start_va = 0x270000 end_va = 0x274fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2616 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2617 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2618 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2619 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2620 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2621 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2622 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2623 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2624 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2625 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2626 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2627 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2628 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2629 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2630 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2631 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2632 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2633 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2634 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2635 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2636 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2637 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2638 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2639 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2640 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2641 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2642 start_va = 0xb80000 end_va = 0xbcffff monitored = 0 entry_point = 0xb82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2643 start_va = 0xbd0000 end_va = 0xbe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2644 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2645 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2646 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2647 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2648 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2649 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2650 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2651 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2652 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2653 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2654 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2655 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2656 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2657 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2658 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2659 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2660 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2661 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2662 start_va = 0xc80000 end_va = 0xd0afff monitored = 0 entry_point = 0xcf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2663 start_va = 0x270000 end_va = 0x279fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2664 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2665 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2666 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2667 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2668 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2669 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2670 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2671 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2672 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2673 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2674 start_va = 0xb80000 end_va = 0xb99fff monitored = 1 entry_point = 0xb81380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2675 start_va = 0x270000 end_va = 0x27bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2676 start_va = 0xb80000 end_va = 0xba7fff monitored = 0 entry_point = 0xb81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2677 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2678 start_va = 0xb80000 end_va = 0xba7fff monitored = 0 entry_point = 0xb81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2679 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2680 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2681 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2682 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2683 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2684 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2685 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2686 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2687 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2688 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2689 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2690 start_va = 0x270000 end_va = 0x27afff monitored = 0 entry_point = 0x2711a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2691 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2692 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2693 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2694 start_va = 0x270000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2695 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2696 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2697 start_va = 0x1240000 end_va = 0x2034fff monitored = 0 entry_point = 0x1323268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2698 start_va = 0xc80000 end_va = 0xd29fff monitored = 0 entry_point = 0xc94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2699 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2700 start_va = 0xc80000 end_va = 0xd29fff monitored = 0 entry_point = 0xc94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2701 start_va = 0x270000 end_va = 0x273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2702 start_va = 0xb80000 end_va = 0xbc7fff monitored = 0 entry_point = 0xbbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2703 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2704 start_va = 0xb80000 end_va = 0xbc7fff monitored = 0 entry_point = 0xbbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2705 start_va = 0x270000 end_va = 0x272fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2706 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2707 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2708 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2709 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2710 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2711 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2712 start_va = 0xc80000 end_va = 0xd68fff monitored = 0 entry_point = 0xd5906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2713 start_va = 0x270000 end_va = 0x278fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2714 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2715 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2716 start_va = 0xc80000 end_va = 0xdccfff monitored = 0 entry_point = 0xd82a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2717 start_va = 0x270000 end_va = 0x275fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2718 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2719 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2720 start_va = 0x270000 end_va = 0x27efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2721 start_va = 0xb80000 end_va = 0xbd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2722 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2723 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2724 start_va = 0x270000 end_va = 0x27ffff monitored = 0 entry_point = 0x27a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2725 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2726 start_va = 0x7fef80a0000 end_va = 0x7fef80aafff monitored = 0 entry_point = 0x7fef80a46ec region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 2727 start_va = 0xc80000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 2728 start_va = 0x1240000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 2729 start_va = 0x1340000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 2748 start_va = 0x270000 end_va = 0x272fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 2749 start_va = 0x7fefb120000 end_va = 0x7fefb146fff monitored = 0 entry_point = 0x7fefb1298bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2750 start_va = 0x7fefb110000 end_va = 0x7fefb11afff monitored = 0 entry_point = 0x7fefb111198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2751 start_va = 0x7fefae90000 end_va = 0x7fefaea0fff monitored = 0 entry_point = 0x7fefae916ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2752 start_va = 0x7fefae70000 end_va = 0x7fefae87fff monitored = 0 entry_point = 0x7fefae71bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2754 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2755 start_va = 0xb80000 end_va = 0xb86fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2756 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2757 start_va = 0xb80000 end_va = 0xb86fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2758 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2759 start_va = 0xb80000 end_va = 0xb86fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2760 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2761 start_va = 0xb80000 end_va = 0xb86fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2762 start_va = 0x7fefcd40000 end_va = 0x7fefcd9afff monitored = 0 entry_point = 0x7fefcd46940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2763 start_va = 0x1440000 end_va = 0x163ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Thread: id = 51 os_tid = 0xcd8 Thread: id = 52 os_tid = 0xcd0 Thread: id = 53 os_tid = 0xccc Thread: id = 54 os_tid = 0xcc8 Thread: id = 55 os_tid = 0xcc4 Thread: id = 56 os_tid = 0xcc0 Thread: id = 57 os_tid = 0xcbc Thread: id = 58 os_tid = 0xcb8 Thread: id = 59 os_tid = 0xcb4 Thread: id = 74 os_tid = 0xfa4 Thread: id = 90 os_tid = 0xb8c Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5b822000" os_pid = "0x6b4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x248" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d1f9" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2775 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2776 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2777 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2778 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2779 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2780 start_va = 0x60000 end_va = 0x64fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2781 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2782 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2783 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 2784 start_va = 0xb0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2785 start_va = 0x130000 end_va = 0x196fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2786 start_va = 0x1c0000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2787 start_va = 0x250000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2788 start_va = 0x350000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 2789 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2790 start_va = 0x450000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2791 start_va = 0x550000 end_va = 0x6d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2792 start_va = 0x6e0000 end_va = 0x860fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 2793 start_va = 0x870000 end_va = 0xb3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2794 start_va = 0xb40000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 2795 start_va = 0xc00000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2796 start_va = 0xc80000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 2797 start_va = 0xe90000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 2798 start_va = 0xf40000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 2799 start_va = 0x1000000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 2800 start_va = 0x1150000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 2801 start_va = 0x1220000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 2802 start_va = 0x1340000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 2803 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2804 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2805 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2806 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2807 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2808 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2809 start_va = 0x13f8a0000 end_va = 0x13f90bfff monitored = 0 entry_point = 0x13f8db450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2810 start_va = 0x7fef0320000 end_va = 0x7fef036dfff monitored = 0 entry_point = 0x7fef0321198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 2811 start_va = 0x7fef0370000 end_va = 0x7fef0394fff monitored = 0 entry_point = 0x7fef0388d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 2812 start_va = 0x7fef4da0000 end_va = 0x7fef4db1fff monitored = 0 entry_point = 0x7fef4da89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2813 start_va = 0x7fef4f60000 end_va = 0x7fef4f80fff monitored = 0 entry_point = 0x7fef4f703b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2814 start_va = 0x7fef5000000 end_va = 0x7fef5012fff monitored = 0 entry_point = 0x7fef5001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2815 start_va = 0x7fef52e0000 end_va = 0x7fef52edfff monitored = 0 entry_point = 0x7fef52e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2816 start_va = 0x7fef52f0000 end_va = 0x7fef5316fff monitored = 0 entry_point = 0x7fef52f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2817 start_va = 0x7fef5320000 end_va = 0x7fef53f2fff monitored = 0 entry_point = 0x7fef5398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2818 start_va = 0x7fef55a0000 end_va = 0x7fef5616fff monitored = 0 entry_point = 0x7fef55de7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2819 start_va = 0x7fef8130000 end_va = 0x7fef81b5fff monitored = 0 entry_point = 0x7fef813ffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2820 start_va = 0x7fef81c0000 end_va = 0x7fef81fbfff monitored = 0 entry_point = 0x7fef81e5aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 2821 start_va = 0x7fefb6b0000 end_va = 0x7fefb6dcfff monitored = 0 entry_point = 0x7fefb6b1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2822 start_va = 0x7fefcc20000 end_va = 0x7fefcc66fff monitored = 0 entry_point = 0x7fefcc21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2823 start_va = 0x7fefcf20000 end_va = 0x7fefcf37fff monitored = 0 entry_point = 0x7fefcf23b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2824 start_va = 0x7fefd090000 end_va = 0x7fefd0b1fff monitored = 0 entry_point = 0x7fefd095d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2825 start_va = 0x7fefd150000 end_va = 0x7fefd1bcfff monitored = 0 entry_point = 0x7fefd151010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2826 start_va = 0x7fefd520000 end_va = 0x7fefd52efff monitored = 0 entry_point = 0x7fefd521010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2827 start_va = 0x7fefd610000 end_va = 0x7fefd623fff monitored = 0 entry_point = 0x7fefd6110e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2828 start_va = 0x7fefd7e0000 end_va = 0x7fefd84bfff monitored = 0 entry_point = 0x7fefd7e2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2829 start_va = 0x7fefda00000 end_va = 0x7fefdb2cfff monitored = 0 entry_point = 0x7fefda4ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2830 start_va = 0x7fefdb30000 end_va = 0x7fefdbf8fff monitored = 0 entry_point = 0x7fefdbaa874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2831 start_va = 0x7fefdc00000 end_va = 0x7fefdc0dfff monitored = 0 entry_point = 0x7fefdc01080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2832 start_va = 0x7fefdc10000 end_va = 0x7fefdc17fff monitored = 0 entry_point = 0x7fefdc11504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2833 start_va = 0x7fefdca0000 end_va = 0x7fefdd06fff monitored = 0 entry_point = 0x7fefdcab03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2834 start_va = 0x7fefdd10000 end_va = 0x7fefdd5cfff monitored = 0 entry_point = 0x7fefdd11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2835 start_va = 0x7fefdd60000 end_va = 0x7fefdd7efff monitored = 0 entry_point = 0x7fefdd660e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2836 start_va = 0x7fefdd80000 end_va = 0x7fefdf82fff monitored = 0 entry_point = 0x7fefdda3330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2837 start_va = 0x7fefdf90000 end_va = 0x7fefdfe1fff monitored = 0 entry_point = 0x7fefdf910d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2838 start_va = 0x7fefdff0000 end_va = 0x7fefe01dfff monitored = 0 entry_point = 0x7fefdff1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2839 start_va = 0x7fefe020000 end_va = 0x7fefe0fafff monitored = 0 entry_point = 0x7fefe040760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2840 start_va = 0x7fefe4e0000 end_va = 0x7fefe5e8fff monitored = 0 entry_point = 0x7fefe4e1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2841 start_va = 0x7fefe850000 end_va = 0x7fefe8e8fff monitored = 0 entry_point = 0x7fefe851c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2842 start_va = 0x7fefe8f0000 end_va = 0x7fefe9c6fff monitored = 0 entry_point = 0x7fefe8f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2843 start_va = 0x7feff930000 end_va = 0x7feff9cefff monitored = 0 entry_point = 0x7feff9325a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2844 start_va = 0x7feffa00000 end_va = 0x7feffa00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2845 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2846 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2847 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2848 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2849 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2850 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2851 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2852 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 2853 start_va = 0x7fffffdd000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2854 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 60 os_tid = 0xf50 Thread: id = 61 os_tid = 0x118 Thread: id = 62 os_tid = 0x420 Thread: id = 63 os_tid = 0x224 Thread: id = 64 os_tid = 0x390 Thread: id = 65 os_tid = 0x524 Thread: id = 66 os_tid = 0x520 Thread: id = 67 os_tid = 0x32c