# Flog Txt Version 1 # Analyzer Version: 4.4.0 # Analyzer Build Date: Dec 8 2021 20:04:45 # Log Creation Date: 28.12.2021 19:28:00.422 Process: id = "1" image_name = "772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe" filename = "c:\\users\\keecfmwgj\\desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe" page_root = "0x485fd000" os_pid = "0xda8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x390" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 112 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 113 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 114 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 115 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 116 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 117 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 118 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 119 start_va = 0x400000 end_va = 0x952fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe") Region: id = 120 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 121 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 122 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 123 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 124 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 125 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 126 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 127 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 128 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 268 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 269 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 270 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 271 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 272 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 273 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 274 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 275 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 276 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 277 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 278 start_va = 0x290000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 279 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 280 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 281 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 282 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 283 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 284 start_va = 0x960000 end_va = 0x9c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 285 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 286 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 287 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 288 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 289 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 290 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 291 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 292 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 293 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 294 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 295 start_va = 0x757f0000 end_va = 0x7587efff monitored = 0 entry_point = 0x757f3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 296 start_va = 0x76e80000 end_va = 0x76fdbfff monitored = 0 entry_point = 0x76ecba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 297 start_va = 0x9d0000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 298 start_va = 0xa50000 end_va = 0xbd7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 299 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 300 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 301 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 302 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 303 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 304 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 305 start_va = 0xbe0000 end_va = 0xd60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 306 start_va = 0xd70000 end_va = 0x216ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d70000" filename = "" Region: id = 307 start_va = 0x1b0000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 308 start_va = 0x290000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 309 start_va = 0x2f0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 310 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 311 start_va = 0x1b0000 end_va = 0x1f4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 312 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 313 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 314 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 315 start_va = 0x74520000 end_va = 0x74528fff monitored = 0 entry_point = 0x74521220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 316 start_va = 0x75400000 end_va = 0x75406fff monitored = 0 entry_point = 0x75401120 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 317 start_va = 0x75610000 end_va = 0x75644fff monitored = 0 entry_point = 0x7561145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 318 start_va = 0x76c10000 end_va = 0x76c15fff monitored = 0 entry_point = 0x76c11782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 319 start_va = 0x9d0000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 320 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 321 start_va = 0x2170000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 322 start_va = 0x743f0000 end_va = 0x7446ffff monitored = 0 entry_point = 0x744037c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 323 start_va = 0x2270000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 324 start_va = 0x2270000 end_va = 0x234efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 325 start_va = 0x2450000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 326 start_va = 0x2490000 end_va = 0x275efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 327 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 328 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 329 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 330 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 331 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 332 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 333 start_va = 0x3f0000 end_va = 0x3f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 334 start_va = 0x9d0000 end_va = 0x9d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 335 start_va = 0xa00000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 336 start_va = 0x9e0000 end_va = 0x9e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 337 start_va = 0x9f0000 end_va = 0x9f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 338 start_va = 0x2350000 end_va = 0x2350fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 339 start_va = 0x2360000 end_va = 0x2360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 340 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 341 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 342 start_va = 0x2390000 end_va = 0x2390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 343 start_va = 0x23a0000 end_va = 0x23a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 344 start_va = 0x23b0000 end_va = 0x23b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 345 start_va = 0x23c0000 end_va = 0x23c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 346 start_va = 0x23d0000 end_va = 0x23d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 347 start_va = 0x23e0000 end_va = 0x23e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 348 start_va = 0x23f0000 end_va = 0x23f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 349 start_va = 0x2400000 end_va = 0x2400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 350 start_va = 0x2410000 end_va = 0x2410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 351 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 352 start_va = 0x2430000 end_va = 0x2430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 353 start_va = 0x2440000 end_va = 0x2440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 354 start_va = 0x2760000 end_va = 0x2760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 355 start_va = 0x2770000 end_va = 0x2770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 356 start_va = 0x2780000 end_va = 0x2780fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 357 start_va = 0x2790000 end_va = 0x2790fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 358 start_va = 0x27a0000 end_va = 0x27a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 359 start_va = 0x27b0000 end_va = 0x27b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 360 start_va = 0x27c0000 end_va = 0x27c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 361 start_va = 0x27d0000 end_va = 0x27d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 362 start_va = 0x27e0000 end_va = 0x27e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 363 start_va = 0x27f0000 end_va = 0x27f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 364 start_va = 0x2800000 end_va = 0x2800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 365 start_va = 0x2810000 end_va = 0x2810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 366 start_va = 0x2820000 end_va = 0x2820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 367 start_va = 0x2830000 end_va = 0x2830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 368 start_va = 0x2840000 end_va = 0x2840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 369 start_va = 0x2850000 end_va = 0x2850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 370 start_va = 0x2860000 end_va = 0x2860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 371 start_va = 0x2870000 end_va = 0x2870fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 372 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 373 start_va = 0x2890000 end_va = 0x2890fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 374 start_va = 0x28a0000 end_va = 0x28a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 375 start_va = 0x28b0000 end_va = 0x28b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 376 start_va = 0x28c0000 end_va = 0x28c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 377 start_va = 0x28d0000 end_va = 0x28d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 378 start_va = 0x28e0000 end_va = 0x28e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 379 start_va = 0x28f0000 end_va = 0x28f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 380 start_va = 0x2900000 end_va = 0x2900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 381 start_va = 0x2910000 end_va = 0x2910fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 382 start_va = 0x2920000 end_va = 0x2920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 383 start_va = 0x2930000 end_va = 0x2930fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 384 start_va = 0x2940000 end_va = 0x2940fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 385 start_va = 0x2950000 end_va = 0x2950fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 386 start_va = 0x2960000 end_va = 0x2960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 387 start_va = 0x2970000 end_va = 0x2970fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 388 start_va = 0x2980000 end_va = 0x2980fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 389 start_va = 0x2990000 end_va = 0x2990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 390 start_va = 0x29a0000 end_va = 0x29a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 391 start_va = 0x29b0000 end_va = 0x29b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 392 start_va = 0x29c0000 end_va = 0x29c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 393 start_va = 0x29d0000 end_va = 0x29d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 394 start_va = 0x29e0000 end_va = 0x29e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 395 start_va = 0x29f0000 end_va = 0x29f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 396 start_va = 0x2a00000 end_va = 0x2a00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 397 start_va = 0x2a10000 end_va = 0x2a10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 398 start_va = 0x2a20000 end_va = 0x2a20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a20000" filename = "" Region: id = 399 start_va = 0x2a30000 end_va = 0x2a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a30000" filename = "" Region: id = 400 start_va = 0x2a40000 end_va = 0x2a40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 401 start_va = 0x2a50000 end_va = 0x2a50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 402 start_va = 0x2a60000 end_va = 0x2a60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 403 start_va = 0x2a70000 end_va = 0x2a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 404 start_va = 0x2a80000 end_va = 0x2a80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 405 start_va = 0x2a90000 end_va = 0x2a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 406 start_va = 0x2aa0000 end_va = 0x2aa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 407 start_va = 0x2ab0000 end_va = 0x2ab0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ab0000" filename = "" Region: id = 408 start_va = 0x2ac0000 end_va = 0x2ac0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 409 start_va = 0x2ad0000 end_va = 0x2ad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 410 start_va = 0x2ae0000 end_va = 0x2ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 411 start_va = 0x2af0000 end_va = 0x2af0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 412 start_va = 0x2b00000 end_va = 0x2b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 413 start_va = 0x2b10000 end_va = 0x2b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 414 start_va = 0x2b20000 end_va = 0x2b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 415 start_va = 0x2b30000 end_va = 0x2b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 416 start_va = 0x2b40000 end_va = 0x2b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 417 start_va = 0x2b50000 end_va = 0x2b50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 418 start_va = 0x2b60000 end_va = 0x2b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 419 start_va = 0x2b70000 end_va = 0x2b70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 420 start_va = 0x2b80000 end_va = 0x2b80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 421 start_va = 0x2b90000 end_va = 0x2b90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b90000" filename = "" Region: id = 422 start_va = 0x2ba0000 end_va = 0x2ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 423 start_va = 0x2bb0000 end_va = 0x2bb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 424 start_va = 0x2bc0000 end_va = 0x2bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 425 start_va = 0x2bd0000 end_va = 0x2bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 426 start_va = 0x2be0000 end_va = 0x2be0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 427 start_va = 0x2bf0000 end_va = 0x2bf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 428 start_va = 0x2c00000 end_va = 0x2c00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 429 start_va = 0x2c10000 end_va = 0x2c10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c10000" filename = "" Region: id = 430 start_va = 0x2c20000 end_va = 0x2c20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 431 start_va = 0x2c30000 end_va = 0x2c30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c30000" filename = "" Region: id = 432 start_va = 0x2c40000 end_va = 0x2c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 433 start_va = 0x2c50000 end_va = 0x2c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 434 start_va = 0x2c60000 end_va = 0x2c60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 435 start_va = 0x2c70000 end_va = 0x2c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 436 start_va = 0x2c80000 end_va = 0x2c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 437 start_va = 0x2c90000 end_va = 0x2c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c90000" filename = "" Region: id = 438 start_va = 0x2ca0000 end_va = 0x2ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 439 start_va = 0x2cb0000 end_va = 0x2cb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 440 start_va = 0x2cc0000 end_va = 0x2cc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 441 start_va = 0x2cd0000 end_va = 0x2cd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cd0000" filename = "" Region: id = 442 start_va = 0x2ce0000 end_va = 0x2ce0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 443 start_va = 0x2cf0000 end_va = 0x2cf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cf0000" filename = "" Region: id = 444 start_va = 0x2d00000 end_va = 0x2d00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 445 start_va = 0x2d10000 end_va = 0x2d10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d10000" filename = "" Region: id = 446 start_va = 0x2d20000 end_va = 0x2d20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d20000" filename = "" Region: id = 447 start_va = 0x2d30000 end_va = 0x2d30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 448 start_va = 0x2d40000 end_va = 0x2d40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 449 start_va = 0x2d50000 end_va = 0x2d50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 450 start_va = 0x2d60000 end_va = 0x2d60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 451 start_va = 0x2d70000 end_va = 0x2d70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 452 start_va = 0x2d80000 end_va = 0x2d80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 453 start_va = 0x2d90000 end_va = 0x2d90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 454 start_va = 0x2da0000 end_va = 0x2da0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 455 start_va = 0x2db0000 end_va = 0x2db0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 456 start_va = 0x2dc0000 end_va = 0x2dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dc0000" filename = "" Region: id = 457 start_va = 0x2dd0000 end_va = 0x2dd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 458 start_va = 0x2de0000 end_va = 0x2de0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002de0000" filename = "" Region: id = 459 start_va = 0x2df0000 end_va = 0x2df0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002df0000" filename = "" Region: id = 460 start_va = 0x2e00000 end_va = 0x2e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 461 start_va = 0x2e10000 end_va = 0x2e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 462 start_va = 0x2e20000 end_va = 0x2e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 463 start_va = 0x2e30000 end_va = 0x2e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e30000" filename = "" Region: id = 464 start_va = 0x2e40000 end_va = 0x2e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 465 start_va = 0x2e50000 end_va = 0x2e50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e50000" filename = "" Region: id = 466 start_va = 0x2e60000 end_va = 0x2e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 467 start_va = 0x2e70000 end_va = 0x2e70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 468 start_va = 0x2e80000 end_va = 0x2e80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 469 start_va = 0x2e90000 end_va = 0x2e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 470 start_va = 0x2ea0000 end_va = 0x2ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 471 start_va = 0x2eb0000 end_va = 0x2eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 472 start_va = 0x2ec0000 end_va = 0x2ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 473 start_va = 0x2ed0000 end_va = 0x2ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ed0000" filename = "" Region: id = 474 start_va = 0x2ee0000 end_va = 0x2ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 475 start_va = 0x2ef0000 end_va = 0x2ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 476 start_va = 0x2f00000 end_va = 0x2f00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 477 start_va = 0x2f10000 end_va = 0x2f10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Region: id = 478 start_va = 0x2f20000 end_va = 0x2f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 479 start_va = 0x2f30000 end_va = 0x2f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 480 start_va = 0x2f40000 end_va = 0x2f40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 481 start_va = 0x2f50000 end_va = 0x2f50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f50000" filename = "" Region: id = 482 start_va = 0x2f60000 end_va = 0x2f60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 483 start_va = 0x2f70000 end_va = 0x2f70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f70000" filename = "" Region: id = 484 start_va = 0x2f80000 end_va = 0x2f80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f80000" filename = "" Region: id = 485 start_va = 0x2f90000 end_va = 0x2f90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f90000" filename = "" Region: id = 486 start_va = 0x2fa0000 end_va = 0x2fa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 487 start_va = 0x2fb0000 end_va = 0x2fb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 488 start_va = 0x2fc0000 end_va = 0x2fc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 489 start_va = 0x2fd0000 end_va = 0x2fd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fd0000" filename = "" Region: id = 490 start_va = 0x2fe0000 end_va = 0x2fe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 491 start_va = 0x2ff0000 end_va = 0x2ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 492 start_va = 0x3000000 end_va = 0x3000fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 493 start_va = 0x3010000 end_va = 0x3010fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 494 start_va = 0x3020000 end_va = 0x3020fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 495 start_va = 0x3030000 end_va = 0x3030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 496 start_va = 0x3040000 end_va = 0x3040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 497 start_va = 0x3050000 end_va = 0x3050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 498 start_va = 0x3060000 end_va = 0x3060fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 499 start_va = 0x3070000 end_va = 0x3070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 500 start_va = 0x3080000 end_va = 0x3080fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003080000" filename = "" Region: id = 501 start_va = 0x3090000 end_va = 0x3090fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 502 start_va = 0x30a0000 end_va = 0x30a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 503 start_va = 0x30b0000 end_va = 0x30b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 504 start_va = 0x30c0000 end_va = 0x30c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030c0000" filename = "" Region: id = 505 start_va = 0x30d0000 end_va = 0x30d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030d0000" filename = "" Region: id = 506 start_va = 0x30e0000 end_va = 0x30e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 507 start_va = 0x30f0000 end_va = 0x30f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 508 start_va = 0x3100000 end_va = 0x3100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 509 start_va = 0x3110000 end_va = 0x3110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 510 start_va = 0x3120000 end_va = 0x3120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 511 start_va = 0x3130000 end_va = 0x3130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 512 start_va = 0x3140000 end_va = 0x3140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 513 start_va = 0x3150000 end_va = 0x3150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 514 start_va = 0x3160000 end_va = 0x3160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 515 start_va = 0x3170000 end_va = 0x3170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 516 start_va = 0x3180000 end_va = 0x3180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 517 start_va = 0x3190000 end_va = 0x3190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 518 start_va = 0x31a0000 end_va = 0x31a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 519 start_va = 0x31b0000 end_va = 0x31b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 520 start_va = 0x31c0000 end_va = 0x31c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 521 start_va = 0x31d0000 end_va = 0x31d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 522 start_va = 0x31e0000 end_va = 0x31e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 523 start_va = 0x31f0000 end_va = 0x31f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 524 start_va = 0x3200000 end_va = 0x3200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 525 start_va = 0x3210000 end_va = 0x3210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 526 start_va = 0x3220000 end_va = 0x3220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 527 start_va = 0x3230000 end_va = 0x3230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003230000" filename = "" Region: id = 528 start_va = 0x3240000 end_va = 0x3240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 529 start_va = 0x3250000 end_va = 0x3250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 530 start_va = 0x3260000 end_va = 0x3260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 531 start_va = 0x3270000 end_va = 0x3270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 532 start_va = 0x3280000 end_va = 0x3280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 533 start_va = 0x3290000 end_va = 0x3290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 534 start_va = 0x32a0000 end_va = 0x32a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032a0000" filename = "" Region: id = 535 start_va = 0x32b0000 end_va = 0x32b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 536 start_va = 0x32c0000 end_va = 0x32c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 537 start_va = 0x32d0000 end_va = 0x32d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 538 start_va = 0x32e0000 end_va = 0x32e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 539 start_va = 0x32f0000 end_va = 0x32f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032f0000" filename = "" Region: id = 540 start_va = 0x3300000 end_va = 0x3300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 541 start_va = 0x3310000 end_va = 0x3310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 542 start_va = 0x3320000 end_va = 0x3320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 543 start_va = 0x3330000 end_va = 0x3330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 544 start_va = 0x3340000 end_va = 0x3340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 545 start_va = 0x3350000 end_va = 0x3350fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 546 start_va = 0x3360000 end_va = 0x3360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 547 start_va = 0x3370000 end_va = 0x3370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003370000" filename = "" Region: id = 548 start_va = 0x3380000 end_va = 0x3380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 549 start_va = 0x3390000 end_va = 0x3390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 550 start_va = 0x33a0000 end_va = 0x33a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 551 start_va = 0x33b0000 end_va = 0x33b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 552 start_va = 0x33c0000 end_va = 0x33c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 553 start_va = 0x33d0000 end_va = 0x33d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 554 start_va = 0x33e0000 end_va = 0x33e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 555 start_va = 0x33f0000 end_va = 0x33f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 556 start_va = 0x3400000 end_va = 0x3400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 557 start_va = 0x3410000 end_va = 0x3410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 558 start_va = 0x3420000 end_va = 0x3420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 559 start_va = 0x3430000 end_va = 0x3430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 560 start_va = 0x3440000 end_va = 0x3440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003440000" filename = "" Region: id = 561 start_va = 0x3450000 end_va = 0x3450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003450000" filename = "" Region: id = 562 start_va = 0x3460000 end_va = 0x3460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 563 start_va = 0x3470000 end_va = 0x3470fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003470000" filename = "" Region: id = 564 start_va = 0x3480000 end_va = 0x3480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 565 start_va = 0x3490000 end_va = 0x3490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003490000" filename = "" Region: id = 566 start_va = 0x34a0000 end_va = 0x34a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 567 start_va = 0x34b0000 end_va = 0x34b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 568 start_va = 0x34c0000 end_va = 0x34c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034c0000" filename = "" Region: id = 569 start_va = 0x34d0000 end_va = 0x34d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 570 start_va = 0x34e0000 end_va = 0x34e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 571 start_va = 0x34f0000 end_va = 0x34f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 572 start_va = 0x3500000 end_va = 0x3500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 573 start_va = 0x3510000 end_va = 0x3510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 574 start_va = 0x3520000 end_va = 0x3520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 575 start_va = 0x3530000 end_va = 0x3530fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 576 start_va = 0x3540000 end_va = 0x3540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 577 start_va = 0x3550000 end_va = 0x3550fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 578 start_va = 0x3560000 end_va = 0x3560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 579 start_va = 0x3570000 end_va = 0x3570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 580 start_va = 0x3580000 end_va = 0x3580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003580000" filename = "" Region: id = 581 start_va = 0x3590000 end_va = 0x3590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 582 start_va = 0x35a0000 end_va = 0x35a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 583 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 584 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 585 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 586 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 587 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 588 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 589 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 590 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 591 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 592 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 593 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 594 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 595 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 596 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 597 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 598 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 599 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 600 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 601 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 602 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 603 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 604 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 605 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 606 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 607 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 608 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 609 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 610 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 611 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 612 start_va = 0x35b0000 end_va = 0x35b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 613 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 614 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 615 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 616 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 617 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 618 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 619 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 620 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 621 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 622 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 623 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 624 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 625 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 626 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 627 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 628 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 629 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 630 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 631 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 632 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 633 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 634 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 635 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 636 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 637 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 638 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 639 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 640 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 641 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 642 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 643 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 644 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 645 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 646 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 647 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 648 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 649 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 650 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 651 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 652 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 653 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 654 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 655 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 656 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 657 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 658 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 659 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 660 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 661 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 662 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 663 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 664 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 665 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 666 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 667 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 668 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 669 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 670 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 671 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 672 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 673 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 674 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 675 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 676 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 677 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 678 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 679 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 680 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 681 start_va = 0x35c0000 end_va = 0x35c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 682 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 683 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 684 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 685 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 686 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 687 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 688 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 689 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 690 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 691 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 692 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 693 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 694 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 695 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 696 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 697 start_va = 0x2420000 end_va = 0x2420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 698 start_va = 0x73550000 end_va = 0x73552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 716 start_va = 0x35c0000 end_va = 0x35dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Thread: id = 1 os_tid = 0xdac [0058.980] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x40) returned 0x1b0000 [0059.473] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x40) returned 0x290000 [0059.479] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0059.513] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0059.513] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0059.548] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0059.548] VirtualAlloc (lpAddress=0x0, dwSize=0x546, flAllocationType=0x1000, flProtect=0x4) returned 0x1b0000 [0059.548] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0059.549] VirtualAlloc (lpAddress=0x0, dwSize=0x44400, flAllocationType=0x1000, flProtect=0x4) returned 0x1b0000 [0059.573] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0059.607] VirtualAlloc (lpAddress=0x0, dwSize=0x1600, flAllocationType=0x1000, flProtect=0x4) returned 0x1b0000 [0059.607] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0059.608] VirtualAlloc (lpAddress=0x0, dwSize=0x1400, flAllocationType=0x1000, flProtect=0x4) returned 0x1b0000 [0059.608] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0059.609] VirtualAlloc (lpAddress=0x0, dwSize=0x3400, flAllocationType=0x1000, flProtect=0x4) returned 0x1b0000 [0059.610] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0059.611] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0059.611] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0059.611] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0059.611] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0059.611] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0059.611] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSection") returned 0x77a12c42 [0059.611] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualQuery") returned 0x769c4412 [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="WideCharToMultiByte") returned 0x769c16ed [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="MultiByteToWideChar") returned 0x769c190e [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="lstrlenA") returned 0x769c5a03 [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="lstrcpynA") returned 0x769d18e2 [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="lstrcpyA") returned 0x769e2a6d [0059.612] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryExA") returned 0x769c48cb [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadLocale") returned 0x769c357f [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoA") returned 0x769c0e00 [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoA") returned 0x769dd5b5 [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0059.613] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileA") returned 0x769ce286 [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="UnhandledExceptionFilter") returned 0x769e76f7 [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointer") returned 0x769c17b1 [0059.614] GetProcAddress (hModule=0x769b0000, lpProcName="SetEndOfFile") returned 0x769dce06 [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="RtlUnwind") returned 0x769ed1b3 [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="GetStdHandle") returned 0x769c516b [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSize") returned 0x769c194e [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTime") returned 0x769c5a4e [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileType") returned 0x769c34e1 [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0059.615] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0059.616] GetModuleHandleA (lpModuleName="user32.dll") returned 0x773b0000 [0059.616] GetProcAddress (hModule=0x773b0000, lpProcName="GetKeyboardType") returned 0x77409ac4 [0059.616] GetProcAddress (hModule=0x773b0000, lpProcName="LoadStringA") returned 0x773cdb21 [0059.616] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0059.616] GetProcAddress (hModule=0x773b0000, lpProcName="CharNextA") returned 0x773c7a1b [0059.617] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76c20000 [0059.617] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryValueExA") returned 0x76c348ef [0059.617] GetProcAddress (hModule=0x76c20000, lpProcName="RegOpenKeyExA") returned 0x76c34907 [0059.617] GetProcAddress (hModule=0x76c20000, lpProcName="RegCloseKey") returned 0x76c3469d [0059.618] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x757f0000 [0059.618] GetProcAddress (hModule=0x757f0000, lpProcName="VariantChangeTypeEx") returned 0x757f4c28 [0059.618] GetProcAddress (hModule=0x757f0000, lpProcName="VariantCopyInd") returned 0x7580e86c [0059.618] GetProcAddress (hModule=0x757f0000, lpProcName="VariantClear") returned 0x757f3eae [0059.618] GetProcAddress (hModule=0x757f0000, lpProcName="SysStringLen") returned 0x757f4680 [0059.618] GetProcAddress (hModule=0x757f0000, lpProcName="SysFreeString") returned 0x757f3e59 [0059.618] GetProcAddress (hModule=0x757f0000, lpProcName="SysReAllocStringLen") returned 0x757f7810 [0059.618] GetProcAddress (hModule=0x757f0000, lpProcName="SysAllocStringLen") returned 0x757f45d2 [0059.619] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0059.619] GetProcAddress (hModule=0x769b0000, lpProcName="TlsSetValue") returned 0x769c14db [0059.619] GetProcAddress (hModule=0x769b0000, lpProcName="TlsGetValue") returned 0x769c11e0 [0059.619] GetProcAddress (hModule=0x769b0000, lpProcName="TlsFree") returned 0x769c3537 [0059.619] GetProcAddress (hModule=0x769b0000, lpProcName="TlsAlloc") returned 0x769c4965 [0059.619] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0059.619] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0059.619] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0059.619] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76c20000 [0059.620] GetProcAddress (hModule=0x76c20000, lpProcName="RegSetValueExA") returned 0x76c314b3 [0059.620] GetProcAddress (hModule=0x76c20000, lpProcName="RegSetValueA") returned 0x76c80e41 [0059.620] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryValueExA") returned 0x76c348ef [0059.620] GetProcAddress (hModule=0x76c20000, lpProcName="RegQueryInfoKeyA") returned 0x76c2e143 [0059.623] GetProcAddress (hModule=0x76c20000, lpProcName="RegOpenKeyExA") returned 0x76c34907 [0059.623] GetProcAddress (hModule=0x76c20000, lpProcName="RegEnumKeyExA") returned 0x76c31481 [0059.623] GetProcAddress (hModule=0x76c20000, lpProcName="RegCreateKeyExA") returned 0x76c31469 [0059.623] GetProcAddress (hModule=0x76c20000, lpProcName="RegCloseKey") returned 0x76c3469d [0059.623] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="WritePrivateProfileStringA") returned 0x769e7018 [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="WaitForSingleObject") returned 0x769c1136 [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualUnlock") returned 0x769def11 [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualQuery") returned 0x769c4412 [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualLock") returned 0x769dec0b [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadPriority") returned 0x769c326b [0059.625] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointer") returned 0x769c17b1 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="SetFileAttributesA") returned 0x769deca3 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="SetEndOfFile") returned 0x769dce06 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="RemoveDirectoryA") returned 0x76a44a5f [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceFrequency") returned 0x769c41a8 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceCounter") returned 0x769c1705 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="IsBadReadPtr") returned 0x769ed065 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSection") returned 0x77a12c42 [0059.626] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalUnlock") returned 0x769dcfb4 [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalHandle") returned 0x769ed26c [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalLock") returned 0x769dd077 [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalFree") returned 0x769c5510 [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GlobalAlloc") returned 0x769c5846 [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetWindowsDirectoryA") returned 0x769e2ada [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetVolumeInformationA") returned 0x769e6d9b [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersionExA") returned 0x769c34c9 [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersion") returned 0x769c441f [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadPriority") returned 0x769c4377 [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetThreadLocale") returned 0x769c357f [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetTempPathA") returned 0x769e273c [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetTempFileNameA") returned 0x769e9d0f [0059.627] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemInfo") returned 0x769c4982 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetPrivateProfileStringA") returned 0x769d1804 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameA") returned 0x769c1491 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoA") returned 0x769dd5b5 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocalTime") returned 0x769c5a5e [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSize") returned 0x769c194e [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileAttributesA") returned 0x769c53cc [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetExitCodeProcess") returned 0x769d1705 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetDriveTypeA") returned 0x769def45 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetDiskFreeSpaceA") returned 0x76a448df [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetDateFormatA") returned 0x769ea939 [0059.628] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThread") returned 0x769c17cc [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcess") returned 0x769c17e9 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentDirectoryA") returned 0x769ed4e6 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="GetCPInfo") returned 0x769c5141 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="FormatMessageA") returned 0x769e5f8d [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="FindNextFileA") returned 0x769ed52e [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileA") returned 0x769ce286 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="FileTimeToLocalFileTime") returned 0x769ce256 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="FileTimeToDosDateTime") returned 0x769dc845 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="ExpandEnvironmentStringsA") returned 0x769deb09 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0059.629] GetProcAddress (hModule=0x769b0000, lpProcName="EnumCalendarInfoA") returned 0x769e9e40 [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="DeviceIoControl") returned 0x769c31df [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteFileA") returned 0x769c53fc [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="CreateProcessA") returned 0x769c1072 [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="CreateEventA") returned 0x769c323c [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="CreateDirectoryA") returned 0x769ed516 [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="CopyFileA") returned 0x769e58b5 [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="CompareStringA") returned 0x769c3c0a [0059.630] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0059.630] GetModuleHandleA (lpModuleName="version.dll") returned 0x0 [0059.630] LoadLibraryA (lpLibFileName="version.dll") returned 0x74520000 [0059.771] GetProcAddress (hModule=0x74520000, lpProcName="VerQueryValueA") returned 0x74521b72 [0059.771] GetProcAddress (hModule=0x74520000, lpProcName="GetFileVersionInfoSizeA") returned 0x74521c9c [0059.771] GetProcAddress (hModule=0x74520000, lpProcName="GetFileVersionInfoA") returned 0x74521ced [0059.771] GetModuleHandleA (lpModuleName="gdi32.dll") returned 0x77240000 [0059.771] GetProcAddress (hModule=0x77240000, lpProcName="SetBkMode") returned 0x772551a2 [0059.771] GetProcAddress (hModule=0x77240000, lpProcName="GetStockObject") returned 0x77254eb8 [0059.771] GetProcAddress (hModule=0x77240000, lpProcName="CreateFontA") returned 0x7725d0e8 [0059.772] GetProcAddress (hModule=0x77240000, lpProcName="CreateDIBitmap") returned 0x77257217 [0059.772] GetModuleHandleA (lpModuleName="user32.dll") returned 0x773b0000 [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="TranslateMessage") returned 0x773c7809 [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="ShowWindow") returned 0x773d0dfb [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="SetWindowTextA") returned 0x773d7aee [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="SetWindowPos") returned 0x773c8e4e [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="SetFocus") returned 0x773d2175 [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="SetDlgItemTextA") returned 0x773dc4d6 [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="SetClipboardData") returned 0x77408e57 [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="SendMessageA") returned 0x773d612e [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="SendDlgItemMessageA") returned 0x773ec112 [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="RegisterClassA") returned 0x773d434b [0059.772] GetProcAddress (hModule=0x773b0000, lpProcName="PostQuitMessage") returned 0x773c9abb [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="PeekMessageA") returned 0x773d5f74 [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="OpenClipboard") returned 0x773d8ecb [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="MsgWaitForMultipleObjects") returned 0x773d0b4a [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="MessageBoxA") returned 0x7741fd1e [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="LoadStringA") returned 0x773cdb21 [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="LoadIconA") returned 0x773cdafb [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="LoadCursorA") returned 0x773cdad5 [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="IsClipboardFormatAvailable") returned 0x773d8676 [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="GetWindowTextA") returned 0x773d0029 [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="GetWindowRect") returned 0x773c7f34 [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="GetSystemMetrics") returned 0x773c7d2f [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="GetMessageA") returned 0x773c7bd3 [0059.773] GetProcAddress (hModule=0x773b0000, lpProcName="GetFocus") returned 0x773d0dee [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="GetDlgItemTextA") returned 0x77426b36 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="GetDlgItem") returned 0x773ef1ba [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="GetDesktopWindow") returned 0x773d0a19 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="GetDC") returned 0x773c72c4 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="GetAsyncKeyState") returned 0x773eeb96 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="GetActiveWindow") returned 0x773ef5c7 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="EndDialog") returned 0x773eb99c [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="EnableWindow") returned 0x773d2da4 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="EmptyClipboard") returned 0x77427cb9 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="DispatchMessageA") returned 0x773c7bbb [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="DialogBoxIndirectParamA") returned 0x7740ce64 [0059.774] GetProcAddress (hModule=0x773b0000, lpProcName="DestroyWindow") returned 0x773c9a55 [0059.775] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcA") returned 0x77a224e0 [0059.775] GetProcAddress (hModule=0x773b0000, lpProcName="CreateWindowExA") returned 0x773cd22e [0059.775] GetProcAddress (hModule=0x773b0000, lpProcName="CloseClipboard") returned 0x773d8e8d [0059.775] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76e80000 [0059.775] GetProcAddress (hModule=0x76e80000, lpProcName="CoCreateGuid") returned 0x76ec15d5 [0059.775] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0059.775] GetProcAddress (hModule=0x769b0000, lpProcName="GetVersionExA") returned 0x769c34c9 [0059.775] GetModuleHandleA (lpModuleName="wsock32.dll") returned 0x0 [0059.775] LoadLibraryA (lpLibFileName="wsock32.dll") returned 0x75400000 [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="ioctlsocket") returned 0x75613084 [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="WSACancelBlockingCall") returned 0x75625343 [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="WSAIsBlocking") returned 0x756253be [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="gethostbyname") returned 0x75627673 [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="send") returned 0x75616f01 [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="recv") returned 0x754017a8 [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="connect") returned 0x75616bdd [0060.338] GetProcAddress (hModule=0x75400000, lpProcName="WSACleanup") returned 0x75613c5f [0060.339] GetProcAddress (hModule=0x75400000, lpProcName="closesocket") returned 0x75613918 [0060.339] GetProcAddress (hModule=0x75400000, lpProcName="shutdown") returned 0x7561449d [0060.339] GetProcAddress (hModule=0x75400000, lpProcName="socket") returned 0x75613eb8 [0060.339] GetProcAddress (hModule=0x75400000, lpProcName="WSAStartup") returned 0x75613ab2 [0060.348] GetModuleFileNameA (in: hModule=0x290000, lpFilename=0x18fde8, nSize=0x105 | out: lpFilename="\n" (normalized: "c:\\users\\keecfmwgj\\desktop\\\n")) returned 0x0 [0060.357] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fcc3, nSize=0x105 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe")) returned 0x5f [0060.357] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf003f, phkResult=0x18fdd8 | out: phkResult=0x18fdd8*=0x0) returned 0x2 [0060.358] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf003f, phkResult=0x18fdd8 | out: phkResult=0x18fdd8*=0x0) returned 0x2 [0060.358] lstrcpyA (in: lpString1=0x18fcc3, lpString2="\n" | out: lpString1="\n") returned="\n" [0060.358] GetThreadLocale () returned 0x409 [0060.359] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18fdd3, cchData=5 | out: lpLCData="ENU") returned 4 [0060.361] lstrlenA (lpString="\n") returned 1 [0060.371] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x304488 [0060.380] GetKeyboardType (nTypeFlag=0) returned 4 [0060.380] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe\" " [0060.380] GetStartupInfoA (in: lpStartupInfo=0x18fe78 | out: lpStartupInfo=0x18fe78*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0060.380] GetCurrentThreadId () returned 0xdac [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffdc, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffdb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffd9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffda, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffd8, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffd7, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffd6, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffd3, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffd2, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.398] LoadStringA (in: hInstance=0x290000, uID=0xffd1, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffea, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffeb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffec, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe8, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe6, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe5, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe4, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe3, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe2, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe1, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffe0, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xffff, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xfffe, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xfffd, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xfffc, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xfffb, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xfffa, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.399] LoadStringA (in: hInstance=0x290000, uID=0xfff9, lpBuffer=0x18faac, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.408] LoadStringA (in: hInstance=0x290000, uID=0xfff7, lpBuffer=0x18fa9c, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.408] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x304bd8 [0060.409] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2170000 [0060.409] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x305bd8 [0060.409] VirtualAlloc (lpAddress=0x2170000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2170000 [0060.409] LoadStringA (in: hInstance=0x290000, uID=0xffe7, lpBuffer=0x18fa9c, cchBufferMax=1024 | out: lpBuffer="") returned 0x0 [0060.418] GetThreadLocale () returned 0x409 [0060.418] GetSystemMetrics (nIndex=74) returned 0 [0060.915] GetSystemMetrics (nIndex=42) returned 0 [0060.924] GetThreadLocale () returned 0x409 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jan") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd04, cchData=256 | out: lpLCData="January") returned 8 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Feb") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd04, cchData=256 | out: lpLCData="February") returned 9 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Mar") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="March") returned 6 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Apr") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="April") returned 6 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd04, cchData=256 | out: lpLCData="May") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="May") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jun") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="June") returned 5 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Jul") returned 4 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="July") returned 5 [0060.924] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Aug") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="August") returned 7 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sep") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd04, cchData=256 | out: lpLCData="September") returned 10 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Oct") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd04, cchData=256 | out: lpLCData="October") returned 8 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Nov") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd04, cchData=256 | out: lpLCData="November") returned 9 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Dec") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd04, cchData=256 | out: lpLCData="December") returned 9 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sun") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sunday") returned 7 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Mon") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Monday") returned 7 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Tue") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Tuesday") returned 8 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Wed") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Wednesday") returned 10 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Thu") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Thursday") returned 9 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Fri") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Friday") returned 7 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Sat") returned 4 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd04, cchData=256 | out: lpLCData="Saturday") returned 9 [0060.925] GetThreadLocale () returned 0x409 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fd60, cchData=256 | out: lpLCData="$") returned 2 [0060.925] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fe58, cchData=2 | out: lpLCData=",") returned 2 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fe58, cchData=2 | out: lpLCData=".") returned 2 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fd60, cchData=256 | out: lpLCData="2") returned 2 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fe58, cchData=2 | out: lpLCData="/") returned 2 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fd60, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0060.934] GetThreadLocale () returned 0x409 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fd30, cchData=256 | out: lpLCData="1") returned 2 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fd60, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0060.934] GetThreadLocale () returned 0x409 [0060.934] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fd30, cchData=256 | out: lpLCData="1") returned 2 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fe58, cchData=2 | out: lpLCData=":") returned 2 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fd60, cchData=256 | out: lpLCData="AM") returned 3 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fd60, cchData=256 | out: lpLCData="PM") returned 3 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fd60, cchData=256 | out: lpLCData="0") returned 2 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fe58, cchData=2 | out: lpLCData=",") returned 2 [0060.935] GetVersionExA (in: lpVersionInformation=0x18fe2c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x217030c, dwMinorVersion=0x21702fc, dwBuildNumber=0x30, dwPlatformId=0x2922c9, szCSDVersion="Äþ\x18") | out: lpVersionInformation=0x18fe2c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0060.935] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0060.935] GetProcAddress (hModule=0x769b0000, lpProcName="GetDiskFreeSpaceExA") returned 0x76a448ef [0060.964] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x18fd40 | out: lpWSAData=0x18fd40) returned 0 [0061.432] GetCurrentThreadId () returned 0xdac [0061.438] VirtualAlloc (lpAddress=0x2174000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x2174000 [0061.471] GetLocalTime (in: lpSystemTime=0x18feb8 | out: lpSystemTime=0x18feb8*(wYear=0x7e5, wMonth=0xc, wDayOfWeek=0x2, wDay=0x1c, wHour=0x14, wMinute=0x1c, wSecond=0x30, wMilliseconds=0x162)) [0061.472] GetSystemTime (in: lpSystemTime=0x18feb4 | out: lpSystemTime=0x18feb4*(wYear=0x7e5, wMonth=0xc, wDayOfWeek=0x2, wDay=0x1c, wHour=0x13, wMinute=0x1c, wSecond=0x30, wMilliseconds=0x162)) [0061.480] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0 [0061.481] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0061.481] GetCurrentProcess () returned 0xffffffff [0061.481] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x18ff00, lpSystemAffinityMask=0x18fefc | out: lpProcessAffinityMask=0x18ff00, lpSystemAffinityMask=0x18fefc) returned 1 [0061.488] VirtualAlloc (lpAddress=0x2198000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x2198000 [0061.498] VirtualFree (lpAddress=0x21b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0061.510] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x769b0000 [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="MapViewOfFile") returned 0x769c18d1 [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="FindResourceA") returned 0x769de98b [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="IsBadReadPtr") returned 0x769ed065 [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="UnmapViewOfFile") returned 0x769c1806 [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileMappingA") returned 0x769c54be [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileA") returned 0x769c537e [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="IsDebuggerPresent") returned 0x769c4a15 [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTime") returned 0x769c5a4e [0061.511] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualAlloc") returned 0x769c1836 [0061.512] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualFree") returned 0x769c184e [0061.512] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcessId") returned 0x769c11f8 [0061.512] LoadLibraryA (lpLibFileName="NTDLL.DLL") returned 0x779e0000 [0061.512] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x76c20000 [0061.512] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0061.512] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0061.512] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0061.512] GetProcAddress (hModule=0x769b0000, lpProcName="SetLastError") returned 0x769c11a9 [0061.512] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x1000, flProtect=0x40) returned 0x1b0000 [0061.512] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x1000, flProtect=0x40) returned 0x1c0000 [0061.513] VirtualAlloc (lpAddress=0x21b8000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x21b8000 [0061.518] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x1d0000 [0061.518] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x1e0000 [0061.519] VirtualAlloc (lpAddress=0x0, dwSize=0x83, flAllocationType=0x1000, flProtect=0x40) returned 0x1f0000 [0061.519] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x200000 [0061.519] VirtualAlloc (lpAddress=0x0, dwSize=0x437, flAllocationType=0x1000, flProtect=0x40) returned 0x3f0000 [0061.519] VirtualAlloc (lpAddress=0x0, dwSize=0x1c9, flAllocationType=0x1000, flProtect=0x40) returned 0x9d0000 [0061.520] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x9e0000 [0061.520] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x9f0000 [0061.520] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x2350000 [0061.520] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x2360000 [0061.521] VirtualAlloc (lpAddress=0x21e0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21e0000 [0061.521] GetCurrentProcessId () returned 0xda8 [0061.521] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2370000 [0061.521] VirtualAlloc (lpAddress=0x0, dwSize=0xbf, flAllocationType=0x1000, flProtect=0x40) returned 0x2380000 [0061.522] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x2390000 [0061.522] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x23a0000 [0061.522] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x23b0000 [0061.523] VirtualAlloc (lpAddress=0x0, dwSize=0x89, flAllocationType=0x1000, flProtect=0x40) returned 0x23c0000 [0061.523] VirtualAlloc (lpAddress=0x0, dwSize=0xd4, flAllocationType=0x1000, flProtect=0x40) returned 0x23d0000 [0061.524] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x23e0000 [0061.524] VirtualAlloc (lpAddress=0x0, dwSize=0xb8, flAllocationType=0x1000, flProtect=0x40) returned 0x23f0000 [0061.524] VirtualAlloc (lpAddress=0x0, dwSize=0x17c, flAllocationType=0x1000, flProtect=0x40) returned 0x2400000 [0061.524] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2410000 [0061.525] GetCurrentProcessId () returned 0xda8 [0061.525] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2420000 [0061.525] VirtualAlloc (lpAddress=0x0, dwSize=0x284, flAllocationType=0x1000, flProtect=0x40) returned 0x2430000 [0061.525] VirtualAlloc (lpAddress=0x0, dwSize=0x37d, flAllocationType=0x1000, flProtect=0x40) returned 0x2440000 [0061.526] VirtualAlloc (lpAddress=0x0, dwSize=0xb9, flAllocationType=0x1000, flProtect=0x40) returned 0x2760000 [0061.526] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x1000, flProtect=0x40) returned 0x2770000 [0061.526] VirtualAlloc (lpAddress=0x0, dwSize=0x91, flAllocationType=0x1000, flProtect=0x40) returned 0x2780000 [0061.527] VirtualAlloc (lpAddress=0x0, dwSize=0x87, flAllocationType=0x1000, flProtect=0x40) returned 0x2790000 [0061.527] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x27a0000 [0061.527] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x27b0000 [0061.527] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x27c0000 [0061.527] VirtualAlloc (lpAddress=0x0, dwSize=0xb9, flAllocationType=0x1000, flProtect=0x40) returned 0x27d0000 [0061.528] GetCurrentProcessId () returned 0xda8 [0061.528] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x27e0000 [0061.528] VirtualAlloc (lpAddress=0x0, dwSize=0x149, flAllocationType=0x1000, flProtect=0x40) returned 0x27f0000 [0061.528] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x2800000 [0061.528] VirtualAlloc (lpAddress=0x0, dwSize=0x11d, flAllocationType=0x1000, flProtect=0x40) returned 0x2810000 [0061.529] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x2820000 [0061.529] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x2830000 [0061.529] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x2840000 [0061.529] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x2850000 [0061.530] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x2860000 [0061.530] VirtualAlloc (lpAddress=0x0, dwSize=0x3b1, flAllocationType=0x1000, flProtect=0x40) returned 0x2870000 [0061.530] VirtualAlloc (lpAddress=0x0, dwSize=0xab, flAllocationType=0x1000, flProtect=0x40) returned 0x2880000 [0061.530] GetCurrentProcessId () returned 0xda8 [0061.530] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2890000 [0061.531] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x28a0000 [0061.531] VirtualAlloc (lpAddress=0x0, dwSize=0xb1, flAllocationType=0x1000, flProtect=0x40) returned 0x28b0000 [0061.531] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x28c0000 [0061.531] VirtualAlloc (lpAddress=0x0, dwSize=0x1df, flAllocationType=0x1000, flProtect=0x40) returned 0x28d0000 [0061.532] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x28e0000 [0061.532] VirtualAlloc (lpAddress=0x0, dwSize=0x189, flAllocationType=0x1000, flProtect=0x40) returned 0x28f0000 [0061.532] VirtualAlloc (lpAddress=0x0, dwSize=0x483, flAllocationType=0x1000, flProtect=0x40) returned 0x2900000 [0061.532] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2910000 [0061.533] VirtualAlloc (lpAddress=0x0, dwSize=0x247, flAllocationType=0x1000, flProtect=0x40) returned 0x2920000 [0061.533] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x2930000 [0061.533] GetCurrentProcessId () returned 0xda8 [0061.533] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2940000 [0061.533] VirtualAlloc (lpAddress=0x0, dwSize=0xe2, flAllocationType=0x1000, flProtect=0x40) returned 0x2950000 [0061.534] VirtualAlloc (lpAddress=0x0, dwSize=0x89, flAllocationType=0x1000, flProtect=0x40) returned 0x2960000 [0061.534] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x2970000 [0061.534] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x2980000 [0061.534] VirtualAlloc (lpAddress=0x0, dwSize=0xc4, flAllocationType=0x1000, flProtect=0x40) returned 0x2990000 [0061.535] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x29a0000 [0061.535] VirtualAlloc (lpAddress=0x0, dwSize=0xcc, flAllocationType=0x1000, flProtect=0x40) returned 0x29b0000 [0061.535] VirtualAlloc (lpAddress=0x0, dwSize=0xd6, flAllocationType=0x1000, flProtect=0x40) returned 0x29c0000 [0061.535] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x29d0000 [0061.536] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x29e0000 [0061.536] VirtualAlloc (lpAddress=0x21e4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21e4000 [0061.536] GetCurrentProcessId () returned 0xda8 [0061.536] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x29f0000 [0061.537] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x2a00000 [0061.537] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x2a10000 [0061.537] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2a20000 [0061.537] VirtualAlloc (lpAddress=0x0, dwSize=0xc4, flAllocationType=0x1000, flProtect=0x40) returned 0x2a30000 [0061.538] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2a40000 [0061.538] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x2a50000 [0061.538] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x2a60000 [0061.538] VirtualAlloc (lpAddress=0x0, dwSize=0x17e, flAllocationType=0x1000, flProtect=0x40) returned 0x2a70000 [0061.540] VirtualAlloc (lpAddress=0x0, dwSize=0x1b1, flAllocationType=0x1000, flProtect=0x40) returned 0x2a80000 [0061.540] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x2a90000 [0061.541] GetCurrentProcessId () returned 0xda8 [0061.541] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2aa0000 [0061.541] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x1000, flProtect=0x40) returned 0x2ab0000 [0061.541] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x2ac0000 [0061.541] VirtualAlloc (lpAddress=0x0, dwSize=0xbb, flAllocationType=0x1000, flProtect=0x40) returned 0x2ad0000 [0061.542] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x2ae0000 [0061.542] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2af0000 [0061.542] VirtualAlloc (lpAddress=0x0, dwSize=0xfa, flAllocationType=0x1000, flProtect=0x40) returned 0x2b00000 [0061.542] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x2b10000 [0061.543] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2b20000 [0061.543] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x1000, flProtect=0x40) returned 0x2b30000 [0061.543] VirtualAlloc (lpAddress=0x0, dwSize=0x328, flAllocationType=0x1000, flProtect=0x40) returned 0x2b40000 [0061.544] GetCurrentProcessId () returned 0xda8 [0061.544] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2b50000 [0061.544] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x2b60000 [0061.544] VirtualAlloc (lpAddress=0x0, dwSize=0xb4, flAllocationType=0x1000, flProtect=0x40) returned 0x2b70000 [0061.545] VirtualAlloc (lpAddress=0x0, dwSize=0x1a2, flAllocationType=0x1000, flProtect=0x40) returned 0x2b80000 [0061.545] VirtualAlloc (lpAddress=0x0, dwSize=0x8d, flAllocationType=0x1000, flProtect=0x40) returned 0x2b90000 [0061.545] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x2ba0000 [0061.545] VirtualAlloc (lpAddress=0x0, dwSize=0x293, flAllocationType=0x1000, flProtect=0x40) returned 0x2bb0000 [0061.546] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2bc0000 [0061.546] VirtualAlloc (lpAddress=0x0, dwSize=0x14f, flAllocationType=0x1000, flProtect=0x40) returned 0x2bd0000 [0061.546] VirtualAlloc (lpAddress=0x0, dwSize=0xc1, flAllocationType=0x1000, flProtect=0x40) returned 0x2be0000 [0061.547] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x2bf0000 [0061.547] GetCurrentProcessId () returned 0xda8 [0061.547] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2c00000 [0061.547] VirtualAlloc (lpAddress=0x0, dwSize=0xb8, flAllocationType=0x1000, flProtect=0x40) returned 0x2c10000 [0061.548] VirtualAlloc (lpAddress=0x0, dwSize=0xb1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c20000 [0061.548] VirtualAlloc (lpAddress=0x0, dwSize=0x1bc, flAllocationType=0x1000, flProtect=0x40) returned 0x2c30000 [0061.548] VirtualAlloc (lpAddress=0x0, dwSize=0x2c1, flAllocationType=0x1000, flProtect=0x40) returned 0x2c40000 [0061.548] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x2c50000 [0061.549] VirtualAlloc (lpAddress=0x0, dwSize=0xdd, flAllocationType=0x1000, flProtect=0x40) returned 0x2c60000 [0061.549] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x1000, flProtect=0x40) returned 0x2c70000 [0061.549] VirtualAlloc (lpAddress=0x0, dwSize=0x95, flAllocationType=0x1000, flProtect=0x40) returned 0x2c80000 [0061.550] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2c90000 [0061.550] VirtualAlloc (lpAddress=0x0, dwSize=0xc3, flAllocationType=0x1000, flProtect=0x40) returned 0x2ca0000 [0061.550] VirtualAlloc (lpAddress=0x21e8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21e8000 [0061.551] GetCurrentProcessId () returned 0xda8 [0061.551] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2cb0000 [0061.551] VirtualAlloc (lpAddress=0x0, dwSize=0xc7, flAllocationType=0x1000, flProtect=0x40) returned 0x2cc0000 [0061.551] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x2cd0000 [0061.551] VirtualAlloc (lpAddress=0x0, dwSize=0x8c, flAllocationType=0x1000, flProtect=0x40) returned 0x2ce0000 [0061.552] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x2cf0000 [0061.552] VirtualAlloc (lpAddress=0x0, dwSize=0x272, flAllocationType=0x1000, flProtect=0x40) returned 0x2d00000 [0061.552] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x2d10000 [0061.553] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x40) returned 0x2d20000 [0061.553] VirtualAlloc (lpAddress=0x0, dwSize=0xca, flAllocationType=0x1000, flProtect=0x40) returned 0x2d30000 [0061.553] VirtualAlloc (lpAddress=0x0, dwSize=0xe3, flAllocationType=0x1000, flProtect=0x40) returned 0x2d40000 [0061.554] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x2d50000 [0061.554] GetCurrentProcessId () returned 0xda8 [0061.554] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2d60000 [0061.555] VirtualAlloc (lpAddress=0x0, dwSize=0xb3, flAllocationType=0x1000, flProtect=0x40) returned 0x2d70000 [0061.555] VirtualAlloc (lpAddress=0x0, dwSize=0xe1, flAllocationType=0x1000, flProtect=0x40) returned 0x2d80000 [0061.555] VirtualAlloc (lpAddress=0x0, dwSize=0x7b, flAllocationType=0x1000, flProtect=0x40) returned 0x2d90000 [0061.556] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x1000, flProtect=0x40) returned 0x2da0000 [0061.556] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x2db0000 [0061.556] VirtualAlloc (lpAddress=0x0, dwSize=0x399, flAllocationType=0x1000, flProtect=0x40) returned 0x2dc0000 [0061.557] VirtualAlloc (lpAddress=0x0, dwSize=0xa9, flAllocationType=0x1000, flProtect=0x40) returned 0x2dd0000 [0061.557] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x2de0000 [0061.557] VirtualAlloc (lpAddress=0x0, dwSize=0x133, flAllocationType=0x1000, flProtect=0x40) returned 0x2df0000 [0061.558] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x2e00000 [0061.558] GetCurrentProcessId () returned 0xda8 [0061.558] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2e10000 [0061.558] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x2e20000 [0061.559] VirtualAlloc (lpAddress=0x0, dwSize=0xc6, flAllocationType=0x1000, flProtect=0x40) returned 0x2e30000 [0061.559] VirtualAlloc (lpAddress=0x0, dwSize=0x86, flAllocationType=0x1000, flProtect=0x40) returned 0x2e40000 [0061.559] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x2e50000 [0061.560] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x2e60000 [0061.560] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x2e70000 [0061.560] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x2e80000 [0061.561] VirtualAlloc (lpAddress=0x0, dwSize=0x87, flAllocationType=0x1000, flProtect=0x40) returned 0x2e90000 [0061.561] VirtualAlloc (lpAddress=0x0, dwSize=0x1af, flAllocationType=0x1000, flProtect=0x40) returned 0x2ea0000 [0061.561] VirtualAlloc (lpAddress=0x0, dwSize=0x9d, flAllocationType=0x1000, flProtect=0x40) returned 0x2eb0000 [0061.562] GetCurrentProcessId () returned 0xda8 [0061.562] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2ec0000 [0061.562] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x1000, flProtect=0x40) returned 0x2ed0000 [0061.562] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2ee0000 [0061.563] VirtualAlloc (lpAddress=0x0, dwSize=0x65, flAllocationType=0x1000, flProtect=0x40) returned 0x2ef0000 [0061.563] VirtualAlloc (lpAddress=0x0, dwSize=0x3a6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f00000 [0061.563] VirtualAlloc (lpAddress=0x0, dwSize=0x139, flAllocationType=0x1000, flProtect=0x40) returned 0x2f10000 [0061.564] VirtualAlloc (lpAddress=0x0, dwSize=0x388, flAllocationType=0x1000, flProtect=0x40) returned 0x2f20000 [0061.564] VirtualAlloc (lpAddress=0x0, dwSize=0xfc, flAllocationType=0x1000, flProtect=0x40) returned 0x2f30000 [0061.564] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x1000, flProtect=0x40) returned 0x2f40000 [0061.565] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x1000, flProtect=0x40) returned 0x2f50000 [0061.565] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x2f60000 [0061.565] VirtualAlloc (lpAddress=0x21ec000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21ec000 [0061.566] GetCurrentProcessId () returned 0xda8 [0061.566] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x2f70000 [0061.566] VirtualAlloc (lpAddress=0x0, dwSize=0xc5, flAllocationType=0x1000, flProtect=0x40) returned 0x2f80000 [0061.566] VirtualAlloc (lpAddress=0x0, dwSize=0xa7, flAllocationType=0x1000, flProtect=0x40) returned 0x2f90000 [0061.567] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x2fa0000 [0061.567] VirtualAlloc (lpAddress=0x0, dwSize=0x281, flAllocationType=0x1000, flProtect=0x40) returned 0x2fb0000 [0061.567] VirtualAlloc (lpAddress=0x0, dwSize=0x8e, flAllocationType=0x1000, flProtect=0x40) returned 0x2fc0000 [0061.568] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x2fd0000 [0061.568] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x2fe0000 [0061.569] VirtualAlloc (lpAddress=0x0, dwSize=0xbe, flAllocationType=0x1000, flProtect=0x40) returned 0x2ff0000 [0061.569] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3000000 [0061.569] VirtualAlloc (lpAddress=0x0, dwSize=0x323, flAllocationType=0x1000, flProtect=0x40) returned 0x3010000 [0061.570] GetCurrentProcessId () returned 0xda8 [0061.570] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3020000 [0061.570] VirtualAlloc (lpAddress=0x0, dwSize=0x9d, flAllocationType=0x1000, flProtect=0x40) returned 0x3030000 [0061.571] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x3040000 [0061.571] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x3050000 [0061.571] VirtualAlloc (lpAddress=0x0, dwSize=0x97, flAllocationType=0x1000, flProtect=0x40) returned 0x3060000 [0061.572] VirtualAlloc (lpAddress=0x0, dwSize=0x42b, flAllocationType=0x1000, flProtect=0x40) returned 0x3070000 [0061.572] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x1000, flProtect=0x40) returned 0x3080000 [0061.572] VirtualAlloc (lpAddress=0x0, dwSize=0x20b, flAllocationType=0x1000, flProtect=0x40) returned 0x3090000 [0061.573] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x40) returned 0x30a0000 [0061.573] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x30b0000 [0061.573] VirtualAlloc (lpAddress=0x0, dwSize=0xab, flAllocationType=0x1000, flProtect=0x40) returned 0x30c0000 [0061.574] GetCurrentProcessId () returned 0xda8 [0061.574] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x30d0000 [0061.574] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x1000, flProtect=0x40) returned 0x30e0000 [0061.575] VirtualAlloc (lpAddress=0x0, dwSize=0x65f, flAllocationType=0x1000, flProtect=0x40) returned 0x30f0000 [0061.575] VirtualAlloc (lpAddress=0x0, dwSize=0xd2, flAllocationType=0x1000, flProtect=0x40) returned 0x3100000 [0061.575] VirtualAlloc (lpAddress=0x0, dwSize=0x9f, flAllocationType=0x1000, flProtect=0x40) returned 0x3110000 [0061.576] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x3120000 [0061.576] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x3130000 [0061.576] VirtualAlloc (lpAddress=0x0, dwSize=0x418, flAllocationType=0x1000, flProtect=0x40) returned 0x3140000 [0061.577] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3150000 [0061.577] VirtualAlloc (lpAddress=0x0, dwSize=0xd8, flAllocationType=0x1000, flProtect=0x40) returned 0x3160000 [0061.577] VirtualAlloc (lpAddress=0x0, dwSize=0x97, flAllocationType=0x1000, flProtect=0x40) returned 0x3170000 [0061.578] VirtualAlloc (lpAddress=0x21f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21f0000 [0061.578] GetCurrentProcessId () returned 0xda8 [0061.578] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3180000 [0061.579] VirtualAlloc (lpAddress=0x0, dwSize=0x26a, flAllocationType=0x1000, flProtect=0x40) returned 0x3190000 [0061.579] VirtualAlloc (lpAddress=0x0, dwSize=0x81, flAllocationType=0x1000, flProtect=0x40) returned 0x31a0000 [0061.579] VirtualAlloc (lpAddress=0x0, dwSize=0x79, flAllocationType=0x1000, flProtect=0x40) returned 0x31b0000 [0061.580] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x31c0000 [0061.580] VirtualAlloc (lpAddress=0x0, dwSize=0xa4, flAllocationType=0x1000, flProtect=0x40) returned 0x31d0000 [0061.581] VirtualAlloc (lpAddress=0x0, dwSize=0xb5, flAllocationType=0x1000, flProtect=0x40) returned 0x31e0000 [0061.581] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x31f0000 [0061.581] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x3200000 [0061.582] VirtualAlloc (lpAddress=0x0, dwSize=0x396, flAllocationType=0x1000, flProtect=0x40) returned 0x3210000 [0061.582] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x3220000 [0061.583] GetCurrentProcessId () returned 0xda8 [0061.583] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3230000 [0061.583] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3240000 [0061.584] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x1000, flProtect=0x40) returned 0x3250000 [0061.584] VirtualAlloc (lpAddress=0x0, dwSize=0x521, flAllocationType=0x1000, flProtect=0x40) returned 0x3260000 [0061.584] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x1000, flProtect=0x40) returned 0x3270000 [0061.585] VirtualAlloc (lpAddress=0x0, dwSize=0xad, flAllocationType=0x1000, flProtect=0x40) returned 0x3280000 [0061.585] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x3290000 [0061.586] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x32a0000 [0061.586] VirtualAlloc (lpAddress=0x0, dwSize=0x88, flAllocationType=0x1000, flProtect=0x40) returned 0x32b0000 [0061.587] VirtualAlloc (lpAddress=0x0, dwSize=0xa0, flAllocationType=0x1000, flProtect=0x40) returned 0x32c0000 [0061.587] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x32d0000 [0061.588] VirtualAlloc (lpAddress=0x21f4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x21f4000 [0061.588] GetCurrentProcessId () returned 0xda8 [0061.588] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x32e0000 [0061.588] VirtualAlloc (lpAddress=0x0, dwSize=0x8b, flAllocationType=0x1000, flProtect=0x40) returned 0x32f0000 [0061.589] VirtualAlloc (lpAddress=0x0, dwSize=0x99, flAllocationType=0x1000, flProtect=0x40) returned 0x3300000 [0061.589] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x1000, flProtect=0x40) returned 0x3310000 [0061.590] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x40) returned 0x3320000 [0061.590] VirtualAlloc (lpAddress=0x0, dwSize=0xc0, flAllocationType=0x1000, flProtect=0x40) returned 0x3330000 [0061.590] VirtualAlloc (lpAddress=0x0, dwSize=0x86, flAllocationType=0x1000, flProtect=0x40) returned 0x3340000 [0061.591] VirtualAlloc (lpAddress=0x0, dwSize=0x91, flAllocationType=0x1000, flProtect=0x40) returned 0x3350000 [0061.591] VirtualAlloc (lpAddress=0x0, dwSize=0x98, flAllocationType=0x1000, flProtect=0x40) returned 0x3360000 [0061.592] VirtualAlloc (lpAddress=0x0, dwSize=0x371, flAllocationType=0x1000, flProtect=0x40) returned 0x3370000 [0061.592] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x1000, flProtect=0x40) returned 0x3380000 [0061.593] GetCurrentProcessId () returned 0xda8 [0061.593] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3390000 [0061.593] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x1000, flProtect=0x40) returned 0x33a0000 [0061.593] VirtualAlloc (lpAddress=0x0, dwSize=0xa1, flAllocationType=0x1000, flProtect=0x40) returned 0x33b0000 [0061.594] VirtualAlloc (lpAddress=0x0, dwSize=0x327, flAllocationType=0x1000, flProtect=0x40) returned 0x33c0000 [0061.594] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x33d0000 [0061.595] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x33e0000 [0061.595] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x1000, flProtect=0x40) returned 0x33f0000 [0061.596] VirtualAlloc (lpAddress=0x0, dwSize=0xb7, flAllocationType=0x1000, flProtect=0x40) returned 0x3400000 [0061.596] VirtualAlloc (lpAddress=0x0, dwSize=0xc1, flAllocationType=0x1000, flProtect=0x40) returned 0x3410000 [0061.597] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x1000, flProtect=0x40) returned 0x3420000 [0061.597] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x1000, flProtect=0x40) returned 0x3430000 [0061.598] GetCurrentProcessId () returned 0xda8 [0061.598] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x3440000 [0061.598] VirtualAlloc (lpAddress=0x0, dwSize=0xaf, flAllocationType=0x1000, flProtect=0x40) returned 0x3450000 [0061.599] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x40) returned 0x3460000 [0061.599] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x1000, flProtect=0x40) returned 0x3470000 [0061.599] VirtualAlloc (lpAddress=0x0, dwSize=0x9a, flAllocationType=0x1000, flProtect=0x40) returned 0x3480000 [0061.600] VirtualAlloc (lpAddress=0x0, dwSize=0xb5, flAllocationType=0x1000, flProtect=0x40) returned 0x3490000 [0061.600] VirtualAlloc (lpAddress=0x0, dwSize=0xd1, flAllocationType=0x1000, flProtect=0x40) returned 0x34a0000 [0061.601] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x34b0000 [0061.601] VirtualAlloc (lpAddress=0x0, dwSize=0xa3, flAllocationType=0x1000, flProtect=0x40) returned 0x34c0000 [0061.602] VirtualAlloc (lpAddress=0x0, dwSize=0xb3, flAllocationType=0x1000, flProtect=0x40) returned 0x34d0000 [0061.602] VirtualAlloc (lpAddress=0x0, dwSize=0x1f3, flAllocationType=0x1000, flProtect=0x40) returned 0x34e0000 [0061.603] GetCurrentProcessId () returned 0xda8 [0061.603] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x34f0000 [0061.603] VirtualAlloc (lpAddress=0x0, dwSize=0x18a, flAllocationType=0x1000, flProtect=0x40) returned 0x3500000 [0061.604] VirtualAlloc (lpAddress=0x0, dwSize=0xb0, flAllocationType=0x1000, flProtect=0x40) returned 0x3510000 [0061.604] VirtualAlloc (lpAddress=0x0, dwSize=0xa9, flAllocationType=0x1000, flProtect=0x40) returned 0x3520000 [0061.605] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x1000, flProtect=0x40) returned 0x3530000 [0061.605] VirtualAlloc (lpAddress=0x0, dwSize=0x9b, flAllocationType=0x1000, flProtect=0x40) returned 0x3540000 [0061.626] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.627] GetCurrentProcessId () returned 0xda8 [0061.629] GetCurrentProcessId () returned 0xda8 [0061.630] GetCurrentProcessId () returned 0xda8 [0061.631] GetCurrentProcessId () returned 0xda8 [0061.631] GetCurrentProcessId () returned 0xda8 [0061.631] GetCurrentProcessId () returned 0xda8 [0061.631] GetCurrentProcessId () returned 0xda8 [0061.632] GetCurrentProcessId () returned 0xda8 [0061.632] GetCurrentProcessId () returned 0xda8 [0061.632] GetCurrentProcessId () returned 0xda8 [0061.632] GetCurrentProcessId () returned 0xda8 [0061.632] GetCurrentProcessId () returned 0xda8 [0061.632] GetCurrentProcessId () returned 0xda8 [0061.633] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.634] GetCurrentProcessId () returned 0xda8 [0061.635] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.636] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.637] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.638] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.639] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.640] GetCurrentProcessId () returned 0xda8 [0061.641] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.642] GetCurrentProcessId () returned 0xda8 [0061.643] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.643] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.644] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.645] GetCurrentProcessId () returned 0xda8 [0061.646] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.646] GetCurrentProcessId () returned 0xda8 [0061.647] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.647] GetCurrentProcessId () returned 0xda8 [0061.648] GetCurrentProcessId () returned 0xda8 [0061.648] GetCurrentProcessId () returned 0xda8 [0061.648] GetCurrentProcessId () returned 0xda8 [0061.649] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.650] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.651] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.651] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.652] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.653] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.654] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.654] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.655] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.662] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.663] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.663] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.665] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.666] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.667] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.668] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.668] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.669] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.670] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.671] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.671] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.672] VirtualFree (lpAddress=0x35b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.680] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.681] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.682] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.683] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.684] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.685] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.686] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.687] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.688] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.688] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.689] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.690] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.691] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.692] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.882] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.883] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.884] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.886] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.887] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.888] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.889] VirtualFree (lpAddress=0x35d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.094] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.096] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemInfo") returned 0x769c4982 [0062.096] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.098] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0062.098] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.099] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleW") returned 0x769c3460 [0062.100] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.102] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0062.102] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.103] GetProcAddress (hModule=0x769b0000, lpProcName="LoadResource") returned 0x769c5904 [0062.103] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.104] GetProcAddress (hModule=0x769b0000, lpProcName="LockResource") returned 0x769c5911 [0062.104] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.104] GetProcAddress (hModule=0x769b0000, lpProcName="SizeofResource") returned 0x769c5a81 [0062.104] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.105] GetProcAddress (hModule=0x769b0000, lpProcName="FindResourceW") returned 0x769c5929 [0062.105] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.105] GetProcAddress (hModule=0x769b0000, lpProcName="FreeConsole") returned 0x76a67070 [0062.105] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.106] GetProcAddress (hModule=0x769b0000, lpProcName="CreateFileW") returned 0x769c3f0c [0062.106] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.107] GetProcAddress (hModule=0x769b0000, lpProcName="HeapSize") returned 0x77a13002 [0062.107] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.107] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcessHeap") returned 0x769c14c9 [0062.107] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.108] GetProcAddress (hModule=0x769b0000, lpProcName="SetStdHandle") returned 0x76a44aef [0062.108] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.108] GetProcAddress (hModule=0x769b0000, lpProcName="WideCharToMultiByte") returned 0x769c16ed [0062.108] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.109] GetProcAddress (hModule=0x769b0000, lpProcName="EnterCriticalSection") returned 0x77a022b0 [0062.109] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.110] GetProcAddress (hModule=0x769b0000, lpProcName="LeaveCriticalSection") returned 0x77a02270 [0062.110] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.110] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSectionEx") returned 0x769c4ce0 [0062.110] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.111] GetProcAddress (hModule=0x769b0000, lpProcName="DeleteCriticalSection") returned 0x77a145f5 [0062.111] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.111] GetProcAddress (hModule=0x769b0000, lpProcName="EncodePointer") returned 0x77a20fcb [0062.111] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.112] GetProcAddress (hModule=0x769b0000, lpProcName="DecodePointer") returned 0x77a19d35 [0062.112] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.112] GetProcAddress (hModule=0x769b0000, lpProcName="MultiByteToWideChar") returned 0x769c190e [0062.113] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.113] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringEx") returned 0x76a44d91 [0062.113] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.114] GetProcAddress (hModule=0x769b0000, lpProcName="GetStringTypeW") returned 0x769c1926 [0062.114] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.114] GetProcAddress (hModule=0x769b0000, lpProcName="GetCPInfo") returned 0x769c5141 [0062.114] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.115] GetProcAddress (hModule=0x769b0000, lpProcName="QueryPerformanceCounter") returned 0x769c1705 [0062.115] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.115] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcessId") returned 0x769c11f8 [0062.116] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.116] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentThreadId") returned 0x769c1430 [0062.117] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.117] GetProcAddress (hModule=0x769b0000, lpProcName="GetSystemTimeAsFileTime") returned 0x769c34b9 [0062.117] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.118] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeSListHead") returned 0x77a194a4 [0062.118] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.118] GetProcAddress (hModule=0x769b0000, lpProcName="IsDebuggerPresent") returned 0x769c4a15 [0062.118] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.119] GetProcAddress (hModule=0x769b0000, lpProcName="UnhandledExceptionFilter") returned 0x769e76f7 [0062.119] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.120] GetProcAddress (hModule=0x769b0000, lpProcName="SetUnhandledExceptionFilter") returned 0x769c8781 [0062.120] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.120] GetProcAddress (hModule=0x769b0000, lpProcName="GetStartupInfoW") returned 0x769c4cf8 [0062.120] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.121] GetProcAddress (hModule=0x769b0000, lpProcName="IsProcessorFeaturePresent") returned 0x769c51ed [0062.121] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.121] GetProcAddress (hModule=0x769b0000, lpProcName="GetCurrentProcess") returned 0x769c17e9 [0062.121] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.122] GetProcAddress (hModule=0x769b0000, lpProcName="TerminateProcess") returned 0x769dd7d2 [0062.122] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.123] GetProcAddress (hModule=0x769b0000, lpProcName="RaiseException") returned 0x769c585e [0062.123] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.123] GetProcAddress (hModule=0x769b0000, lpProcName="RtlUnwind") returned 0x769ed1b3 [0062.123] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.124] GetProcAddress (hModule=0x769b0000, lpProcName="GetLastError") returned 0x769c11c0 [0062.124] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.124] GetProcAddress (hModule=0x769b0000, lpProcName="SetLastError") returned 0x769c11a9 [0062.124] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.125] GetProcAddress (hModule=0x769b0000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x769c18f6 [0062.125] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.126] GetProcAddress (hModule=0x769b0000, lpProcName="TlsAlloc") returned 0x769c4965 [0062.126] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.126] GetProcAddress (hModule=0x769b0000, lpProcName="TlsGetValue") returned 0x769c11e0 [0062.126] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.127] GetProcAddress (hModule=0x769b0000, lpProcName="TlsSetValue") returned 0x769c14db [0062.127] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.127] GetProcAddress (hModule=0x769b0000, lpProcName="TlsFree") returned 0x769c3537 [0062.127] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.128] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0062.128] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.128] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryExW") returned 0x769c4915 [0062.128] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.129] GetProcAddress (hModule=0x769b0000, lpProcName="GetStdHandle") returned 0x769c516b [0062.129] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.130] GetProcAddress (hModule=0x769b0000, lpProcName="WriteFile") returned 0x769c1282 [0062.130] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.130] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameW") returned 0x769c4908 [0062.130] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.131] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0062.131] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.131] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleExW") returned 0x769c4a27 [0062.131] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.132] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineA") returned 0x769c5159 [0062.132] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.133] GetProcAddress (hModule=0x769b0000, lpProcName="GetCommandLineW") returned 0x769c51db [0062.133] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.133] GetProcAddress (hModule=0x769b0000, lpProcName="HeapAlloc") returned 0x77a0e026 [0062.133] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.134] GetProcAddress (hModule=0x769b0000, lpProcName="HeapFree") returned 0x769c14a9 [0062.134] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.134] GetProcAddress (hModule=0x769b0000, lpProcName="CompareStringW") returned 0x769c3b7a [0062.134] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.135] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringW") returned 0x769c1799 [0062.135] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.136] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoW") returned 0x769c3bf2 [0062.136] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.136] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidLocale") returned 0x769dce1e [0062.136] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.137] GetProcAddress (hModule=0x769b0000, lpProcName="GetUserDefaultLCID") returned 0x769c3d55 [0062.137] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.137] GetProcAddress (hModule=0x769b0000, lpProcName="EnumSystemLocalesW") returned 0x76a447ff [0062.137] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.138] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileType") returned 0x769c34e1 [0062.138] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.139] GetProcAddress (hModule=0x769b0000, lpProcName="CloseHandle") returned 0x769c13f0 [0062.139] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.139] GetProcAddress (hModule=0x769b0000, lpProcName="FlushFileBuffers") returned 0x769c4653 [0062.139] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.140] GetProcAddress (hModule=0x769b0000, lpProcName="GetConsoleOutputCP") returned 0x769d9ae7 [0062.140] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.140] GetProcAddress (hModule=0x769b0000, lpProcName="GetConsoleMode") returned 0x769c1328 [0062.140] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.141] GetProcAddress (hModule=0x769b0000, lpProcName="ReadFile") returned 0x769c3e83 [0062.141] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.141] GetProcAddress (hModule=0x769b0000, lpProcName="GetFileSizeEx") returned 0x769c599a [0062.142] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.142] GetProcAddress (hModule=0x769b0000, lpProcName="SetFilePointerEx") returned 0x769dc7df [0062.142] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.143] GetProcAddress (hModule=0x769b0000, lpProcName="ReadConsoleW") returned 0x76a67962 [0062.143] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.143] GetProcAddress (hModule=0x769b0000, lpProcName="HeapReAlloc") returned 0x77a21f6e [0062.143] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.144] GetProcAddress (hModule=0x769b0000, lpProcName="FindClose") returned 0x769c43fa [0062.144] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.144] GetProcAddress (hModule=0x769b0000, lpProcName="FindFirstFileExW") returned 0x769d17c9 [0062.144] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.145] GetProcAddress (hModule=0x769b0000, lpProcName="FindNextFileW") returned 0x769c54a6 [0062.145] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.146] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidCodePage") returned 0x769c444b [0062.146] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.146] GetProcAddress (hModule=0x769b0000, lpProcName="GetACP") returned 0x769c177c [0062.146] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.147] GetProcAddress (hModule=0x769b0000, lpProcName="GetOEMCP") returned 0x769ed191 [0062.147] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.148] GetProcAddress (hModule=0x769b0000, lpProcName="GetEnvironmentStringsW") returned 0x769c519b [0062.148] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.148] GetProcAddress (hModule=0x769b0000, lpProcName="FreeEnvironmentStringsW") returned 0x769c5183 [0062.148] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.149] GetProcAddress (hModule=0x769b0000, lpProcName="SetEnvironmentVariableW") returned 0x769c89a9 [0062.149] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x769b0000 [0062.150] GetProcAddress (hModule=0x769b0000, lpProcName="WriteConsoleW") returned 0x769e7a92 [0062.150] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0062.150] GetProcAddress (hModule=0x773b0000, lpProcName="SendNotifyMessageA") returned 0x77426d5d [0062.150] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x773b0000 [0062.151] GetProcAddress (hModule=0x773b0000, lpProcName="SendMessageCallbackA") returned 0x77426cfc [0062.151] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.151] GetProcAddress (hModule=0x769b0000, lpProcName="LocalAlloc") returned 0x769c166c [0062.151] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.152] GetProcAddress (hModule=0x769b0000, lpProcName="LocalFree") returned 0x769c2cec [0062.152] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.153] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleFileNameW") returned 0x769c4908 [0062.153] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.153] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcessAffinityMask") returned 0x769ca829 [0062.153] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.154] GetProcAddress (hModule=0x769b0000, lpProcName="SetProcessAffinityMask") returned 0x76a434dc [0062.154] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.154] GetProcAddress (hModule=0x769b0000, lpProcName="SetThreadAffinityMask") returned 0x769e0570 [0062.154] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.155] GetProcAddress (hModule=0x769b0000, lpProcName="Sleep") returned 0x769c10ff [0062.155] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.156] GetProcAddress (hModule=0x769b0000, lpProcName="ExitProcess") returned 0x769c79c8 [0062.156] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.156] GetProcAddress (hModule=0x769b0000, lpProcName="FreeLibrary") returned 0x769c3478 [0062.156] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.157] GetProcAddress (hModule=0x769b0000, lpProcName="LoadLibraryA") returned 0x769c498f [0062.157] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.157] GetProcAddress (hModule=0x769b0000, lpProcName="GetModuleHandleA") returned 0x769c1245 [0062.157] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x769b0000 [0062.158] GetProcAddress (hModule=0x769b0000, lpProcName="GetProcAddress") returned 0x769c1222 [0062.158] LoadLibraryA (lpLibFileName="user32.dll") returned 0x773b0000 [0062.158] GetProcAddress (hModule=0x773b0000, lpProcName="GetProcessWindowStation") returned 0x773c9eea [0062.159] LoadLibraryA (lpLibFileName="user32.dll") returned 0x773b0000 [0062.159] GetProcAddress (hModule=0x773b0000, lpProcName="GetUserObjectInformationW") returned 0x773c8068 [0062.160] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.577] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.578] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.578] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.579] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.580] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.581] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.581] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.582] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.583] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.584] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.585] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.585] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.586] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.587] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.588] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.588] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.589] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.590] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.590] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.591] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.592] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.593] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.593] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.594] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.595] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.595] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.596] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.597] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.598] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.598] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.599] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] GetCurrentProcessId () returned 0xda8 [0062.600] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.602] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] GetCurrentProcessId () returned 0xda8 [0062.603] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.604] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] GetCurrentProcessId () returned 0xda8 [0062.605] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.606] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.607] GetCurrentProcessId () returned 0xda8 [0062.617] GetSystemTime (in: lpSystemTime=0x18fef4 | out: lpSystemTime=0x18fef4*(wYear=0x7e5, wMonth=0xc, wDayOfWeek=0x2, wDay=0x1c, wHour=0x13, wMinute=0x1c, wSecond=0x31, wMilliseconds=0xf3)) [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.617] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] GetCurrentProcessId () returned 0xda8 [0062.618] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.619] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] GetCurrentProcessId () returned 0xda8 [0062.620] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.621] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] GetCurrentProcessId () returned 0xda8 [0062.622] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.623] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.624] GetCurrentProcessId () returned 0xda8 [0062.625] GetCurrentProcessId () returned 0xda8 [0062.625] GetCurrentProcessId () returned 0xda8 [0062.625] GetCurrentProcessId () returned 0xda8 [0062.625] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.625] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.626] GetCurrentProcessId () returned 0xda8 [0062.626] GetCurrentProcessId () returned 0xda8 [0062.626] GetCurrentProcessId () returned 0xda8 [0062.626] GetCurrentProcessId () returned 0xda8 [0062.626] GetCurrentProcessId () returned 0xda8 [0062.626] GetCurrentProcessId () returned 0xda8 [0062.626] GetCurrentProcessId () returned 0xda8 [0062.627] GetCurrentProcessId () returned 0xda8 [0062.627] GetCurrentProcessId () returned 0xda8 [0062.627] GetCurrentProcessId () returned 0xda8 [0062.627] GetCurrentProcessId () returned 0xda8 [0062.627] GetCurrentProcessId () returned 0xda8 [0062.627] GetCurrentProcessId () returned 0xda8 [0062.627] GetCurrentProcessId () returned 0xda8 [0062.627] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.628] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.628] GetCurrentProcessId () returned 0xda8 [0062.628] GetCurrentProcessId () returned 0xda8 [0062.628] GetCurrentProcessId () returned 0xda8 [0062.628] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] GetCurrentProcessId () returned 0xda8 [0062.629] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.629] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] GetCurrentProcessId () returned 0xda8 [0062.630] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.631] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.632] GetCurrentProcessId () returned 0xda8 [0062.907] ExpandEnvironmentStringsA (in: lpSrc="aspr_keys.ini", lpDst=0x18f6a8, nSize=0x400 | out: lpDst="aspr_keys.ini") returned 0xe [0062.908] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9a8, nSize=0xff | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe")) returned 0x5f [0062.908] FindFirstFileA (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\aspr_keys.ini", lpFindFileData=0x18f954 | out: lpFindFileData=0x18f954*(dwFileAttributes=0x292128, ftCreationTime.dwLowDateTime=0x18fab0, ftCreationTime.dwHighDateTime=0x29214c, ftLastAccessTime.dwLowDateTime=0x292153, ftLastAccessTime.dwHighDateTime=0x5f, ftLastWriteTime.dwLowDateTime=0x18f9a8, ftLastWriteTime.dwHighDateTime=0x18fac8, nFileSizeHigh=0x2f0000, nFileSizeLow=0x21dcbb0, dwReserved0=0x18fed8, dwReserved1=0x2925a2, cFileName="¸Ë\x1d\x02¨ù\x18", cAlternateFileName="LÌ\x1d\x02(")) returned 0xffffffff [0062.909] GetTempPathA (in: nBufferLength=0x3ff, lpBuffer=0x18fad0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0062.909] FindFirstFileA (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\aspr_keys.ini", lpFindFileData=0x18f954 | out: lpFindFileData=0x18f954*(dwFileAttributes=0x2f0000, ftCreationTime.dwLowDateTime=0x800000, ftCreationTime.dwHighDateTime=0x306f28, ftLastAccessTime.dwLowDateTime=0x18fa50, ftLastAccessTime.dwHighDateTime=0x77a1389e, ftLastWriteTime.dwLowDateTime=0x2f0138, ftLastWriteTime.dwHighDateTime=0x77a1387a, nFileSizeHigh=0x777cd6ba, nFileSizeLow=0x0, dwReserved0=0x2f0000, dwReserved1=0x306f30, cFileName="\x96", cAlternateFileName="\x8cú\x18")) returned 0xffffffff [0062.910] GetCurrentProcessId () returned 0xda8 [0062.910] GetCurrentProcessId () returned 0xda8 [0062.912] GetCurrentProcessId () returned 0xda8 [0062.913] GetCurrentProcessId () returned 0xda8 [0062.914] GetCurrentProcessId () returned 0xda8 [0062.914] GetCurrentProcessId () returned 0xda8 [0062.914] GetCurrentProcessId () returned 0xda8 [0062.914] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.915] GetCurrentProcessId () returned 0xda8 [0062.916] GetCurrentProcessId () returned 0xda8 [0062.916] GetCurrentProcessId () returned 0xda8 [0062.916] GetCurrentProcessId () returned 0xda8 [0062.916] GetCurrentProcessId () returned 0xda8 [0062.916] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.917] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.918] GetCurrentProcessId () returned 0xda8 [0062.918] GetCurrentProcessId () returned 0xda8 [0062.918] GetCurrentProcessId () returned 0xda8 [0062.918] GetCurrentProcessId () returned 0xda8 [0062.919] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0062.920] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.921] GetCurrentProcessId () returned 0xda8 [0062.922] GetCurrentProcessId () returned 0xda8 [0062.923] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.924] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.925] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.928] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.930] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.930] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.931] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.932] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.933] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.934] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.943] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.944] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.947] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.949] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.950] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.951] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.952] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.953] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.954] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.954] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0063.309] LocalAlloc (uFlags=0x0, uBytes=0xb0) returned 0x306f30 [0063.334] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0064.004] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x779e0000 [0065.541] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff04 | out: Wow64Process=0x18ff04*=1) returned 1 [0065.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18faa8*=0x435000, NumberOfBytesToProtect=0x18faa0, NewAccessProtection=0x40, OldAccessProtection=0x18fdd0 | out: BaseAddress=0x18faa8*=0x435000, NumberOfBytesToProtect=0x18faa0, OldAccessProtection=0x18fdd0*=0x80) returned 0x0 [0065.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18faa8*=0x424000, NumberOfBytesToProtect=0x18faa0, NewAccessProtection=0x4, OldAccessProtection=0x18fdd0 | out: BaseAddress=0x18faa8*=0x424000, NumberOfBytesToProtect=0x18faa0, OldAccessProtection=0x18fdd0*=0x40) returned 0x0 [0065.673] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18faa8*=0x423000, NumberOfBytesToProtect=0x18faa0, NewAccessProtection=0x40, OldAccessProtection=0x18fdd0 | out: BaseAddress=0x18faa8*=0x423000, NumberOfBytesToProtect=0x18faa0, OldAccessProtection=0x18fdd0*=0x80) returned 0x0 [0065.674] LocalAlloc (uFlags=0x0, uBytes=0x3e6c) returned 0x306fe8 [0065.998] LocalFree (hMem=0x306fe8) returned 0x0 [0065.998] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x18fe94, lpSystemAffinityMask=0x18fecc | out: lpProcessAffinityMask=0x18fe94, lpSystemAffinityMask=0x18fecc) returned 1 [0065.999] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x1) returned 0x1 [0066.000] Sleep (dwMilliseconds=0x0) [0066.001] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x1) returned 0x1 [0066.001] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x2) returned 0x0 [0066.002] Sleep (dwMilliseconds=0x0) [0066.002] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0066.002] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x4) returned 0x0 [0066.002] Sleep (dwMilliseconds=0x0) [0066.004] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0066.005] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x8) returned 0x0 [0066.005] Sleep (dwMilliseconds=0x0) [0066.011] SetThreadAffinityMask (hThread=0xfffffffe, dwThreadAffinityMask=0x0) returned 0x0 [0066.012] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18faa8*=0x435000, NumberOfBytesToProtect=0x18faa0, NewAccessProtection=0x20, OldAccessProtection=0x18fde8 | out: BaseAddress=0x18faa8*=0x435000, NumberOfBytesToProtect=0x18faa0, OldAccessProtection=0x18fde8*=0x40) returned 0x0 [0066.017] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18faa8*=0x424000, NumberOfBytesToProtect=0x18faa0, NewAccessProtection=0x2, OldAccessProtection=0x18fde8 | out: BaseAddress=0x18faa8*=0x424000, NumberOfBytesToProtect=0x18faa0, OldAccessProtection=0x18fde8*=0x4) returned 0x0 [0066.018] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x18faa8*=0x423000, NumberOfBytesToProtect=0x18faa0, NewAccessProtection=0x20, OldAccessProtection=0x18fde8 | out: BaseAddress=0x18faa8*=0x423000, NumberOfBytesToProtect=0x18faa0, OldAccessProtection=0x18fde8*=0x40) returned 0x0 [0066.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff54 | out: lpSystemTimeAsFileTime=0x18ff54*(dwLowDateTime=0x24b2b1d0, dwHighDateTime=0x1d7fc21)) [0066.042] GetCurrentThreadId () returned 0xdac [0066.042] GetCurrentProcessId () returned 0xda8 [0066.042] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff4c | out: lpPerformanceCount=0x18ff4c*=1338993243080) returned 1 [0066.376] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0066.431] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73550000 [0066.730] GetProcAddress (hModule=0x73550000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0066.730] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0066.731] GetLastError () returned 0x7e [0066.731] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x769b0000 [0066.732] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0066.786] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0067.077] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73550000 [0067.078] GetProcAddress (hModule=0x73550000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0067.078] GetProcessHeap () returned 0x2f0000 [0067.101] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0067.486] GetLastError () returned 0x7e [0067.486] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x769b0000 [0067.487] GetProcAddress (hModule=0x769b0000, lpProcName="FlsAlloc") returned 0x769c4ee3 [0067.488] GetLastError () returned 0x7e [0067.488] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0067.489] GetProcAddress (hModule=0x769b0000, lpProcName="FlsSetValue") returned 0x769c41c0 [0067.489] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x364) returned 0x307300 [0067.530] SetLastError (dwErrCode=0x7e) [0067.581] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe00) returned 0x307670 [0067.597] GetStartupInfoW (in: lpStartupInfo=0x18fe8c | out: lpStartupInfo=0x18fe8c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x409360, hStdOutput=0xe709e43e, hStdError=0xfffffffe)) [0067.597] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0067.597] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0067.597] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0067.597] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe\" " [0067.598] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe\" " [0067.656] GetACP () returned 0x4e4 [0067.657] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x220) returned 0x306fe8 [0067.657] IsValidCodePage (CodePage=0x4e4) returned 1 [0067.657] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18feac | out: lpCPInfo=0x18feac) returned 1 [0067.694] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f774 | out: lpCPInfo=0x18f774) returned 1 [0067.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd88, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0067.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd88, cbMultiByte=256, lpWideCharStr=0x18f518, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ媝AĀ") returned 256 [0067.719] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ媝AĀ", cchSrc=256, lpCharType=0x18f788 | out: lpCharType=0x18f788) returned 1 [0067.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd88, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0067.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd88, cbMultiByte=256, lpWideCharStr=0x18f4c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0067.719] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0067.963] GetLastError () returned 0x7e [0067.964] GetProcAddress (hModule=0x769b0000, lpProcName="LCMapStringEx") returned 0x76a44d91 [0067.964] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0067.965] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x18f2b8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0067.965] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x18fc88, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÚ>RçÄþ\x18", lpUsedDefaultChar=0x0) returned 256 [0067.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd88, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0067.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd88, cbMultiByte=256, lpWideCharStr=0x18f4e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ宱AĀ") returned 256 [0067.965] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ宱AĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0067.965] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ宱AĀ", cchSrc=256, lpDestStr=0x18f2d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0067.965] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x18fb88, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÚ>RçÄþ\x18", lpUsedDefaultChar=0x0) returned 256 [0068.028] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x80) returned 0x306350 [0068.029] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fcd0, nSize=0x105 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe")) returned 0x5f [0068.029] GetProcAddress (hModule=0x769b0000, lpProcName="AreFileApisANSI") returned 0x76a44671 [0068.029] AreFileApisANSI () returned 1 [0068.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 96 [0068.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe", cchWideChar=-1, lpMultiByteStr=0x434770, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\Desktop\\772f0c407388e029e98f9d885f57a0e3ef9b0f42099a16fe6367fb321d4e2444.exe", lpUsedDefaultChar=0x0) returned 96 [0068.029] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x68) returned 0x307210 [0068.029] RtlInitializeSListHead (in: ListHead=0x434210 | out: ListHead=0x434210) [0068.053] GetLastError () returned 0x0 [0068.054] SetLastError (dwErrCode=0x0) [0068.054] GetEnvironmentStringsW () returned 0x308c78* [0068.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1415, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1415 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x587) returned 0x309790 [0068.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1415, lpMultiByteStr=0x309790, cbMultiByte=1415, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1415 [0068.055] FreeEnvironmentStringsW (penv=0x308c78) returned 1 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x98) returned 0x308c78 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1f) returned 0x3089e0 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2b) returned 0x308d18 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x37) returned 0x308d50 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3c) returned 0x308d90 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x31) returned 0x308dd8 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x308e18 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x308e38 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x14) returned 0x308e68 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xd) returned 0x304898 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1a) returned 0x308a08 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x308e88 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x19) returned 0x308a30 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x17) returned 0x308ec0 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe) returned 0x3048b0 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x95) returned 0x308ee0 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3e) returned 0x309d38 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1b) returned 0x308a58 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1d) returned 0x308a80 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x308f80 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x308fd0 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x308ff0 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1b) returned 0x308aa8 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x309010 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x29) returned 0x309040 [0068.055] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1e) returned 0x308ad0 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6b) returned 0x309078 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x17) returned 0x3090f0 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xf) returned 0x3048c8 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x16) returned 0x309110 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2a) returned 0x309130 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x29) returned 0x309168 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x16) returned 0x3091a0 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x13) returned 0x3091c0 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1f) returned 0x308af8 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x3091e0 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x309200 [0068.056] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x46) returned 0x309220 [0068.056] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309790 | out: hHeap=0x2f0000) returned 1 [0068.083] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x800) returned 0x309270 [0068.083] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0068.108] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4071b1) returned 0x0 [0068.396] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x8) returned 0x3063d8 [0068.397] LoadLibraryExW (lpLibFileName="api-ms-win-core-string-l1-1-0", hFile=0x0, dwFlags=0x800) returned 0x76fe0000 [0068.398] GetProcAddress (hModule=0x76fe0000, lpProcName="CompareStringEx") returned 0x77016a72 [0068.398] GetProcAddress (hModule=0x769b0000, lpProcName="EnumSystemLocalesEx") returned 0x76a447ef [0068.398] LoadLibraryExW (lpLibFileName="api-ms-win-core-datetime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0068.399] GetLastError () returned 0x7e [0068.399] GetProcAddress (hModule=0x769b0000, lpProcName="GetDateFormatEx") returned 0x76a56c26 [0068.399] GetProcAddress (hModule=0x769b0000, lpProcName="GetLocaleInfoEx") returned 0x76a44cf1 [0068.400] GetProcAddress (hModule=0x769b0000, lpProcName="GetTimeFormatEx") returned 0x76a56ba1 [0068.400] GetProcAddress (hModule=0x769b0000, lpProcName="GetUserDefaultLocaleName") returned 0x76a44d61 [0068.401] GetProcAddress (hModule=0x769b0000, lpProcName="IsValidLocaleName") returned 0x76a44d81 [0068.401] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-obsolete-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0068.401] GetLastError () returned 0x7e [0068.401] GetProcAddress (hModule=0x769b0000, lpProcName="LCIDToLocaleName") returned 0x769ecec4 [0068.402] GetProcAddress (hModule=0x769b0000, lpProcName="LocaleNameToLCID") returned 0x76a44da1 [0068.402] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x20) returned 0x30b1f8 [0068.402] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309a78 [0068.402] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309a78 | out: hHeap=0x2f0000) returned 1 [0068.402] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309a78 [0068.476] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x8) returned 0x309a88 [0068.477] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x18) returned 0x30b980 [0068.839] GetLastError () returned 0x7e [0068.839] SetLastError (dwErrCode=0x7e) [0068.839] GetLastError () returned 0x7e [0068.839] SetLastError (dwErrCode=0x7e) [0068.839] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309a98 [0068.839] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30c168 [0068.839] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30c168 | out: hHeap=0x2f0000) returned 1 [0068.841] GetLastError () returned 0x7e [0068.841] SetLastError (dwErrCode=0x7e) [0068.841] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309b58 [0068.841] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309b68 [0068.841] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4) returned 0x309b78 [0068.841] GetLastError () returned 0x7e [0068.842] SetLastError (dwErrCode=0x7e) [0068.842] GetLastError () returned 0x7e [0068.842] SetLastError (dwErrCode=0x7e) [0068.842] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309b88 [0068.842] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30c168 [0068.842] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30c168 | out: hHeap=0x2f0000) returned 1 [0068.842] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b58 | out: hHeap=0x2f0000) returned 1 [0068.843] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309a98 | out: hHeap=0x2f0000) returned 1 [0068.843] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b78 | out: hHeap=0x2f0000) returned 1 [0068.843] GetLastError () returned 0x7e [0068.843] SetLastError (dwErrCode=0x7e) [0068.843] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309b78 [0068.843] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309a98 [0068.843] GetLastError () returned 0x7e [0068.843] SetLastError (dwErrCode=0x7e) [0068.843] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x200) returned 0x30c168 [0068.843] GetLastError () returned 0x7e [0068.843] SetLastError (dwErrCode=0x7e) [0068.843] GetLastError () returned 0x7e [0068.843] SetLastError (dwErrCode=0x7e) [0068.843] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4) returned 0x309aa8 [0068.843] GetLastError () returned 0x7e [0068.843] SetLastError (dwErrCode=0x7e) [0068.843] GetLastError () returned 0x7e [0068.843] SetLastError (dwErrCode=0x7e) [0068.843] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309c48 [0068.843] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30c370 [0068.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30c370 | out: hHeap=0x2f0000) returned 1 [0068.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b78 | out: hHeap=0x2f0000) returned 1 [0068.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b88 | out: hHeap=0x2f0000) returned 1 [0068.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309aa8 | out: hHeap=0x2f0000) returned 1 [0068.844] GetLastError () returned 0x7e [0068.844] SetLastError (dwErrCode=0x7e) [0068.844] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309d08 [0068.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309a98 | out: hHeap=0x2f0000) returned 1 [0068.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b68 | out: hHeap=0x2f0000) returned 1 [0068.844] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x8) returned 0x309a98 [0068.925] GetSystemInfo (in: lpSystemInfo=0x18fe74 | out: lpSystemInfo=0x18fe74*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0069.272] GetLastError () returned 0x57 [0069.272] SetLastError (dwErrCode=0x57) [0069.297] GetLastError () returned 0x57 [0069.297] SetLastError (dwErrCode=0x57) [0069.297] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1000) returned 0x30c370 [0069.514] SendMessageCallbackA (hWnd=0x0, Msg=0x4, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.514] GetLastError () returned 0x578 [0069.514] SetLastError (dwErrCode=0x578) [0069.514] SendMessageCallbackA (hWnd=0x0, Msg=0x5, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.515] GetLastError () returned 0x578 [0069.515] SetLastError (dwErrCode=0x578) [0069.515] SendMessageCallbackA (hWnd=0x0, Msg=0x6, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.515] GetLastError () returned 0x578 [0069.515] SetLastError (dwErrCode=0x578) [0069.515] SendMessageCallbackA (hWnd=0x0, Msg=0x7, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.515] GetLastError () returned 0x578 [0069.515] SetLastError (dwErrCode=0x578) [0069.515] SendMessageCallbackA (hWnd=0x0, Msg=0x8, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.515] GetLastError () returned 0x578 [0069.515] SetLastError (dwErrCode=0x578) [0069.515] SendMessageCallbackA (hWnd=0x0, Msg=0x9, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.515] GetLastError () returned 0x578 [0069.515] SetLastError (dwErrCode=0x578) [0069.515] SendMessageCallbackA (hWnd=0x0, Msg=0xa, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.515] GetLastError () returned 0x578 [0069.515] SetLastError (dwErrCode=0x578) [0069.516] SendMessageCallbackA (hWnd=0x0, Msg=0xb, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.516] GetLastError () returned 0x578 [0069.516] SetLastError (dwErrCode=0x578) [0069.516] SendMessageCallbackA (hWnd=0x0, Msg=0xc, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.516] GetLastError () returned 0x578 [0069.516] SetLastError (dwErrCode=0x578) [0069.516] SendMessageCallbackA (hWnd=0x0, Msg=0xd, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.516] GetLastError () returned 0x578 [0069.516] SetLastError (dwErrCode=0x578) [0069.516] SendMessageCallbackA (hWnd=0x0, Msg=0xe, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.516] GetLastError () returned 0x578 [0069.516] SetLastError (dwErrCode=0x578) [0069.516] SendMessageCallbackA (hWnd=0x0, Msg=0xf, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.516] GetLastError () returned 0x578 [0069.516] SetLastError (dwErrCode=0x578) [0069.516] SendMessageCallbackA (hWnd=0x0, Msg=0x10, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.516] GetLastError () returned 0x578 [0069.516] SetLastError (dwErrCode=0x578) [0069.516] SendMessageCallbackA (hWnd=0x0, Msg=0x11, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.517] GetLastError () returned 0x578 [0069.517] SetLastError (dwErrCode=0x578) [0069.517] SendMessageCallbackA (hWnd=0x0, Msg=0x12, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.517] GetLastError () returned 0x578 [0069.517] SetLastError (dwErrCode=0x578) [0069.517] SendMessageCallbackA (hWnd=0x0, Msg=0x13, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.517] GetLastError () returned 0x578 [0069.517] SetLastError (dwErrCode=0x578) [0069.517] SendMessageCallbackA (hWnd=0x0, Msg=0x14, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.517] GetLastError () returned 0x578 [0069.517] SetLastError (dwErrCode=0x578) [0069.517] SendMessageCallbackA (hWnd=0x0, Msg=0x15, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.517] GetLastError () returned 0x578 [0069.517] SetLastError (dwErrCode=0x578) [0069.517] SendMessageCallbackA (hWnd=0x0, Msg=0x16, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.517] GetLastError () returned 0x578 [0069.517] SetLastError (dwErrCode=0x578) [0069.517] SendMessageCallbackA (hWnd=0x0, Msg=0x17, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.518] GetLastError () returned 0x578 [0069.518] SetLastError (dwErrCode=0x578) [0069.518] SendMessageCallbackA (hWnd=0x0, Msg=0x18, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.518] GetLastError () returned 0x578 [0069.518] SetLastError (dwErrCode=0x578) [0069.518] SendMessageCallbackA (hWnd=0x0, Msg=0x19, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.518] GetLastError () returned 0x578 [0069.518] SetLastError (dwErrCode=0x578) [0069.518] SendMessageCallbackA (hWnd=0x0, Msg=0x1a, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.518] GetLastError () returned 0x578 [0069.518] SetLastError (dwErrCode=0x578) [0069.518] SendMessageCallbackA (hWnd=0x0, Msg=0x1b, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.518] GetLastError () returned 0x578 [0069.518] SetLastError (dwErrCode=0x578) [0069.518] SendMessageCallbackA (hWnd=0x0, Msg=0x1c, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.518] GetLastError () returned 0x578 [0069.518] SetLastError (dwErrCode=0x578) [0069.518] SendMessageCallbackA (hWnd=0x0, Msg=0x1d, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.518] GetLastError () returned 0x578 [0069.519] SetLastError (dwErrCode=0x578) [0069.519] SendMessageCallbackA (hWnd=0x0, Msg=0x1e, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.519] GetLastError () returned 0x578 [0069.519] SetLastError (dwErrCode=0x578) [0069.519] SendMessageCallbackA (hWnd=0x0, Msg=0x1f, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.519] GetLastError () returned 0x578 [0069.519] SetLastError (dwErrCode=0x578) [0069.519] SendMessageCallbackA (hWnd=0x0, Msg=0x20, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.519] GetLastError () returned 0x578 [0069.519] SetLastError (dwErrCode=0x578) [0069.519] SendMessageCallbackA (hWnd=0x0, Msg=0x21, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.519] GetLastError () returned 0x578 [0069.519] SetLastError (dwErrCode=0x578) [0069.519] SendMessageCallbackA (hWnd=0x0, Msg=0x22, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.519] GetLastError () returned 0x578 [0069.519] SetLastError (dwErrCode=0x578) [0069.519] SendMessageCallbackA (hWnd=0x0, Msg=0x23, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.519] GetLastError () returned 0x578 [0069.520] SetLastError (dwErrCode=0x578) [0069.520] SendMessageCallbackA (hWnd=0x0, Msg=0x24, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.520] GetLastError () returned 0x578 [0069.520] SetLastError (dwErrCode=0x578) [0069.520] SendMessageCallbackA (hWnd=0x0, Msg=0x25, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.520] GetLastError () returned 0x578 [0069.520] SetLastError (dwErrCode=0x578) [0069.520] SendMessageCallbackA (hWnd=0x0, Msg=0x26, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.520] GetLastError () returned 0x578 [0069.520] SetLastError (dwErrCode=0x578) [0069.520] SendMessageCallbackA (hWnd=0x0, Msg=0x27, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.520] GetLastError () returned 0x578 [0069.520] SetLastError (dwErrCode=0x578) [0069.520] SendMessageCallbackA (hWnd=0x0, Msg=0x28, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.520] GetLastError () returned 0x578 [0069.520] SetLastError (dwErrCode=0x578) [0069.520] SendMessageCallbackA (hWnd=0x0, Msg=0x29, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.520] GetLastError () returned 0x578 [0069.520] SetLastError (dwErrCode=0x578) [0069.520] SendMessageCallbackA (hWnd=0x0, Msg=0x2a, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.521] GetLastError () returned 0x578 [0069.521] SetLastError (dwErrCode=0x578) [0069.521] SendMessageCallbackA (hWnd=0x0, Msg=0x2b, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.521] GetLastError () returned 0x578 [0069.521] SetLastError (dwErrCode=0x578) [0069.521] SendMessageCallbackA (hWnd=0x0, Msg=0x2c, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.521] GetLastError () returned 0x578 [0069.521] SetLastError (dwErrCode=0x578) [0069.521] SendMessageCallbackA (hWnd=0x0, Msg=0x2d, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.521] GetLastError () returned 0x578 [0069.521] SetLastError (dwErrCode=0x578) [0069.521] SendMessageCallbackA (hWnd=0x0, Msg=0x2e, wParam=0x0, lParam=0x0, lpResultCallBack=0x0, dwData=0x0) returned 0 [0069.521] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x8) returned 0x309aa8 [0069.521] GetLastError () returned 0x578 [0069.522] SetLastError (dwErrCode=0x578) [0069.522] GetLastError () returned 0x578 [0069.522] SetLastError (dwErrCode=0x578) [0069.522] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309ab8 [0069.522] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30d378 [0069.522] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d378 | out: hHeap=0x2f0000) returned 1 [0069.522] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309d08 | out: hHeap=0x2f0000) returned 1 [0069.523] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c48 | out: hHeap=0x2f0000) returned 1 [0069.523] GetLastError () returned 0x578 [0069.523] SetLastError (dwErrCode=0x578) [0069.523] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309b78 [0069.523] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309b88 [0069.523] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4) returned 0x309b98 [0069.523] GetLastError () returned 0x578 [0069.523] SetLastError (dwErrCode=0x578) [0069.523] GetLastError () returned 0x578 [0069.523] SetLastError (dwErrCode=0x578) [0069.523] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309ba8 [0069.523] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30d378 [0069.524] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d378 | out: hHeap=0x2f0000) returned 1 [0069.524] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b78 | out: hHeap=0x2f0000) returned 1 [0069.524] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309ab8 | out: hHeap=0x2f0000) returned 1 [0069.524] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b98 | out: hHeap=0x2f0000) returned 1 [0069.524] GetLastError () returned 0x578 [0069.524] SetLastError (dwErrCode=0x578) [0069.524] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309b98 [0069.524] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309c68 [0069.524] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4) returned 0x309c78 [0069.524] GetLastError () returned 0x578 [0069.524] SetLastError (dwErrCode=0x578) [0069.524] GetLastError () returned 0x578 [0069.524] SetLastError (dwErrCode=0x578) [0069.525] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309ab8 [0069.525] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30d378 [0069.525] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d378 | out: hHeap=0x2f0000) returned 1 [0069.525] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b98 | out: hHeap=0x2f0000) returned 1 [0069.525] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309ba8 | out: hHeap=0x2f0000) returned 1 [0069.525] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c78 | out: hHeap=0x2f0000) returned 1 [0069.525] GetLastError () returned 0x578 [0069.525] SetLastError (dwErrCode=0x578) [0069.525] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309b78 [0069.526] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c68 | out: hHeap=0x2f0000) returned 1 [0069.526] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b88 | out: hHeap=0x2f0000) returned 1 [0069.526] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x8) returned 0x309b88 [0069.561] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x18) returned 0x30b9a0 [0069.561] GetLastError () returned 0x578 [0069.561] SetLastError (dwErrCode=0x578) [0069.561] GetLastError () returned 0x578 [0069.561] SetLastError (dwErrCode=0x578) [0069.561] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309b98 [0069.562] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30d378 [0069.562] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d378 | out: hHeap=0x2f0000) returned 1 [0069.562] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b78 | out: hHeap=0x2f0000) returned 1 [0069.562] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309ab8 | out: hHeap=0x2f0000) returned 1 [0069.562] GetLastError () returned 0x578 [0069.562] SetLastError (dwErrCode=0x578) [0069.562] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309c58 [0069.562] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309c68 [0069.563] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4) returned 0x309c78 [0069.563] GetLastError () returned 0x578 [0069.563] SetLastError (dwErrCode=0x578) [0069.563] GetLastError () returned 0x578 [0069.563] SetLastError (dwErrCode=0x578) [0069.563] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309ab8 [0069.563] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30d378 [0069.563] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d378 | out: hHeap=0x2f0000) returned 1 [0069.563] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c58 | out: hHeap=0x2f0000) returned 1 [0069.563] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b98 | out: hHeap=0x2f0000) returned 1 [0069.563] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c78 | out: hHeap=0x2f0000) returned 1 [0069.563] GetLastError () returned 0x578 [0069.563] SetLastError (dwErrCode=0x578) [0069.563] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x309b78 [0069.563] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x2) returned 0x309c78 [0069.563] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1) returned 0x309c88 [0069.564] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6) returned 0x309c98 [0069.564] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x5) returned 0x309ca8 [0069.564] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4) returned 0x309cb8 [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] GetLastError () returned 0x578 [0069.564] SetLastError (dwErrCode=0x578) [0069.564] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb8) returned 0x309b98 [0069.564] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6a6) returned 0x30d378 [0069.565] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d378 | out: hHeap=0x2f0000) returned 1 [0069.565] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b78 | out: hHeap=0x2f0000) returned 1 [0069.565] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309ab8 | out: hHeap=0x2f0000) returned 1 [0069.565] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309cb8 | out: hHeap=0x2f0000) returned 1 [0069.565] GetLastError () returned 0x578 [0069.565] SetLastError (dwErrCode=0x578) [0069.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x6) returned 0x30d390 [0069.565] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c78 | out: hHeap=0x2f0000) returned 1 [0069.565] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c68 | out: hHeap=0x2f0000) returned 1 [0069.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x8) returned 0x30d3a0 [0069.565] GetLastError () returned 0x578 [0069.566] GetProcAddress (hModule=0x769b0000, lpProcName="FlsGetValue") returned 0x769c1252 [0069.566] SetLastError (dwErrCode=0x578) [0069.566] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x769b0000 [0069.566] GetProcAddress (hModule=0x769b0000, lpProcName="VirtualProtect") returned 0x769c4317 [0069.566] VirtualProtect (in: lpAddress=0x18f6f4, dwSize=0x77e, flNewProtect=0x40, lpflOldProtect=0xb3b14 | out: lpflOldProtect=0xb3b14*=0x4) returned 1 [0069.820] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0069.820] FindResourceW (hModule=0x400000, lpName=0x65, lpType=0xa) returned 0x8ec080 [0069.836] LoadResource (hModule=0x400000, hResInfo=0x8ec080) returned 0x8ec0a0 [0069.836] LockResource (hResData=0x8ec0a0) returned 0x8ec0a0 [0069.836] SizeofResource (hModule=0x400000, hResInfo=0x8ec080) returned 0x1a000 [0069.838] CreateProcessW (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xb39e0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xb3b1c | out: lpCommandLine=0x0, lpProcessInformation=0xb3b1c*(hProcess=0xac, hThread=0xa8, dwProcessId=0xdc4, dwThreadId=0xdc8)) returned 1 [0069.879] GetThreadContext (in: hThread=0xa8, lpContext=0xb3714 | out: lpContext=0xb3714*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xfffde000, Edx=0x0, Ecx=0x0, Eax=0x104fb00, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x3cf978, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0070.123] ReadProcessMemory (in: hProcess=0xac, lpBaseAddress=0xfffde008, lpBuffer=0xb3b04, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xb3b04*, lpNumberOfBytesRead=0x0) returned 1 [0070.123] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x35c0000 [0070.124] VirtualAllocEx (hProcess=0xac, lpAddress=0x400000, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0070.126] WriteProcessMemory (in: hProcess=0xac, lpBaseAddress=0x400000, lpBuffer=0x35c0000*, nSize=0x20000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x35c0000*, lpNumberOfBytesWritten=0x0) returned 1 [0070.133] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0xb3aa0 | out: lpflOldProtect=0xb3aa0*=0x40) returned 1 [0070.150] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x402000, dwSize=0x18d94, flNewProtect=0x20, lpflOldProtect=0xb3aa0 | out: lpflOldProtect=0xb3aa0*=0x40) returned 1 [0070.153] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x41c000, dwSize=0x4dc, flNewProtect=0x2, lpflOldProtect=0xb3aa0 | out: lpflOldProtect=0xb3aa0*=0x40) returned 1 [0070.153] VirtualProtectEx (in: hProcess=0xac, lpAddress=0x41e000, dwSize=0xc, flNewProtect=0x2, lpflOldProtect=0xb3aa0 | out: lpflOldProtect=0xb3aa0*=0x40) returned 1 [0070.153] VirtualFree (lpAddress=0x35c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0070.158] WriteProcessMemory (in: hProcess=0xac, lpBaseAddress=0xfffde008, lpBuffer=0xb3b34*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0xb3b34*, lpNumberOfBytesWritten=0x0) returned 1 [0070.159] SetThreadContext (hThread=0xa8, lpContext=0xb3714*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0xfffde000, Edx=0x0, Ecx=0x0, Eax=0x4191be, Ebp=0x0, Eip=0x779f01c4, SegCs=0x23, EFlags=0x202, Esp=0x3cf978, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0070.160] ResumeThread (hThread=0xa8) returned 0x1 [0070.410] CloseHandle (hObject=0xac) returned 1 [0070.410] CloseHandle (hObject=0xa8) returned 1 [0070.410] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0070.411] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c88 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c98 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309ca8 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b9a0 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d3a0 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309aa8 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b88 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30c168 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b980 | out: hHeap=0x2f0000) returned 1 [0070.495] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309a98 | out: hHeap=0x2f0000) returned 1 [0070.496] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309a88 | out: hHeap=0x2f0000) returned 1 [0070.496] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309a78 | out: hHeap=0x2f0000) returned 1 [0070.496] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b1f8 | out: hHeap=0x2f0000) returned 1 [0070.496] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3063d8 | out: hHeap=0x2f0000) returned 1 [0070.497] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306350 | out: hHeap=0x2f0000) returned 1 [0070.574] GetLastError () returned 0x578 [0070.574] SetLastError (dwErrCode=0x578) [0070.574] GetLastError () returned 0x578 [0070.574] SetLastError (dwErrCode=0x578) [0070.574] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30c370 | out: hHeap=0x2f0000) returned 1 [0070.575] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309270 | out: hHeap=0x2f0000) returned 1 [0070.575] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x0 [0070.576] GetLastError () returned 0x7e [0070.576] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fee8 | out: phModule=0x18fee8) returned 0 [0070.576] ExitProcess (uExitCode=0x0) [0070.577] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30d390 | out: hHeap=0x2f0000) returned 1 [0070.578] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b98 | out: hHeap=0x2f0000) returned 1 [0070.579] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x307300 | out: hHeap=0x2f0000) returned 1 Process: id = "2" image_name = "applaunch.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe" page_root = "0x46c16000" os_pid = "0xdc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xda8" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e771" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 699 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 700 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 701 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 702 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 703 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 704 start_va = 0xd0000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 705 start_va = 0x2d0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 706 start_va = 0x1040000 end_va = 0x1058fff monitored = 0 entry_point = 0x104fb00 region_type = mapped_file name = "applaunch.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe") Region: id = 707 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 708 start_va = 0x779e0000 end_va = 0x77b5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 709 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 710 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 711 start_va = 0xfffb0000 end_va = 0xfffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 712 start_va = 0xfffdb000 end_va = 0xfffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffdb000" filename = "" Region: id = 713 start_va = 0xfffde000 end_va = 0xfffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffde000" filename = "" Region: id = 714 start_va = 0xfffdf000 end_va = 0xfffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffdf000" filename = "" Region: id = 715 start_va = 0xfffe0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 717 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 718 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 719 start_va = 0x75250000 end_va = 0x75257fff monitored = 0 entry_point = 0x752520f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 720 start_va = 0x75260000 end_va = 0x752bbfff monitored = 0 entry_point = 0x7529f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 721 start_va = 0x752c0000 end_va = 0x752fefff monitored = 0 entry_point = 0x752ee088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 722 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 723 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 724 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 725 start_va = 0x776e0000 end_va = 0x777fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000776e0000" filename = "" Region: id = 726 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 727 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 728 start_va = 0x420000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 729 start_va = 0x753b0000 end_va = 0x753f9fff monitored = 1 entry_point = 0x753b2e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 730 start_va = 0x769b0000 end_va = 0x76abffff monitored = 0 entry_point = 0x769c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 731 start_va = 0x76fe0000 end_va = 0x77026fff monitored = 0 entry_point = 0x76fe74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 732 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 733 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 734 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 735 start_va = 0x110000 end_va = 0x176fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 736 start_va = 0x420000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 737 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 738 start_va = 0x620000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 739 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 740 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 741 start_va = 0x76c20000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76c349e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 742 start_va = 0x76cc0000 end_va = 0x76d6bfff monitored = 0 entry_point = 0x76cca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 743 start_va = 0x76900000 end_va = 0x76918fff monitored = 0 entry_point = 0x76904975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 744 start_va = 0x75bc0000 end_va = 0x75caffff monitored = 0 entry_point = 0x75bd0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 745 start_va = 0x75530000 end_va = 0x7558ffff monitored = 0 entry_point = 0x7554a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 746 start_va = 0x75520000 end_va = 0x7552bfff monitored = 0 entry_point = 0x755210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 747 start_va = 0x70000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 748 start_va = 0x75320000 end_va = 0x753acfff monitored = 1 entry_point = 0x75332860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 749 start_va = 0x73550000 end_va = 0x73552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 750 start_va = 0x771d0000 end_va = 0x77226fff monitored = 0 entry_point = 0x771e9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 751 start_va = 0x77240000 end_va = 0x772cffff monitored = 0 entry_point = 0x77256343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 752 start_va = 0x773b0000 end_va = 0x774affff monitored = 0 entry_point = 0x773cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 753 start_va = 0x75780000 end_va = 0x75789fff monitored = 0 entry_point = 0x757836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 754 start_va = 0x76ac0000 end_va = 0x76b5cfff monitored = 0 entry_point = 0x76af3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 755 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 756 start_va = 0x7c0000 end_va = 0x947fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 757 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 758 start_va = 0x76b90000 end_va = 0x76beffff monitored = 0 entry_point = 0x76ba158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 759 start_va = 0x774b0000 end_va = 0x7757bfff monitored = 0 entry_point = 0x774b168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 760 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 761 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 762 start_va = 0x950000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 763 start_va = 0x1060000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 764 start_va = 0x74520000 end_va = 0x74528fff monitored = 0 entry_point = 0x74521220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 765 start_va = 0x724e0000 end_va = 0x72c8efff monitored = 1 entry_point = 0x724fd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 766 start_va = 0x71d30000 end_va = 0x724defff monitored = 1 entry_point = 0x71d4d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 767 start_va = 0x724e0000 end_va = 0x72c8efff monitored = 1 entry_point = 0x724fd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 768 start_va = 0x75300000 end_va = 0x75313fff monitored = 0 entry_point = 0x7530ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 769 start_va = 0x72430000 end_va = 0x724dafff monitored = 0 entry_point = 0x724c5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 770 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 771 start_va = 0xb0000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 772 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 773 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 774 start_va = 0xa0000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 775 start_va = 0xc0000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 776 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 777 start_va = 0x190000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 778 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 779 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 780 start_va = 0x420000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 781 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 782 start_va = 0xae0000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 783 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 784 start_va = 0x780000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 785 start_va = 0xd40000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 786 start_va = 0xfffd8000 end_va = 0xfffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffd8000" filename = "" Region: id = 787 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 788 start_va = 0x2460000 end_va = 0x445ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 789 start_va = 0x680000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 790 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 791 start_va = 0xee0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 792 start_va = 0xfffd5000 end_va = 0xfffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffd5000" filename = "" Region: id = 793 start_va = 0x290000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 794 start_va = 0xba0000 end_va = 0xc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 795 start_va = 0xcd0000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 796 start_va = 0xfffad000 end_va = 0xfffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffad000" filename = "" Region: id = 797 start_va = 0x4460000 end_va = 0x472efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 798 start_va = 0x71020000 end_va = 0x7242afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 799 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 800 start_va = 0x76e80000 end_va = 0x76fdbfff monitored = 0 entry_point = 0x76ecba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 801 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 802 start_va = 0x75400000 end_va = 0x75402fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 803 start_va = 0x70f90000 end_va = 0x71018fff monitored = 1 entry_point = 0x70f91130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 804 start_va = 0x757f0000 end_va = 0x7587efff monitored = 0 entry_point = 0x757f3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 805 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 806 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 807 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 808 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 809 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 810 start_va = 0x70520000 end_va = 0x70f74fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 811 start_va = 0x6fd00000 end_va = 0x70517fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 812 start_va = 0x6e8f0000 end_va = 0x6fcf6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.ServiceModel\\74d6cec37a30e1133f67258ce3ea5ea7\\System.ServiceModel.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servicemodel\\74d6cec37a30e1133f67258ce3ea5ea7\\system.servicemodel.ni.dll") Region: id = 813 start_va = 0x6e5e0000 end_va = 0x6e8e4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.identitymodel.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.IdentityModel\\c2ef5bc545b98a289f02d0b3eddbe280\\System.IdentityModel.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.identitymodel\\c2ef5bc545b98a289f02d0b3eddbe280\\system.identitymodel.ni.dll") Region: id = 814 start_va = 0x6e300000 end_va = 0x6e5d2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runteb92aa12#\\274e43040c8a7a02ef1065db3283005a\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runteb92aa12#\\274e43040c8a7a02ef1065db3283005a\\system.runtime.serialization.ni.dll") Region: id = 815 start_va = 0x480000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 816 start_va = 0x6e2e0000 end_va = 0x6e2fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\dc67dcb4b2fb4a3853d458cab08561f0\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\dc67dcb4b2fb4a3853d458cab08561f0\\smdiagnostics.ni.dll") Region: id = 817 start_va = 0x6db60000 end_va = 0x6e2d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 818 start_va = 0x6da60000 end_va = 0x6db2bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Servd1dec626#\\7679b916bf64989f7e8559969b308da1\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servd1dec626#\\7679b916bf64989f7e8559969b308da1\\system.servicemodel.internals.ni.dll") Region: id = 819 start_va = 0x742b0000 end_va = 0x742c6fff monitored = 0 entry_point = 0x742b3573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 820 start_va = 0xae0000 end_va = 0xb1bfff monitored = 0 entry_point = 0xae128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 821 start_va = 0xae0000 end_va = 0xb1bfff monitored = 0 entry_point = 0xae128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 822 start_va = 0xae0000 end_va = 0xb1bfff monitored = 0 entry_point = 0xae128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 823 start_va = 0xae0000 end_va = 0xb1bfff monitored = 0 entry_point = 0xae128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 824 start_va = 0xae0000 end_va = 0xb1bfff monitored = 0 entry_point = 0xae128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 825 start_va = 0x74270000 end_va = 0x742aafff monitored = 0 entry_point = 0x7427128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 826 start_va = 0x6da40000 end_va = 0x6da52fff monitored = 1 entry_point = 0x6da4d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 827 start_va = 0x4730000 end_va = 0x4a01fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 828 start_va = 0x6d930000 end_va = 0x6da34fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 829 start_va = 0x75cb0000 end_va = 0x768f9fff monitored = 0 entry_point = 0x75d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 830 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 831 start_va = 0x745e0000 end_va = 0x745eafff monitored = 0 entry_point = 0x745e1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 832 start_va = 0x6db40000 end_va = 0x6db56fff monitored = 0 entry_point = 0x6db435fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 833 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 834 start_va = 0xfff50000 end_va = 0xfff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff50000" filename = "" Region: id = 835 start_va = 0xfff40000 end_va = 0xfff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff40000" filename = "" Region: id = 836 start_va = 0xae0000 end_va = 0xb41fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 837 start_va = 0x75610000 end_va = 0x75644fff monitored = 0 entry_point = 0x7561145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 838 start_va = 0x76c10000 end_va = 0x76c15fff monitored = 0 entry_point = 0x76c11782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 839 start_va = 0x744e0000 end_va = 0x7451bfff monitored = 0 entry_point = 0x744e145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 840 start_va = 0x744d0000 end_va = 0x744d4fff monitored = 0 entry_point = 0x744d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 841 start_va = 0x744c0000 end_va = 0x744c5fff monitored = 0 entry_point = 0x744c1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 842 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 843 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 844 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 845 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 846 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 847 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 848 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 849 start_va = 0x4a0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 850 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 851 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 852 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 853 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 854 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 855 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 856 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 857 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 858 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 859 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 860 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 861 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 862 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 863 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 864 start_va = 0x3e0000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 865 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 866 start_va = 0x3e0000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 867 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 868 start_va = 0x3d0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 869 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 870 start_va = 0x3d0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 871 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 872 start_va = 0x3d0000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 873 start_va = 0x6d790000 end_va = 0x6d927fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.csharp.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.CSharp\\f73f48afb5512225dedaee9c88ac5050\\Microsoft.CSharp.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.csharp\\f73f48afb5512225dedaee9c88ac5050\\microsoft.csharp.ni.dll") Region: id = 874 start_va = 0x6d5e0000 end_va = 0x6d782fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 875 start_va = 0x6c770000 end_va = 0x6d5d5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 876 start_va = 0x6c5e0000 end_va = 0x6c76ffff monitored = 0 entry_point = 0x6c67d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 877 start_va = 0x4a10000 end_va = 0x4aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 878 start_va = 0x743f0000 end_va = 0x7446ffff monitored = 0 entry_point = 0x744037c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 879 start_va = 0x4af0000 end_va = 0x4cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 880 start_va = 0x4af0000 end_va = 0x4bcefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004af0000" filename = "" Region: id = 881 start_va = 0x4c80000 end_va = 0x4cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 882 start_va = 0x4a30000 end_va = 0x4a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 883 start_va = 0x4ae0000 end_va = 0x4aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ae0000" filename = "" Region: id = 884 start_va = 0x4cc0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cc0000" filename = "" Region: id = 885 start_va = 0xfffaa000 end_va = 0xfffacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffaa000" filename = "" Region: id = 886 start_va = 0x4a70000 end_va = 0x4aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 887 start_va = 0x4e80000 end_va = 0x4f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 888 start_va = 0xfffa7000 end_va = 0xfffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa7000" filename = "" Region: id = 889 start_va = 0x6c570000 end_va = 0x6c5d4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.dynamic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dynamic\\b7ad5353ae4f44df28ce7ebc9a8a752a\\System.Dynamic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dynamic\\b7ad5353ae4f44df28ce7ebc9a8a752a\\system.dynamic.ni.dll") Region: id = 890 start_va = 0x6db30000 end_va = 0x6db37fff monitored = 0 entry_point = 0x6db310e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 891 start_va = 0x6c440000 end_va = 0x6c56ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll") Region: id = 892 start_va = 0x4dc0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 893 start_va = 0x4fc0000 end_va = 0x50bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fc0000" filename = "" Region: id = 894 start_va = 0xfffa4000 end_va = 0xfffa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa4000" filename = "" Region: id = 895 start_va = 0x743e0000 end_va = 0x743edfff monitored = 0 entry_point = 0x743e1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 896 start_va = 0xb50000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 897 start_va = 0x5220000 end_va = 0x531ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005220000" filename = "" Region: id = 898 start_va = 0xfffa1000 end_va = 0xfffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa1000" filename = "" Region: id = 899 start_va = 0x4bf0000 end_va = 0x4c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 900 start_va = 0x5490000 end_va = 0x558ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 901 start_va = 0x6c410000 end_va = 0x6c430fff monitored = 1 entry_point = 0x6c4198e0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 902 start_va = 0xfff3d000 end_va = 0xfff3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff3d000" filename = "" Region: id = 903 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 904 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 905 start_va = 0x77320000 end_va = 0x773a2fff monitored = 0 entry_point = 0x773223d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 906 start_va = 0x3f0000 end_va = 0x3f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 907 start_va = 0x6c3f0000 end_va = 0x6c409fff monitored = 0 entry_point = 0x6c4003d0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 908 start_va = 0x6c380000 end_va = 0x6c3e0fff monitored = 0 entry_point = 0x6c3bbf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 909 start_va = 0x70f80000 end_va = 0x70f8afff monitored = 0 entry_point = 0x70f852a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 1252 start_va = 0x6c370000 end_va = 0x6c37efff monitored = 0 entry_point = 0x6c3793d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1253 start_va = 0x6c2c0000 end_va = 0x6c365fff monitored = 0 entry_point = 0x6c32a2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1254 start_va = 0x6c2a0000 end_va = 0x6c2b7fff monitored = 0 entry_point = 0x6c2a1335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 1255 start_va = 0x50c0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 1361 start_va = 0x420000 end_va = 0x422fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1362 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1363 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1364 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1365 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1366 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1367 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1368 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1369 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1370 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1371 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1372 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1373 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1374 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1375 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1376 start_va = 0x420000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1377 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1378 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1379 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1380 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1381 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1382 start_va = 0x5590000 end_va = 0x5a81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 1383 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1384 start_va = 0x5a90000 end_va = 0x5f81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a90000" filename = "" Region: id = 1385 start_va = 0x6c1a0000 end_va = 0x6c29afff monitored = 0 entry_point = 0x6c1b17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 1386 start_va = 0x5320000 end_va = 0x541ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 1387 start_va = 0x4c30000 end_va = 0x4c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 1388 start_va = 0x5fb0000 end_va = 0x60affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fb0000" filename = "" Region: id = 1389 start_va = 0xfff3a000 end_va = 0xfff3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff3a000" filename = "" Region: id = 1390 start_va = 0x60b0000 end_va = 0x70affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060b0000" filename = "" Region: id = 1391 start_va = 0x5590000 end_va = 0x56effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 1425 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1426 start_va = 0x6c0c0000 end_va = 0x6c197fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\93d03eb9812405fa70e89d4efd5f7e14\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\93d03eb9812405fa70e89d4efd5f7e14\\system.security.ni.dll") Region: id = 1427 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1428 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1429 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1430 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1431 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1432 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2097 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2098 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2099 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2100 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2101 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2102 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2103 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2104 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 2105 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2106 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2107 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2186 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 2187 start_va = 0x56f0000 end_va = 0x5795fff monitored = 0 entry_point = 0x56f1c9a region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 2188 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 2189 start_va = 0x56f0000 end_va = 0x5795fff monitored = 0 entry_point = 0x56f1c9a region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 2190 start_va = 0x56f0000 end_va = 0x57affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2191 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2192 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2193 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2194 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2195 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2591 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2592 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2593 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2594 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2595 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 2596 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2597 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2598 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2599 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2600 start_va = 0x779b0000 end_va = 0x779b4fff monitored = 0 entry_point = 0x779b1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2601 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Thread: id = 2 os_tid = 0xdc8 [0077.133] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0081.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce520 | out: phkResult=0x3ce520*=0x0) returned 0x2 [0081.430] RegCloseKey (hKey=0x80000002) returned 0x0 [0082.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x3cdf78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0082.579] GetCurrentProcess () returned 0xffffffff [0082.579] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce2b0 | out: TokenHandle=0x3ce2b0*=0x40) returned 1 [0082.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x3cdd68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0082.590] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3ce2a8 | out: lpFileInformation=0x3ce2a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0082.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cdd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0082.596] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3ce2b0 | out: lpFileInformation=0x3ce2b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0082.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0082.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce1e8) returned 1 [0082.602] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1e4 [0082.602] GetFileType (hFile=0x1e4) returned 0x1 [0082.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce1e4) returned 1 [0082.603] GetFileType (hFile=0x1e4) returned 0x1 [0085.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0085.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cd584, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0085.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd7c4) returned 1 [0085.391] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3cda88 | out: lpFileInformation=0x3cda88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0085.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd7c0) returned 1 [0085.588] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x3cd954 | out: pfEnabled=0x3cd954) returned 0x0 [0085.627] GetFileSize (in: hFile=0x1e4, lpFileSizeHigh=0x3ce2a4 | out: lpFileSizeHigh=0x3ce2a4*=0x0) returned 0x8c8e [0085.628] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ce260, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3ce260*=0x1000, lpOverlapped=0x0) returned 1 [0085.653] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ce110, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3ce110*=0x1000, lpOverlapped=0x0) returned 1 [0085.655] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cdfc4, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3cdfc4*=0x1000, lpOverlapped=0x0) returned 1 [0085.655] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cdfc4, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3cdfc4*=0x1000, lpOverlapped=0x0) returned 1 [0085.656] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cdfc4, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3cdfc4*=0x1000, lpOverlapped=0x0) returned 1 [0085.656] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cdefc, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3cdefc*=0x1000, lpOverlapped=0x0) returned 1 [0085.663] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ce068, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3ce068*=0x1000, lpOverlapped=0x0) returned 1 [0085.665] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cdf5c, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3cdf5c*=0x1000, lpOverlapped=0x0) returned 1 [0085.666] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cdf5c, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3cdf5c*=0xc8e, lpOverlapped=0x0) returned 1 [0085.666] ReadFile (in: hFile=0x1e4, lpBuffer=0x249c460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ce020, lpOverlapped=0x0 | out: lpBuffer=0x249c460*, lpNumberOfBytesRead=0x3ce020*=0x0, lpOverlapped=0x0) returned 1 [0085.666] CloseHandle (hObject=0x1e4) returned 1 [0085.666] CloseHandle (hObject=0x40) returned 1 [0085.667] GetCurrentProcess () returned 0xffffffff [0085.668] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce3fc | out: TokenHandle=0x3ce3fc*=0x40) returned 1 [0085.668] CloseHandle (hObject=0x40) returned 1 [0085.668] GetCurrentProcess () returned 0xffffffff [0085.669] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce3fc | out: TokenHandle=0x3ce3fc*=0x40) returned 1 [0085.669] CloseHandle (hObject=0x40) returned 1 [0085.670] GetCurrentProcess () returned 0xffffffff [0085.670] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce2b0 | out: TokenHandle=0x3ce2b0*=0x40) returned 1 [0085.671] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3ce2a8 | out: lpFileInformation=0x3ce2a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xf6bca250, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0085.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x3cdd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0085.672] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3ce2b0 | out: lpFileInformation=0x3ce2b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc39c5900, ftCreationTime.dwHighDateTime=0x1cac64f, ftLastAccessTime.dwLowDateTime=0xf6bca250, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xc39c5900, ftLastWriteTime.dwHighDateTime=0x1cac64f, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0085.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", nBufferLength=0x105, lpBuffer=0x3cdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config", lpFilePart=0x0) returned 0x42 [0085.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce1e8) returned 1 [0085.672] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1e4 [0085.673] GetFileType (hFile=0x1e4) returned 0x1 [0085.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce1e4) returned 1 [0085.673] GetFileType (hFile=0x1e4) returned 0x1 [0085.673] GetFileSize (in: hFile=0x1e4, lpFileSizeHigh=0x3ce2a4 | out: lpFileSizeHigh=0x3ce2a4*=0x0) returned 0x119 [0085.673] ReadFile (in: hFile=0x1e4, lpBuffer=0x24b4c2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ce260, lpOverlapped=0x0 | out: lpBuffer=0x24b4c2c*, lpNumberOfBytesRead=0x3ce260*=0x119, lpOverlapped=0x0) returned 1 [0085.678] ReadFile (in: hFile=0x1e4, lpBuffer=0x24b4c2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ce124, lpOverlapped=0x0 | out: lpBuffer=0x24b4c2c*, lpNumberOfBytesRead=0x3ce124*=0x0, lpOverlapped=0x0) returned 1 [0085.678] CloseHandle (hObject=0x1e4) returned 1 [0085.678] CloseHandle (hObject=0x40) returned 1 [0085.679] GetCurrentProcess () returned 0xffffffff [0085.679] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce3fc | out: TokenHandle=0x3ce3fc*=0x40) returned 1 [0085.680] CloseHandle (hObject=0x40) returned 1 [0085.681] GetCurrentProcess () returned 0xffffffff [0085.681] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce3fc | out: TokenHandle=0x3ce3fc*=0x40) returned 1 [0085.681] CloseHandle (hObject=0x40) returned 1 [0085.746] GetCurrentProcess () returned 0xffffffff [0085.749] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce214 | out: TokenHandle=0x3ce214*=0x40) returned 1 [0085.842] CloseHandle (hObject=0x40) returned 1 [0085.843] GetCurrentProcess () returned 0xffffffff [0085.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce22c | out: TokenHandle=0x3ce22c*=0x40) returned 1 [0085.845] CloseHandle (hObject=0x40) returned 1 [0085.917] GetCurrentProcess () returned 0xffffffff [0085.918] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cda30 | out: TokenHandle=0x3cda30*=0x40) returned 1 [0085.942] CloseHandle (hObject=0x40) returned 1 [0085.942] GetCurrentProcess () returned 0xffffffff [0085.942] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cda48 | out: TokenHandle=0x3cda48*=0x40) returned 1 [0085.943] CloseHandle (hObject=0x40) returned 1 [0086.316] GetCurrentProcess () returned 0xffffffff [0086.316] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce924 | out: TokenHandle=0x3ce924*=0x40) returned 1 [0086.326] CloseHandle (hObject=0x40) returned 1 [0086.326] GetCurrentProcess () returned 0xffffffff [0086.326] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce93c | out: TokenHandle=0x3ce93c*=0x40) returned 1 [0086.327] CloseHandle (hObject=0x40) returned 1 [0086.691] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce1b4 | out: phkResult=0x3ce1b4*=0x0) returned 0x2 [0086.691] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce1b4 | out: phkResult=0x3ce1b4*=0x0) returned 0x2 [0088.417] EtwEventRegister () returned 0x0 [0088.504] GetCurrentProcess () returned 0xffffffff [0088.505] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce93c | out: TokenHandle=0x3ce93c*=0x1e4) returned 1 [0088.506] CloseHandle (hObject=0x1e4) returned 1 [0088.506] GetCurrentProcess () returned 0xffffffff [0088.506] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce954 | out: TokenHandle=0x3ce954*=0x1e4) returned 1 [0088.507] CloseHandle (hObject=0x1e4) returned 1 [0088.539] EtwEventRegister () returned 0x0 [0088.659] EtwEventRegister () returned 0x0 [0088.810] CoCreateGuid (in: pguid=0x3cea08 | out: pguid=0x3cea08*(Data1=0x83a49aaf, Data2=0x1116, Data3=0x4994, Data4=([0]=0xaf, [1]=0xe2, [2]=0xb2, [3]=0xf4, [4]=0x4d, [5]=0xc3, [6]=0x48, [7]=0xfc))) returned 0x0 [0088.817] CoCreateGuid (in: pguid=0x3ce94c | out: pguid=0x3ce94c*(Data1=0xabb12ef2, Data2=0x7021, Data3=0x40c9, Data4=([0]=0x96, [1]=0x7a, [2]=0x35, [3]=0xd0, [4]=0x8c, [5]=0x84, [6]=0xea, [7]=0x79))) returned 0x0 [0088.839] CoCreateGuid (in: pguid=0x3ce7e4 | out: pguid=0x3ce7e4*(Data1=0x4bf80cfe, Data2=0x70ea, Data3=0x4d48, Data4=([0]=0x96, [1]=0xcd, [2]=0x33, [3]=0x9c, [4]=0x57, [5]=0x4e, [6]=0x39, [7]=0xb9))) returned 0x0 [0088.877] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x3ce4e8 | out: lpWSAData=0x3ce4e8) returned 0 [0088.890] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x238 [0089.251] setsockopt (s=0x238, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0089.251] closesocket (s=0x238) returned 0 [0089.251] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x238 [0089.292] setsockopt (s=0x238, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0089.292] closesocket (s=0x238) returned 0 [0089.302] GetCurrentProcess () returned 0xffffffff [0089.303] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce2e8 | out: TokenHandle=0x3ce2e8*=0x238) returned 1 [0089.309] CloseHandle (hObject=0x238) returned 1 [0089.309] GetCurrentProcess () returned 0xffffffff [0089.309] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce300 | out: TokenHandle=0x3ce300*=0x238) returned 1 [0089.310] CloseHandle (hObject=0x238) returned 1 [0089.348] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x238 [0089.360] WSAConnect (in: s=0x238, name=0x253ba9c*(sa_family=2, sin_port=0xa168, sin_addr="85.209.89.134"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0089.413] setsockopt (s=0x238, level=65535, optname=4098, optval="", optlen=4) returned 0 [0089.414] setsockopt (s=0x238, level=65535, optname=4097, optval="", optlen=4) returned 0 [0089.415] setsockopt (s=0x238, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0089.416] setsockopt (s=0x238, level=65535, optname=4101, optval="6v\x1b", optlen=4) returned 0 [0089.417] send (s=0x238, buf=0x252efa4*, len=40, flags=0) returned 40 [0089.418] setsockopt (s=0x238, level=65535, optname=4102, optval="'v\x1b", optlen=4) returned 0 [0089.418] recv (in: s=0x238, buf=0x255bf88, len=1, flags=0 | out: buf=0x255bf88*) returned 1 [0089.511] send (s=0x238, buf=0x255c933*, len=205, flags=0) returned 205 [0089.513] recv (in: s=0x238, buf=0x255dec8, len=8192, flags=0 | out: buf=0x255dec8*) returned 142 [0094.591] CoCreateGuid (in: pguid=0x3cea04 | out: pguid=0x3cea04*(Data1=0x480a1f1, Data2=0x9dfa, Data3=0x4942, Data4=([0]=0x81, [1]=0x35, [2]=0x88, [3]=0xbb, [4]=0x5, [5]=0x79, [6]=0x84, [7]=0x14))) returned 0x0 [0094.595] CoCreateGuid (in: pguid=0x3ce948 | out: pguid=0x3ce948*(Data1=0xc04ef205, Data2=0x9d5a, Data3=0x4c92, Data4=([0]=0x8e, [1]=0x5c, [2]=0x1e, [3]=0x6e, [4]=0xbe, [5]=0x78, [6]=0x68, [7]=0x3b))) returned 0x0 [0094.596] send (s=0x238, buf=0x255c933*, len=154, flags=0) returned 154 [0094.598] recv (in: s=0x238, buf=0x255dec8, len=8192, flags=0 | out: buf=0x255dec8*) returned 3698 [0094.801] GetCurrentProcess () returned 0xffffffff [0094.801] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce230 | out: TokenHandle=0x3ce230*=0x23c) returned 1 [0094.802] CloseHandle (hObject=0x23c) returned 1 [0094.803] GetCurrentProcess () returned 0xffffffff [0094.803] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ce248 | out: TokenHandle=0x3ce248*=0x23c) returned 1 [0094.803] CloseHandle (hObject=0x23c) returned 1 [0095.824] CoTaskMemAlloc (cb=0x20c) returned 0x5cbdf8 [0095.824] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5cbdf8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0095.831] CoTaskMemFree (pv=0x5cbdf8) [0095.831] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0095.831] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x3ce7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0095.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9f4) returned 1 [0095.831] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x3cecb8 | out: lpFileInformation=0x3cecb8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9f0) returned 1 [0095.832] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x3ce7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0095.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce984) returned 1 [0095.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x3cec48 | out: lpFileInformation=0x3cec48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce980) returned 1 [0095.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce984) returned 1 [0095.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x3cec48 | out: lpFileInformation=0x3cec48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce980) returned 1 [0095.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce984) returned 1 [0095.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex"), fInfoLevelId=0x0, lpFileInformation=0x3cec48 | out: lpFileInformation=0x3cec48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce980) returned 1 [0095.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce984) returned 1 [0095.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local" (normalized: "c:\\users\\keecfmwgj\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x3cec48 | out: lpFileInformation=0x3cec48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0095.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce980) returned 1 [0095.833] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex"), lpSecurityAttributes=0x0) returned 1 [0095.835] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yaaddon"), lpSecurityAttributes=0x0) returned 1 [0095.898] GetUserNameW (in: lpBuffer=0x3ceac8, pcbBuffer=0x3ced40 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x3ced40) returned 1 [0095.912] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x3cea30 | out: pTimeZoneInformation=0x3cea30) returned 0x1 [0095.958] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ceb14 | out: phkResult=0x3ceb14*=0x248) returned 0x0 [0095.960] RegQueryValueExW (in: hKey=0x248, lpValueName="TZI", lpReserved=0x0, lpType=0x3ceb30, lpData=0x0, lpcbData=0x3ceb2c*=0x0 | out: lpType=0x3ceb30*=0x3, lpData=0x0, lpcbData=0x3ceb2c*=0x2c) returned 0x0 [0095.960] RegQueryValueExW (in: hKey=0x248, lpValueName="TZI", lpReserved=0x0, lpType=0x3ceb30, lpData=0x2596a38, lpcbData=0x3ceb2c*=0x2c | out: lpType=0x3ceb30*=0x3, lpData=0x2596a38*, lpcbData=0x3ceb2c*=0x2c) returned 0x0 [0095.961] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce968 | out: phkResult=0x3ce968*=0x0) returned 0x2 [0095.966] RegQueryValueExW (in: hKey=0x248, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3ceb08, lpData=0x0, lpcbData=0x3ceb04*=0x0 | out: lpType=0x3ceb08*=0x1, lpData=0x0, lpcbData=0x3ceb04*=0x20) returned 0x0 [0095.966] RegQueryValueExW (in: hKey=0x248, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3ceb08, lpData=0x2596fa0, lpcbData=0x3ceb04*=0x20 | out: lpType=0x3ceb08*=0x1, lpData="@tzres.dll,-320", lpcbData=0x3ceb04*=0x20) returned 0x0 [0095.966] RegQueryValueExW (in: hKey=0x248, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3ceb08, lpData=0x0, lpcbData=0x3ceb04*=0x0 | out: lpType=0x3ceb08*=0x1, lpData=0x0, lpcbData=0x3ceb04*=0x20) returned 0x0 [0095.966] RegQueryValueExW (in: hKey=0x248, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3ceb08, lpData=0x2596ff8, lpcbData=0x3ceb04*=0x20 | out: lpType=0x3ceb08*=0x1, lpData="@tzres.dll,-322", lpcbData=0x3ceb04*=0x20) returned 0x0 [0095.966] RegQueryValueExW (in: hKey=0x248, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3ceb08, lpData=0x0, lpcbData=0x3ceb04*=0x0 | out: lpType=0x3ceb08*=0x1, lpData=0x0, lpcbData=0x3ceb04*=0x20) returned 0x0 [0095.966] RegQueryValueExW (in: hKey=0x248, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3ceb08, lpData=0x2597050, lpcbData=0x3ceb04*=0x20 | out: lpType=0x3ceb08*=0x1, lpData="@tzres.dll,-321", lpcbData=0x3ceb04*=0x20) returned 0x0 [0095.968] CoTaskMemAlloc (cb=0x20c) returned 0x5cd530 [0095.968] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5cd530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0095.969] CoTaskMemFree (pv=0x5cd530) [0095.970] CoTaskMemAlloc (cb=0x20c) returned 0x5cd530 [0095.970] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ceb24, pwszFileMUIPath=0x5cd530, pcchFileMUIPath=0x3ceb28, pululEnumerator=0x3ceb1c | out: pwszLanguage=0x0, pcchLanguage=0x3ceb24, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ceb28, pululEnumerator=0x3ceb1c) returned 1 [0095.974] CoTaskMemFree (pv=0x0) [0095.974] CoTaskMemFree (pv=0x5cd530) [0095.975] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0095.981] CoTaskMemAlloc (cb=0x3ec) returned 0x5cd530 [0095.981] LoadStringW (in: hInstance=0x3d0001, uID=0x140, lpBuffer=0x5cd530, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0095.982] CoTaskMemFree (pv=0x5cd530) [0095.982] FreeLibrary (hLibModule=0x3d0001) returned 1 [0095.982] CoTaskMemAlloc (cb=0x20c) returned 0x5cd530 [0095.982] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5cd530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0095.983] CoTaskMemFree (pv=0x5cd530) [0095.983] CoTaskMemAlloc (cb=0x20c) returned 0x5cd530 [0095.983] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ceb24, pwszFileMUIPath=0x5cd530, pcchFileMUIPath=0x3ceb28, pululEnumerator=0x3ceb1c | out: pwszLanguage=0x0, pcchLanguage=0x3ceb24, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ceb28, pululEnumerator=0x3ceb1c) returned 1 [0095.986] CoTaskMemFree (pv=0x0) [0095.986] CoTaskMemFree (pv=0x5cd530) [0095.986] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0095.993] CoTaskMemAlloc (cb=0x3ec) returned 0x5cd530 [0095.993] LoadStringW (in: hInstance=0x3d0001, uID=0x142, lpBuffer=0x5cd530, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0095.993] CoTaskMemFree (pv=0x5cd530) [0095.993] FreeLibrary (hLibModule=0x3d0001) returned 1 [0095.994] CoTaskMemAlloc (cb=0x20c) returned 0x5cd530 [0095.994] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5cd530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0095.994] CoTaskMemFree (pv=0x5cd530) [0095.994] CoTaskMemAlloc (cb=0x20c) returned 0x5cd530 [0095.994] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ceb24, pwszFileMUIPath=0x5cd530, pcchFileMUIPath=0x3ceb28, pululEnumerator=0x3ceb1c | out: pwszLanguage=0x0, pcchLanguage=0x3ceb24, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ceb28, pululEnumerator=0x3ceb1c) returned 1 [0095.997] CoTaskMemFree (pv=0x0) [0095.997] CoTaskMemFree (pv=0x5cd530) [0095.997] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3d0001 [0096.015] CoTaskMemAlloc (cb=0x3ec) returned 0x5cd530 [0096.015] LoadStringW (in: hInstance=0x3d0001, uID=0x141, lpBuffer=0x5cd530, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0096.015] CoTaskMemFree (pv=0x5cd530) [0096.015] FreeLibrary (hLibModule=0x3d0001) returned 1 [0096.016] RegCloseKey (hKey=0x248) returned 0x0 [0097.551] GdiplusStartup (in: token=0x20a280, input=0x3ce1b8, output=0x3ce208 | out: token=0x20a280, output=0x3ce208) returned 0x0 [0097.586] GdipCreateFromHWND (hwnd=0x0, graphics=0x3ceca4) returned 0x0 [0097.606] GdipGetDC (graphics=0x4ae2230, hdc=0x3cecb4) returned 0x0 [0097.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x3cec54, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32E\x1c", lpUsedDefaultChar=0x0) returned 5 [0097.622] LoadLibraryA (lpLibFileName="gdi32") returned 0x77240000 [0097.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x3cec4c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCapsF\x1c", lpUsedDefaultChar=0x0) returned 13 [0097.638] GetProcAddress (hModule=0x77240000, lpProcName="GetDeviceCaps") returned 0x77254de0 [0097.655] GetDeviceCaps (hdc=0x17010774, index=10) returned 900 [0097.655] GetDeviceCaps (hdc=0x17010774, index=117) returned 900 [0097.657] GdipReleaseDC (graphics=0x4ae2230, hdc=0x17010774) returned 0x0 [0097.657] GdipDeleteGraphics (graphics=0x4ae2230) returned 0x0 [0097.665] GetSystemMetrics (nIndex=80) returned 1 [0097.682] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4a0ae6, dwData=0x0) returned 1 [0097.689] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x3cea74 | out: lpmi=0x3cea74) returned 1 [0097.691] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x17010b4d [0097.696] GetDeviceCaps (hdc=0x17010b4d, index=12) returned 32 [0097.696] GetDeviceCaps (hdc=0x17010b4d, index=14) returned 1 [0097.696] DeleteDC (hdc=0x17010b4d) returned 1 [0097.703] GetProcessWindowStation () returned 0x60 [0097.703] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x25b09b8, nLength=0xc, lpnLengthNeeded=0x3cec44 | out: pvInfo=0x25b09b8, lpnLengthNeeded=0x3cec44) returned 1 [0097.705] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x270 [0098.367] CoCreateGuid (in: pguid=0x3cdd74 | out: pguid=0x3cdd74*(Data1=0xafcb9a9c, Data2=0xeba5, Data3=0x49cb, Data4=([0]=0x83, [1]=0x0, [2]=0x45, [3]=0x2f, [4]=0xc8, [5]=0x75, [6]=0xe4, [7]=0x9b))) returned 0x0 [0098.600] CoTaskMemAlloc (cb=0x804) returned 0x5e80a8 [0098.600] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5e80a8, nSize=0x3ced30 | out: lpNameBuffer="Q9IATRKPRH\\kEecfMwgj", nSize=0x3ced30) returned 0x1 [0098.601] CoTaskMemFree (pv=0x5e80a8) [0098.601] GetUserNameW (in: lpBuffer=0x3ceac0, pcbBuffer=0x3ced38 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x3ced38) returned 1 [0098.781] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x298 [0098.783] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce580 | out: ppv=0x3ce580*=0x56e704) returned 0x0 [0098.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x3cd7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0098.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x3cdcf8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0098.990] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6c410000 [0099.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x3cdd2c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 13 [0099.174] GetProcAddress (hModule=0x6c410000, lpProcName="ResetSecurity") returned 0x6c417dd0 [0099.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x3cdd2c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0099.187] GetProcAddress (hModule=0x6c410000, lpProcName="SetSecurity") returned 0x6c417e20 [0099.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x3cdd28, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 18 [0099.198] GetProcAddress (hModule=0x6c410000, lpProcName="BlessIWbemServices") returned 0x6c416e70 [0099.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x3cdd20, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 24 [0099.226] GetProcAddress (hModule=0x6c410000, lpProcName="BlessIWbemServicesObject") returned 0x6c416ed0 [0099.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x3cdd28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 17 [0099.255] GetProcAddress (hModule=0x6c410000, lpProcName="GetPropertyHandle") returned 0x6c417820 [0099.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x3cdd28, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValuePlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 18 [0099.268] GetProcAddress (hModule=0x6c410000, lpProcName="WritePropertyValue") returned 0x6c417fa0 [0099.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x3cdd34, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 5 [0099.281] GetProcAddress (hModule=0x6c410000, lpProcName="Clone") returned 0x6c416f30 [0099.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x3cdd28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0099.297] GetProcAddress (hModule=0x6c410000, lpProcName="VerifyClientKey") returned 0x6c417f20 [0099.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x3cdd28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0099.303] GetProcAddress (hModule=0x6c410000, lpProcName="GetQualifierSet") returned 0x6c4178e0 [0099.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x3cdd34, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0099.304] GetProcAddress (hModule=0x6c410000, lpProcName="Get") returned 0x6c4175c0 [0099.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x3cdd34, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0099.351] GetProcAddress (hModule=0x6c410000, lpProcName="Put") returned 0x6c417a00 [0099.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x3cdd34, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeletePlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 6 [0099.375] GetProcAddress (hModule=0x6c410000, lpProcName="Delete") returned 0x6c417300 [0099.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x3cdd30, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 8 [0099.389] GetProcAddress (hModule=0x6c410000, lpProcName="GetNames") returned 0x6c4177c0 [0099.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x3cdd28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 16 [0099.413] GetProcAddress (hModule=0x6c410000, lpProcName="BeginEnumeration") returned 0x6c416e30 [0099.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x3cdd34, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 4 [0099.424] GetProcAddress (hModule=0x6c410000, lpProcName="Next") returned 0x6c4179a0 [0099.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x3cdd2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 14 [0099.444] GetProcAddress (hModule=0x6c410000, lpProcName="EndEnumeration") returned 0x6c4173c0 [0099.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x3cdd20, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0099.452] GetProcAddress (hModule=0x6c410000, lpProcName="GetPropertyQualifierSet") returned 0x6c4178b0 [0099.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x3cdd34, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 5 [0099.470] GetProcAddress (hModule=0x6c410000, lpProcName="Clone") returned 0x6c416f30 [0099.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x3cdd2c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 13 [0099.470] GetProcAddress (hModule=0x6c410000, lpProcName="GetObjectText") returned 0x6c4177f0 [0099.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x3cdd28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 17 [0099.481] GetProcAddress (hModule=0x6c410000, lpProcName="SpawnDerivedClass") returned 0x6c417e80 [0099.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x3cdd2c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancemPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 13 [0099.487] GetProcAddress (hModule=0x6c410000, lpProcName="SpawnInstance") returned 0x6c417eb0 [0099.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x3cdd30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTomPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 9 [0099.488] GetProcAddress (hModule=0x6c410000, lpProcName="CompareTo") returned 0x6c417020 [0099.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x3cdd28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 17 [0099.489] GetProcAddress (hModule=0x6c410000, lpProcName="GetPropertyOrigin") returned 0x6c417880 [0099.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x3cdd2c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 12 [0099.490] GetProcAddress (hModule=0x6c410000, lpProcName="InheritsFrom") returned 0x6c417900 [0099.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x3cdd30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 9 [0099.491] GetProcAddress (hModule=0x6c410000, lpProcName="GetMethod") returned 0x6c417730 [0099.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x3cdd30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 9 [0099.493] GetProcAddress (hModule=0x6c410000, lpProcName="PutMethod") returned 0x6c417bf0 [0099.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x3cdd2c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 12 [0099.495] GetProcAddress (hModule=0x6c410000, lpProcName="DeleteMethod") returned 0x6c417320 [0099.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x3cdd24, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 22 [0099.495] GetProcAddress (hModule=0x6c410000, lpProcName="BeginMethodEnumeration") returned 0x6c416e50 [0099.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x3cdd30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 10 [0099.496] GetProcAddress (hModule=0x6c410000, lpProcName="NextMethod") returned 0x6c4179d0 [0099.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x3cdd24, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 20 [0099.499] GetProcAddress (hModule=0x6c410000, lpProcName="EndMethodEnumeration") returned 0x6c4173e0 [0099.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x3cdd24, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 21 [0099.500] GetProcAddress (hModule=0x6c410000, lpProcName="GetMethodQualifierSet") returned 0x6c417790 [0099.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x3cdd28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0099.501] GetProcAddress (hModule=0x6c410000, lpProcName="GetMethodOrigin") returned 0x6c417760 [0099.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x3cdd28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 16 [0099.501] GetProcAddress (hModule=0x6c410000, lpProcName="QualifierSet_Get") returned 0x6c417c80 [0099.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x3cdd28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 16 [0099.503] GetProcAddress (hModule=0x6c410000, lpProcName="QualifierSet_Put") returned 0x6c417d10 [0099.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x3cdd24, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0099.504] GetProcAddress (hModule=0x6c410000, lpProcName="QualifierSet_Delete") returned 0x6c417c40 [0099.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x3cdd24, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNamesmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 21 [0099.505] GetProcAddress (hModule=0x6c410000, lpProcName="QualifierSet_GetNames") returned 0x6c417cb0 [0099.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x3cdd1c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumerationmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 29 [0099.507] GetProcAddress (hModule=0x6c410000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6c417c20 [0099.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x3cdd28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_NextmPlÖµ¶¹DþNr\x08à<", lpUsedDefaultChar=0x0) returned 17 [0099.508] GetProcAddress (hModule=0x6c410000, lpProcName="QualifierSet_Next") returned 0x6c417ce0 [0099.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cdce0 | out: phkResult=0x3cdce0*=0x2c8) returned 0x0 [0099.526] RegQueryValueExW (in: hKey=0x2c8, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x3cdcfc, lpData=0x0, lpcbData=0x3cdcf8*=0x0 | out: lpType=0x3cdcfc*=0x0, lpData=0x0, lpcbData=0x3cdcf8*=0x0) returned 0x2 [0099.526] RegCloseKey (hKey=0x2c8) returned 0x0 [0099.532] IUnknown:Release (This=0x56e704) returned 0x0 [0099.549] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x3ce1cc | out: lpiid=0x3ce1cc) returned 0x0 [0099.554] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cdee8 | out: ppv=0x3cdee8*=0x5ea358) returned 0x0 [0100.647] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea358, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce100 | out: ppvObject=0x3ce100*=0x0) returned 0x80004002 [0100.647] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea358, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce10c | out: ppvObject=0x3ce10c*=0x5df510) returned 0x0 [0100.648] WbemDefPath:IUnknown:Release (This=0x5ea358) returned 0x0 [0100.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df510, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdd2c | out: ppvObject=0x3cdd2c*=0x5df510) returned 0x0 [0100.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df510, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3cdce0 | out: ppvObject=0x3cdce0*=0x0) returned 0x80004002 [0100.654] WbemDefPath:IUnknown:AddRef (This=0x5df510) returned 0x3 [0100.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df510, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cd63c | out: ppvObject=0x3cd63c*=0x0) returned 0x80004002 [0100.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df510, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cd5ec | out: ppvObject=0x3cd5ec*=0x0) returned 0x80004002 [0100.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df510, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cd5f8 | out: ppvObject=0x3cd5f8*=0x5ea368) returned 0x0 [0100.655] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea368, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cd600 | out: pCid=0x3cd600*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0100.655] WbemDefPath:IUnknown:Release (This=0x5ea368) returned 0x3 [0100.656] CoGetContextToken (in: pToken=0x3cd658 | out: pToken=0x3cd658) returned 0x0 [0100.656] CoGetContextToken (in: pToken=0x3cda6c | out: pToken=0x3cda6c) returned 0x0 [0100.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df510, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0100.656] WbemDefPath:IUnknown:Release (This=0x5df510) returned 0x2 [0100.656] WbemDefPath:IUnknown:Release (This=0x5df510) returned 0x1 [0100.656] CoGetContextToken (in: pToken=0x3ce404 | out: pToken=0x3ce404) returned 0x0 [0100.656] CoGetContextToken (in: pToken=0x3ce364 | out: pToken=0x3ce364) returned 0x0 [0100.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df510, riid=0x3ce434*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ce430 | out: ppvObject=0x3ce430*=0x5df510) returned 0x0 [0100.657] WbemDefPath:IUnknown:AddRef (This=0x5df510) returned 0x3 [0100.657] WbemDefPath:IUnknown:Release (This=0x5df510) returned 0x2 [0100.658] WbemDefPath:IWbemPath:SetText (This=0x5df510, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0100.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cecac | out: puCount=0x3cecac*=0x2) returned 0x0 [0100.660] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceca8*=0x0, pszText=0x0 | out: puBuffLength=0x3ceca8*=0xf, pszText=0x0) returned 0x0 [0100.660] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceca8*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceca8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0100.661] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec34 | out: ppv=0x3cec34*=0x56e704) returned 0x0 [0100.661] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec2c | out: pAptType=0x3cec2c*=1) returned 0x0 [0100.661] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec30 | out: ppvObject=0x3cec30*=0x0) returned 0x80004002 [0100.661] IUnknown:Release (This=0x56e704) returned 0x0 [0100.661] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x3ceb34 | out: lpiid=0x3ceb34) returned 0x0 [0100.663] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce850 | out: ppv=0x3ce850*=0x5fcaf8) returned 0x0 [0100.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5fcaf8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cea68 | out: ppvObject=0x3cea68*=0x0) returned 0x80004002 [0100.821] WbemLocator:IClassFactory:CreateInstance (in: This=0x5fcaf8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea74 | out: ppvObject=0x3cea74*=0x5ea398) returned 0x0 [0100.821] WbemLocator:IUnknown:Release (This=0x5fcaf8) returned 0x0 [0100.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea398, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce694 | out: ppvObject=0x3ce694*=0x5ea398) returned 0x0 [0100.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea398, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce648 | out: ppvObject=0x3ce648*=0x0) returned 0x80004002 [0100.821] WbemLocator:IUnknown:AddRef (This=0x5ea398) returned 0x3 [0100.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea398, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdfa4 | out: ppvObject=0x3cdfa4*=0x0) returned 0x80004002 [0100.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea398, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdf54 | out: ppvObject=0x3cdf54*=0x0) returned 0x80004002 [0100.821] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea398, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf60 | out: ppvObject=0x3cdf60*=0x0) returned 0x80004002 [0100.821] CoGetContextToken (in: pToken=0x3cdfc0 | out: pToken=0x3cdfc0) returned 0x0 [0100.822] CoGetObjectContext (in: riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fcafc | out: ppv=0x5fcafc*=0x56e6f8) returned 0x0 [0100.822] CoGetContextToken (in: pToken=0x3ce3d4 | out: pToken=0x3ce3d4) returned 0x0 [0100.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea398, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce454 | out: ppvObject=0x3ce454*=0x0) returned 0x80004002 [0100.822] WbemLocator:IUnknown:Release (This=0x5ea398) returned 0x2 [0100.822] WbemLocator:IUnknown:Release (This=0x5ea398) returned 0x1 [0100.822] CoGetContextToken (in: pToken=0x3cea54 | out: pToken=0x3cea54) returned 0x0 [0100.822] CoGetContextToken (in: pToken=0x3ce9b4 | out: pToken=0x3ce9b4) returned 0x0 [0100.822] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea398, riid=0x3cea84*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3cea80 | out: ppvObject=0x3cea80*=0x5ea398) returned 0x0 [0100.822] WbemLocator:IUnknown:AddRef (This=0x5ea398) returned 0x3 [0100.823] WbemLocator:IUnknown:Release (This=0x5ea398) returned 0x2 [0100.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cec10 | out: puCount=0x3cec10*=0x2) returned 0x0 [0100.823] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3cec0c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec0c*=0xf, pszText=0x0) returned 0x0 [0100.824] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3cec0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0100.824] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3ceabc | out: ppv=0x3ceabc*=0x5ea3a8) returned 0x0 [0100.824] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5ea3a8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceb5c | out: ppNamespace=0x3ceb5c*=0x5919b8) returned 0x0 [0103.788] WbemLocator:IUnknown:QueryInterface (in: This=0x5919b8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9e0 | out: ppvObject=0x3ce9e0*=0x60334c) returned 0x0 [0103.788] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60334c, pProxy=0x5919b8, pAuthnSvc=0x3cea30, pAuthzSvc=0x3cea2c, pServerPrincName=0x3cea24, pAuthnLevel=0x3cea28, pImpLevel=0x3cea18, pAuthInfo=0x3cea1c, pCapabilites=0x3cea20 | out: pAuthnSvc=0x3cea30*=0xa, pAuthzSvc=0x3cea2c*=0x0, pServerPrincName=0x3cea24, pAuthnLevel=0x3cea28*=0x6, pImpLevel=0x3cea18*=0x2, pAuthInfo=0x3cea1c, pCapabilites=0x3cea20*=0x1) returned 0x0 [0103.788] WbemLocator:IUnknown:Release (This=0x60334c) returned 0x1 [0103.788] WbemLocator:IUnknown:QueryInterface (in: This=0x5919b8, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9d4 | out: ppvObject=0x3ce9d4*=0x60336c) returned 0x0 [0103.788] WbemLocator:IUnknown:QueryInterface (in: This=0x5919b8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9c0 | out: ppvObject=0x3ce9c0*=0x60334c) returned 0x0 [0103.788] WbemLocator:IClientSecurity:SetBlanket (This=0x60334c, pProxy=0x5919b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0103.789] WbemLocator:IUnknown:Release (This=0x60334c) returned 0x2 [0103.789] WbemLocator:IUnknown:Release (This=0x60336c) returned 0x1 [0103.789] CoTaskMemFree (pv=0x600420) [0103.789] WbemLocator:IUnknown:AddRef (This=0x5919b8) returned 0x2 [0103.789] WbemLocator:IUnknown:Release (This=0x5ea3a8) returned 0x0 [0103.790] CoGetContextToken (in: pToken=0x3cdf14 | out: pToken=0x3cdf14) returned 0x0 [0103.791] CoGetContextToken (in: pToken=0x3ce324 | out: pToken=0x3ce324) returned 0x0 [0103.791] WbemLocator:IUnknown:QueryInterface (in: This=0x5919b8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2c0 | out: ppvObject=0x3ce2c0*=0x603354) returned 0x0 [0103.791] WbemLocator:IRpcOptions:Query (in: This=0x603354, pPrx=0x605328, dwProperty=2, pdwValue=0x3ce3b4 | out: pdwValue=0x3ce3b4) returned 0x80004002 [0103.791] WbemLocator:IUnknown:Release (This=0x603354) returned 0x2 [0103.791] CoGetContextToken (in: pToken=0x3ce8f4 | out: pToken=0x3ce8f4) returned 0x0 [0103.792] CoGetContextToken (in: pToken=0x3ce854 | out: pToken=0x3ce854) returned 0x0 [0103.792] WbemLocator:IUnknown:QueryInterface (in: This=0x5919b8, riid=0x3ce924*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce7f0 | out: ppvObject=0x3ce7f0*=0x5919b8) returned 0x0 [0103.793] WbemLocator:IUnknown:Release (This=0x5919b8) returned 0x2 [0103.806] SysStringLen (param_1=0x0) returned 0x0 [0103.807] CoGetContextToken (in: pToken=0x3cea14 | out: pToken=0x3cea14) returned 0x0 [0103.807] IWbemServices:ExecQuery (in: This=0x5919b8, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_DiskDrive", lFlags=16, pCtx=0x0, ppEnum=0x3cec1c | out: ppEnum=0x3cec1c*=0x584860) returned 0x0 [0103.816] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea78 | out: ppvObject=0x3cea78*=0x584864) returned 0x0 [0103.816] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3ceac8, pAuthzSvc=0x3ceac4, pServerPrincName=0x3ceabc, pAuthnLevel=0x3ceac0, pImpLevel=0x3ceab0, pAuthInfo=0x3ceab4, pCapabilites=0x3ceab8 | out: pAuthnSvc=0x3ceac8*=0xa, pAuthzSvc=0x3ceac4*=0x0, pServerPrincName=0x3ceabc, pAuthnLevel=0x3ceac0*=0x6, pImpLevel=0x3ceab0*=0x2, pAuthInfo=0x3ceab4, pCapabilites=0x3ceab8*=0x1) returned 0x0 [0103.816] IUnknown:Release (This=0x584864) returned 0x1 [0103.816] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea6c | out: ppvObject=0x3cea6c*=0x60345c) returned 0x0 [0103.816] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea58 | out: ppvObject=0x3cea58*=0x584864) returned 0x0 [0103.816] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0103.820] IUnknown:Release (This=0x584864) returned 0x2 [0103.821] WbemLocator:IUnknown:Release (This=0x60345c) returned 0x1 [0103.821] CoTaskMemFree (pv=0x600480) [0103.821] IUnknown:AddRef (This=0x584860) returned 0x2 [0103.821] CoGetContextToken (in: pToken=0x3cdf98 | out: pToken=0x3cdf98) returned 0x0 [0103.821] CoGetContextToken (in: pToken=0x3ce3ac | out: pToken=0x3ce3ac) returned 0x0 [0103.821] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce344 | out: ppvObject=0x3ce344*=0x603444) returned 0x0 [0103.822] WbemLocator:IRpcOptions:Query (in: This=0x603444, pPrx=0x605358, dwProperty=2, pdwValue=0x3ce438 | out: pdwValue=0x3ce438) returned 0x80004002 [0103.822] WbemLocator:IUnknown:Release (This=0x603444) returned 0x2 [0103.822] CoGetContextToken (in: pToken=0x3ce97c | out: pToken=0x3ce97c) returned 0x0 [0103.822] CoGetContextToken (in: pToken=0x3ce8dc | out: pToken=0x3ce8dc) returned 0x0 [0103.822] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce9ac*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce878 | out: ppvObject=0x3ce878*=0x584860) returned 0x0 [0103.822] IUnknown:Release (This=0x584860) returned 0x2 [0103.822] SysStringLen (param_1=0x0) returned 0x0 [0103.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cec68 | out: puCount=0x3cec68*=0x2) returned 0x0 [0103.823] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec64*=0x0, pszText=0x0 | out: puBuffLength=0x3cec64*=0xf, pszText=0x0) returned 0x0 [0103.823] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec64*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec64*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0103.823] CoGetContextToken (in: pToken=0x3ceabc | out: pToken=0x3ceabc) returned 0x0 [0103.823] IEnumWbemClassObject:Clone (in: This=0x584860, ppEnum=0x3cec74 | out: ppEnum=0x3cec74*=0x584928) returned 0x0 [0103.824] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceb30 | out: ppvObject=0x3ceb30*=0x58492c) returned 0x0 [0103.825] IClientSecurity:QueryBlanket (in: This=0x58492c, pProxy=0x584928, pAuthnSvc=0x3ceb80, pAuthzSvc=0x3ceb7c, pServerPrincName=0x3ceb74, pAuthnLevel=0x3ceb78, pImpLevel=0x3ceb68, pAuthInfo=0x3ceb6c, pCapabilites=0x3ceb70 | out: pAuthnSvc=0x3ceb80*=0xa, pAuthzSvc=0x3ceb7c*=0x0, pServerPrincName=0x3ceb74, pAuthnLevel=0x3ceb78*=0x6, pImpLevel=0x3ceb68*=0x2, pAuthInfo=0x3ceb6c, pCapabilites=0x3ceb70*=0x1) returned 0x0 [0103.825] IUnknown:Release (This=0x58492c) returned 0x1 [0103.825] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceb24 | out: ppvObject=0x3ceb24*=0x60363c) returned 0x0 [0103.825] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceb10 | out: ppvObject=0x3ceb10*=0x58492c) returned 0x0 [0103.825] IClientSecurity:SetBlanket (This=0x58492c, pProxy=0x584928, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0103.827] IUnknown:Release (This=0x58492c) returned 0x2 [0103.827] WbemLocator:IUnknown:Release (This=0x60363c) returned 0x1 [0103.827] CoTaskMemFree (pv=0x6004b0) [0103.827] IUnknown:AddRef (This=0x584928) returned 0x2 [0103.827] CoGetContextToken (in: pToken=0x3ce040 | out: pToken=0x3ce040) returned 0x0 [0103.827] CoGetContextToken (in: pToken=0x3ce454 | out: pToken=0x3ce454) returned 0x0 [0103.827] IUnknown:QueryInterface (in: This=0x584928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3ec | out: ppvObject=0x3ce3ec*=0x603624) returned 0x0 [0103.828] WbemLocator:IRpcOptions:Query (in: This=0x603624, pPrx=0x6053b8, dwProperty=2, pdwValue=0x3ce4e0 | out: pdwValue=0x3ce4e0) returned 0x80004002 [0103.828] WbemLocator:IUnknown:Release (This=0x603624) returned 0x2 [0103.828] CoGetContextToken (in: pToken=0x3cea24 | out: pToken=0x3cea24) returned 0x0 [0103.828] CoGetContextToken (in: pToken=0x3ce984 | out: pToken=0x3ce984) returned 0x0 [0103.828] IUnknown:QueryInterface (in: This=0x584928, riid=0x3cea54*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce920 | out: ppvObject=0x3ce920*=0x584928) returned 0x0 [0103.828] IUnknown:Release (This=0x584928) returned 0x2 [0103.828] SysStringLen (param_1=0x0) returned 0x0 [0103.829] IEnumWbemClassObject:Reset (This=0x584928) returned 0x0 [0103.835] CoTaskMemAlloc (cb=0x4) returned 0x5ea458 [0103.837] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x5ea458, puReturned=0x262f440 | out: apObjects=0x5ea458*=0x60b2f8, puReturned=0x262f440*=0x1) returned 0x0 [0104.265] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2cc | out: ppvObject=0x3ce2cc*=0x60b2f8) returned 0x0 [0104.265] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce280 | out: ppvObject=0x3ce280*=0x0) returned 0x80004002 [0104.265] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce0a8 | out: ppvObject=0x3ce0a8*=0x0) returned 0x80004002 [0104.266] IUnknown:AddRef (This=0x60b2f8) returned 0x3 [0104.266] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdbdc | out: ppvObject=0x3cdbdc*=0x0) returned 0x80004002 [0104.266] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdb8c | out: ppvObject=0x3cdb8c*=0x0) returned 0x80004002 [0104.266] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdb98 | out: ppvObject=0x3cdb98*=0x60b2fc) returned 0x0 [0104.271] IMarshal:GetUnmarshalClass (in: This=0x60b2fc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdba0 | out: pCid=0x3cdba0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0104.271] IUnknown:Release (This=0x60b2fc) returned 0x3 [0104.271] CoGetContextToken (in: pToken=0x3cdbf8 | out: pToken=0x3cdbf8) returned 0x0 [0104.271] CoGetContextToken (in: pToken=0x3ce00c | out: pToken=0x3ce00c) returned 0x0 [0104.271] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce08c | out: ppvObject=0x3ce08c*=0x0) returned 0x80004002 [0104.272] IUnknown:Release (This=0x60b2f8) returned 0x2 [0104.272] CoGetContextToken (in: pToken=0x3ce5f4 | out: pToken=0x3ce5f4) returned 0x0 [0104.272] CoGetContextToken (in: pToken=0x3ce554 | out: pToken=0x3ce554) returned 0x0 [0104.272] IUnknown:QueryInterface (in: This=0x60b2f8, riid=0x3ce624*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce620 | out: ppvObject=0x3ce620*=0x60b2f8) returned 0x0 [0104.272] IUnknown:AddRef (This=0x60b2f8) returned 0x4 [0104.272] IUnknown:Release (This=0x60b2f8) returned 0x3 [0104.272] IUnknown:Release (This=0x60b2f8) returned 0x2 [0104.272] CoTaskMemFree (pv=0x5ea458) [0104.273] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0104.273] IUnknown:AddRef (This=0x60b2f8) returned 0x3 [0104.275] IWbemClassObject:Get (in: This=0x60b2f8, wszName="__GENUS", lFlags=0, pVal=0x3cec64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cece4*=0, plFlavor=0x3cece0*=0 | out: pVal=0x3cec64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cece4*=3, plFlavor=0x3cece0*=64) returned 0x0 [0104.282] IWbemClassObject:Get (in: This=0x60b2f8, wszName="__PATH", lFlags=0, pVal=0x3cec48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3ceccc*=0, plFlavor=0x3cecc8*=0 | out: pVal=0x3cec48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"", varVal2=0x0), pType=0x3ceccc*=8, plFlavor=0x3cecc8*=64) returned 0x0 [0104.290] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x90 [0104.291] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x90 [0104.291] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec74 | out: ppv=0x3cec74*=0x56e704) returned 0x0 [0104.291] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec6c | out: pAptType=0x3cec6c*=1) returned 0x0 [0104.291] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec70 | out: ppvObject=0x3cec70*=0x0) returned 0x80004002 [0104.291] IUnknown:Release (This=0x56e704) returned 0x1 [0104.295] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce5e0 | out: ppv=0x3ce5e0*=0x5ea458) returned 0x0 [0104.295] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea458, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7f8 | out: ppvObject=0x3ce7f8*=0x0) returned 0x80004002 [0104.296] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea458, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce804 | out: ppvObject=0x3ce804*=0x5df660) returned 0x0 [0104.296] WbemDefPath:IUnknown:Release (This=0x5ea458) returned 0x0 [0104.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df660, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce424 | out: ppvObject=0x3ce424*=0x5df660) returned 0x0 [0104.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df660, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce3d8 | out: ppvObject=0x3ce3d8*=0x0) returned 0x80004002 [0104.296] WbemDefPath:IUnknown:AddRef (This=0x5df660) returned 0x3 [0104.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df660, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdd34 | out: ppvObject=0x3cdd34*=0x0) returned 0x80004002 [0104.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df660, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdce4 | out: ppvObject=0x3cdce4*=0x0) returned 0x80004002 [0104.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df660, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdcf0 | out: ppvObject=0x3cdcf0*=0x5ea468) returned 0x0 [0104.297] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea468, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdcf8 | out: pCid=0x3cdcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0104.297] WbemDefPath:IUnknown:Release (This=0x5ea468) returned 0x3 [0104.297] CoGetContextToken (in: pToken=0x3cdd50 | out: pToken=0x3cdd50) returned 0x0 [0104.297] CoGetContextToken (in: pToken=0x3ce164 | out: pToken=0x3ce164) returned 0x0 [0104.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df660, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1e4 | out: ppvObject=0x3ce1e4*=0x0) returned 0x80004002 [0104.297] WbemDefPath:IUnknown:Release (This=0x5df660) returned 0x2 [0104.297] WbemDefPath:IUnknown:Release (This=0x5df660) returned 0x1 [0104.297] CoGetContextToken (in: pToken=0x3ceaf4 | out: pToken=0x3ceaf4) returned 0x0 [0104.297] CoGetContextToken (in: pToken=0x3cea54 | out: pToken=0x3cea54) returned 0x0 [0104.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df660, riid=0x3ceb24*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceb20 | out: ppvObject=0x3ceb20*=0x5df660) returned 0x0 [0104.297] WbemDefPath:IUnknown:AddRef (This=0x5df660) returned 0x3 [0104.297] WbemDefPath:IUnknown:Release (This=0x5df660) returned 0x2 [0104.298] WbemDefPath:IWbemPath:SetText (This=0x5df660, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x0 [0104.298] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceca0 | out: puCount=0x3ceca0*=0x2) returned 0x0 [0104.298] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec9c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec9c*=0xf, pszText=0x0) returned 0x0 [0104.298] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0104.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cec6c | out: puCount=0x3cec6c*=0x2) returned 0x0 [0104.299] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec68*=0x0, pszText=0x0 | out: puBuffLength=0x3cec68*=0xf, pszText=0x0) returned 0x0 [0104.299] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0104.300] IWbemClassObject:Get (in: This=0x60b2f8, wszName="SerialNumber", lFlags=0, pVal=0x3cec68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x262fd00*=0, plFlavor=0x262fd04*=0 | out: pVal=0x3cec68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="6AJ4UJQROH4R9FG", varVal2=0x0), pType=0x262fd00*=8, plFlavor=0x262fd04*=0) returned 0x0 [0104.300] SysStringByteLen (bstr="6AJ4UJQROH4R9FG") returned 0x1e [0104.300] SysStringByteLen (bstr="6AJ4UJQROH4R9FG") returned 0x1e [0104.300] IWbemClassObject:Get (in: This=0x60b2f8, wszName="SerialNumber", lFlags=0, pVal=0x3cec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x262fd00*=8, plFlavor=0x262fd04*=0 | out: pVal=0x3cec70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="6AJ4UJQROH4R9FG", varVal2=0x0), pType=0x262fd00*=8, plFlavor=0x262fd04*=0) returned 0x0 [0104.300] SysStringByteLen (bstr="6AJ4UJQROH4R9FG") returned 0x1e [0104.300] SysStringByteLen (bstr="6AJ4UJQROH4R9FG") returned 0x1e [0104.303] CoGetContextToken (in: pToken=0x3ceb98 | out: pToken=0x3ceb98) returned 0x0 [0104.303] IUnknown:Release (This=0x584928) returned 0x1 [0104.303] IUnknown:Release (This=0x584928) returned 0x0 [0104.305] CoGetContextToken (in: pToken=0x3ceb98 | out: pToken=0x3ceb98) returned 0x0 [0104.305] IUnknown:Release (This=0x584860) returned 0x1 [0104.305] IUnknown:Release (This=0x584860) returned 0x0 [0104.505] GetCurrentProcess () returned 0xffffffff [0104.505] GetCurrentThread () returned 0xfffffffe [0104.505] GetCurrentProcess () returned 0xffffffff [0104.506] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3cecfc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3cecfc*=0x310) returned 1 [0104.506] GetCurrentThreadId () returned 0xdc8 [0104.546] OleInitialize (pvReserved=0x0) returned 0x80010106 [0104.741] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0104.903] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x769b0000 [0104.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x3ceca8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64ProcessMqÖµ¶¹DþNr\x1cð<", lpUsedDefaultChar=0x0) returned 14 [0104.904] GetProcAddress (hModule=0x769b0000, lpProcName="IsWow64Process") returned 0x769c193e [0104.904] GetCurrentProcess () returned 0xffffffff [0104.904] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x3ced08 | out: Wow64Process=0x3ced08*=1) returned 1 [0104.912] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ceca4 | out: phkResult=0x3ceca4*=0x314) returned 0x0 [0104.912] RegQueryValueExW (in: hKey=0x314, lpValueName="ProductName", lpReserved=0x0, lpType=0x3cecc4, lpData=0x0, lpcbData=0x3cecc0*=0x0 | out: lpType=0x3cecc4*=0x1, lpData=0x0, lpcbData=0x3cecc0*=0x2e) returned 0x0 [0104.912] RegQueryValueExW (in: hKey=0x314, lpValueName="ProductName", lpReserved=0x0, lpType=0x3cecc4, lpData=0x2631050, lpcbData=0x3cecc0*=0x2e | out: lpType=0x3cecc4*=0x1, lpData="Windows 7 Professional", lpcbData=0x3cecc0*=0x2e) returned 0x0 [0104.913] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ceca4 | out: phkResult=0x3ceca4*=0x318) returned 0x0 [0104.913] RegQueryValueExW (in: hKey=0x318, lpValueName="CSDVersion", lpReserved=0x0, lpType=0x3cecc4, lpData=0x0, lpcbData=0x3cecc0*=0x0 | out: lpType=0x3cecc4*=0x0, lpData=0x0, lpcbData=0x3cecc0*=0x0) returned 0x2 [0105.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce77c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0105.061] CoCreateGuid (in: pguid=0x3ce94c | out: pguid=0x3ce94c*(Data1=0x6b8915f4, Data2=0x963a, Data3=0x44f0, Data4=([0]=0x89, [1]=0xb9, [2]=0x4a, [3]=0x30, [4]=0x17, [5]=0x2d, [6]=0x4d, [7]=0x5a))) returned 0x0 [0105.062] CoCreateGuid (in: pguid=0x3ce890 | out: pguid=0x3ce890*(Data1=0xdff6f775, Data2=0x4007, Data3=0x4640, Data4=([0]=0xad, [1]=0x8d, [2]=0x23, [3]=0xf, [4]=0xa8, [5]=0x96, [6]=0xaf, [7]=0x6f))) returned 0x0 [0105.448] send (s=0x238, buf=0x2650546*, len=719, flags=0) returned 719 [0105.449] recv (in: s=0x238, buf=0x255dec8, len=8192, flags=0 | out: buf=0x255dec8*) returned 125 [0105.525] CoTaskMemAlloc (cb=0x20c) returned 0x609c20 [0105.525] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x609c20 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0105.526] CoTaskMemFree (pv=0x609c20) [0105.526] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x3ce6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0105.526] CoTaskMemAlloc (cb=0x20c) returned 0x609c20 [0105.526] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x609c20 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0105.527] CoTaskMemFree (pv=0x609c20) [0105.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x3ce6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0105.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x3ce790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x3e [0105.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9d0) returned 1 [0105.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), fInfoLevelId=0x0, lpFileInformation=0x3cec94 | out: lpFileInformation=0x3cec94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0105.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9cc) returned 1 [0105.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\sitemanager.xml", nBufferLength=0x105, lpBuffer=0x3ce790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\sitemanager.xml", lpFilePart=0x0) returned 0x3c [0105.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9d0) returned 1 [0105.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\sitemanager.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\sitemanager.xml"), fInfoLevelId=0x0, lpFileInformation=0x3cec94 | out: lpFileInformation=0x3cec94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0105.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9cc) returned 1 [0105.530] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x20ea7084, Data2=0x313e, Data3=0x4471, Data4=([0]=0x94, [1]=0x44, [2]=0x11, [3]=0xbc, [4]=0xba, [5]=0x9a, [6]=0xaf, [7]=0x64))) returned 0x0 [0105.530] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0x2cda87ee, Data2=0xd2b8, Data3=0x44d8, Data4=([0]=0xb3, [1]=0xd3, [2]=0x45, [3]=0x5f, [4]=0xa7, [5]=0x51, [6]=0x3a, [7]=0x6d))) returned 0x0 [0105.532] send (s=0x238, buf=0x265013b*, len=167, flags=0) returned 167 [0105.533] recv (in: s=0x238, buf=0x255dec8, len=8192, flags=0 | out: buf=0x255dec8*) returned 128 [0105.584] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0105.584] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Desktop", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1b [0105.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.615] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0105.617] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*.txt", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.618] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0105.619] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*.doc*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.619] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0105.619] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*key*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0105.620] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*wallet*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0105.621] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*seed*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.623] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0105.623] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Documents") returned 0x1d [0105.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.623] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.623] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*.txt", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.624] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.624] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*.doc*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17ba4cc0, ftCreationTime.dwHighDateTime=0x1d7666e, ftLastAccessTime.dwLowDateTime=0xd45de0e0, ftLastAccessTime.dwHighDateTime=0x1d79bbf, ftLastWriteTime.dwLowDateTime=0xd45de0e0, ftLastWriteTime.dwHighDateTime=0x1d79bbf, nFileSizeHigh=0x0, nFileSizeLow=0x2943, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk23sEL.docx", cAlternateFileName="SK23SE~1.DOC")) returned 0x5e9cd8 [0105.625] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce988 | out: lpFindFileData=0x3ce988*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a012f0, ftCreationTime.dwHighDateTime=0x1d769ae, ftLastAccessTime.dwLowDateTime=0x4e704300, ftLastAccessTime.dwHighDateTime=0x1d7a237, ftLastWriteTime.dwLowDateTime=0x4e704300, ftLastWriteTime.dwHighDateTime=0x1d7a237, nFileSizeHigh=0x0, nFileSizeLow=0x4098, dwReserved0=0x0, dwReserved1=0x0, cFileName="T1P S Vn4QPbcwK7.docx", cAlternateFileName="T1PSVN~1.DOC")) returned 1 [0105.625] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce988 | out: lpFindFileData=0x3ce988*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15961b0, ftCreationTime.dwHighDateTime=0x1d78503, ftLastAccessTime.dwLowDateTime=0x780d1460, ftLastAccessTime.dwHighDateTime=0x1d7ade8, ftLastWriteTime.dwLowDateTime=0x780d1460, ftLastWriteTime.dwHighDateTime=0x1d7ade8, nFileSizeHigh=0x0, nFileSizeLow=0xe087, dwReserved0=0x0, dwReserved1=0x0, cFileName="XdToVgOy.docx", cAlternateFileName="XDTOVG~1.DOC")) returned 1 [0105.625] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce988 | out: lpFindFileData=0x3ce988*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fa15950, ftCreationTime.dwHighDateTime=0x1d76a6d, ftLastAccessTime.dwLowDateTime=0x977e6100, ftLastAccessTime.dwHighDateTime=0x1d79cb3, ftLastWriteTime.dwLowDateTime=0x977e6100, ftLastWriteTime.dwHighDateTime=0x1d79cb3, nFileSizeHigh=0x0, nFileSizeLow=0xbfc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="yDENO3.docx", cAlternateFileName="YDENO3~1.DOC")) returned 1 [0105.625] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce988 | out: lpFindFileData=0x3ce988*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4302a20, ftCreationTime.dwHighDateTime=0x1d7b3ef, ftLastAccessTime.dwLowDateTime=0x8d2ba50, ftLastAccessTime.dwHighDateTime=0x1d7c24c, ftLastWriteTime.dwLowDateTime=0x8d2ba50, ftLastWriteTime.dwHighDateTime=0x1d7c24c, nFileSizeHigh=0x0, nFileSizeLow=0xfbf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_StqNYgJunjcO1x.docx", cAlternateFileName="_STQNY~1.DOC")) returned 1 [0105.625] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce988 | out: lpFindFileData=0x3ce988*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.625] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0105.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.626] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.626] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*key*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.626] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.627] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*wallet*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebd0) returned 1 [0105.627] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.627] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*seed*", lpFindFileData=0x3ce980 | out: lpFindFileData=0x3ce980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0105.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce940) returned 1 [0105.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceba0) returned 1 [0105.628] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", nBufferLength=0x105, lpBuffer=0x3ce74c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", lpFilePart=0x0) returned 0x29 [0105.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9d8) returned 1 [0105.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\sk23sel.docx"), fInfoLevelId=0x0, lpFileInformation=0x26556dc | out: lpFileInformation=0x26556dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17ba4cc0, ftCreationTime.dwHighDateTime=0x1d7666e, ftLastAccessTime.dwLowDateTime=0xd45de0e0, ftLastAccessTime.dwHighDateTime=0x1d79bbf, ftLastWriteTime.dwLowDateTime=0xd45de0e0, ftLastWriteTime.dwHighDateTime=0x1d79bbf, nFileSizeHigh=0x0, nFileSizeLow=0x2943)) returned 1 [0105.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9d4) returned 1 [0105.628] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.632] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", nBufferLength=0x105, lpBuffer=0x3ce738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", lpFilePart=0x0) returned 0x29 [0105.641] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", nBufferLength=0x105, lpBuffer=0x3ce70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", lpFilePart=0x0) returned 0x29 [0105.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce94c) returned 1 [0105.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\sk23sel.docx"), fInfoLevelId=0x0, lpFileInformation=0x3cec10 | out: lpFileInformation=0x3cec10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17ba4cc0, ftCreationTime.dwHighDateTime=0x1d7666e, ftLastAccessTime.dwLowDateTime=0xd45de0e0, ftLastAccessTime.dwHighDateTime=0x1d79bbf, ftLastWriteTime.dwLowDateTime=0xd45de0e0, ftLastWriteTime.dwHighDateTime=0x1d79bbf, nFileSizeHigh=0x0, nFileSizeLow=0x2943)) returned 1 [0105.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce948) returned 1 [0105.642] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", nBufferLength=0x105, lpBuffer=0x3ce650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx", lpFilePart=0x0) returned 0x29 [0105.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb68) returned 1 [0105.642] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\sk23sEL.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\sk23sel.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0105.642] GetFileType (hFile=0x31c) returned 0x1 [0105.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb64) returned 1 [0105.642] GetFileType (hFile=0x31c) returned 0x1 [0105.659] ReadFile (in: hFile=0x31c, lpBuffer=0x2656c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2656c98*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.661] ReadFile (in: hFile=0x31c, lpBuffer=0x2656c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2656c98*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.661] ReadFile (in: hFile=0x31c, lpBuffer=0x2656c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2656c98*, lpNumberOfBytesRead=0x3cebd4*=0x943, lpOverlapped=0x0) returned 1 [0105.662] ReadFile (in: hFile=0x31c, lpBuffer=0x265616f, nNumberOfBytesToRead=0x2bd, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x265616f*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.662] ReadFile (in: hFile=0x31c, lpBuffer=0x2656c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2656c98*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.683] CloseHandle (hObject=0x31c) returned 1 [0105.684] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", nBufferLength=0x105, lpBuffer=0x3ce74c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", lpFilePart=0x0) returned 0x32 [0105.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9d8) returned 1 [0105.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t1p s vn4qpbcwk7.docx"), fInfoLevelId=0x0, lpFileInformation=0x2668058 | out: lpFileInformation=0x2668058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a012f0, ftCreationTime.dwHighDateTime=0x1d769ae, ftLastAccessTime.dwLowDateTime=0x4e704300, ftLastAccessTime.dwHighDateTime=0x1d7a237, ftLastWriteTime.dwLowDateTime=0x4e704300, ftLastWriteTime.dwHighDateTime=0x1d7a237, nFileSizeHigh=0x0, nFileSizeLow=0x4098)) returned 1 [0105.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9d4) returned 1 [0105.684] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.684] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", nBufferLength=0x105, lpBuffer=0x3ce738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", lpFilePart=0x0) returned 0x32 [0105.684] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", nBufferLength=0x105, lpBuffer=0x3ce70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", lpFilePart=0x0) returned 0x32 [0105.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce94c) returned 1 [0105.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t1p s vn4qpbcwk7.docx"), fInfoLevelId=0x0, lpFileInformation=0x3cec10 | out: lpFileInformation=0x3cec10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a012f0, ftCreationTime.dwHighDateTime=0x1d769ae, ftLastAccessTime.dwLowDateTime=0x4e704300, ftLastAccessTime.dwHighDateTime=0x1d7a237, ftLastWriteTime.dwLowDateTime=0x4e704300, ftLastWriteTime.dwHighDateTime=0x1d7a237, nFileSizeHigh=0x0, nFileSizeLow=0x4098)) returned 1 [0105.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce948) returned 1 [0105.685] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", nBufferLength=0x105, lpBuffer=0x3ce650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx", lpFilePart=0x0) returned 0x32 [0105.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb68) returned 1 [0105.685] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\T1P S Vn4QPbcwK7.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\t1p s vn4qpbcwk7.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0105.685] GetFileType (hFile=0x31c) returned 0x1 [0105.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb64) returned 1 [0105.685] GetFileType (hFile=0x31c) returned 0x1 [0105.686] ReadFile (in: hFile=0x31c, lpBuffer=0x266936c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x266936c*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.692] ReadFile (in: hFile=0x31c, lpBuffer=0x266936c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x266936c*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.693] ReadFile (in: hFile=0x31c, lpBuffer=0x266936c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x266936c*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.693] ReadFile (in: hFile=0x31c, lpBuffer=0x266936c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x266936c*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.694] ReadFile (in: hFile=0x31c, lpBuffer=0x266936c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x266936c*, lpNumberOfBytesRead=0x3cebd4*=0x98, lpOverlapped=0x0) returned 1 [0105.694] ReadFile (in: hFile=0x31c, lpBuffer=0x266936c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x266936c*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.696] CloseHandle (hObject=0x31c) returned 1 [0105.696] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", nBufferLength=0x105, lpBuffer=0x3ce74c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", lpFilePart=0x0) returned 0x2a [0105.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9d8) returned 1 [0105.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\xdtovgoy.docx"), fInfoLevelId=0x0, lpFileInformation=0x2682384 | out: lpFileInformation=0x2682384*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15961b0, ftCreationTime.dwHighDateTime=0x1d78503, ftLastAccessTime.dwLowDateTime=0x780d1460, ftLastAccessTime.dwHighDateTime=0x1d7ade8, ftLastWriteTime.dwLowDateTime=0x780d1460, ftLastWriteTime.dwHighDateTime=0x1d7ade8, nFileSizeHigh=0x0, nFileSizeLow=0xe087)) returned 1 [0105.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9d4) returned 1 [0105.697] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.697] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", nBufferLength=0x105, lpBuffer=0x3ce738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", lpFilePart=0x0) returned 0x2a [0105.697] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", nBufferLength=0x105, lpBuffer=0x3ce70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", lpFilePart=0x0) returned 0x2a [0105.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce94c) returned 1 [0105.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\xdtovgoy.docx"), fInfoLevelId=0x0, lpFileInformation=0x3cec10 | out: lpFileInformation=0x3cec10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15961b0, ftCreationTime.dwHighDateTime=0x1d78503, ftLastAccessTime.dwLowDateTime=0x780d1460, ftLastAccessTime.dwHighDateTime=0x1d7ade8, ftLastWriteTime.dwLowDateTime=0x780d1460, ftLastWriteTime.dwHighDateTime=0x1d7ade8, nFileSizeHigh=0x0, nFileSizeLow=0xe087)) returned 1 [0105.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce948) returned 1 [0105.697] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", nBufferLength=0x105, lpBuffer=0x3ce650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx", lpFilePart=0x0) returned 0x2a [0105.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb68) returned 1 [0105.697] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\XdToVgOy.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\xdtovgoy.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0105.698] GetFileType (hFile=0x31c) returned 0x1 [0105.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb64) returned 1 [0105.698] GetFileType (hFile=0x31c) returned 0x1 [0105.698] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.699] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.700] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.701] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.701] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.702] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.703] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.703] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.704] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.704] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.705] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.705] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.706] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.706] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.707] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x87, lpOverlapped=0x0) returned 1 [0105.708] ReadFile (in: hFile=0x31c, lpBuffer=0x2683618, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x2683618*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.711] CloseHandle (hObject=0x31c) returned 1 [0105.712] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", nBufferLength=0x105, lpBuffer=0x3ce74c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", lpFilePart=0x0) returned 0x28 [0105.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9d8) returned 1 [0105.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ydeno3.docx"), fInfoLevelId=0x0, lpFileInformation=0x26b1e58 | out: lpFileInformation=0x26b1e58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fa15950, ftCreationTime.dwHighDateTime=0x1d76a6d, ftLastAccessTime.dwLowDateTime=0x977e6100, ftLastAccessTime.dwHighDateTime=0x1d79cb3, ftLastWriteTime.dwLowDateTime=0x977e6100, ftLastWriteTime.dwHighDateTime=0x1d79cb3, nFileSizeHigh=0x0, nFileSizeLow=0xbfc1)) returned 1 [0105.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9d4) returned 1 [0105.712] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.712] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", nBufferLength=0x105, lpBuffer=0x3ce738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", lpFilePart=0x0) returned 0x28 [0105.712] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", nBufferLength=0x105, lpBuffer=0x3ce70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", lpFilePart=0x0) returned 0x28 [0105.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce94c) returned 1 [0105.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ydeno3.docx"), fInfoLevelId=0x0, lpFileInformation=0x3cec10 | out: lpFileInformation=0x3cec10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fa15950, ftCreationTime.dwHighDateTime=0x1d76a6d, ftLastAccessTime.dwLowDateTime=0x977e6100, ftLastAccessTime.dwHighDateTime=0x1d79cb3, ftLastWriteTime.dwLowDateTime=0x977e6100, ftLastWriteTime.dwHighDateTime=0x1d79cb3, nFileSizeHigh=0x0, nFileSizeLow=0xbfc1)) returned 1 [0105.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce948) returned 1 [0105.713] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", nBufferLength=0x105, lpBuffer=0x3ce650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx", lpFilePart=0x0) returned 0x28 [0105.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb68) returned 1 [0105.713] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\yDENO3.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ydeno3.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0105.713] GetFileType (hFile=0x31c) returned 0x1 [0105.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb64) returned 1 [0105.713] GetFileType (hFile=0x31c) returned 0x1 [0105.714] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.715] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.716] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.716] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.717] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.717] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.718] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.718] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.719] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.719] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.720] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.720] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0xfc1, lpOverlapped=0x0) returned 1 [0105.721] ReadFile (in: hFile=0x31c, lpBuffer=0x26b2821, nNumberOfBytesToRead=0x3f, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b2821*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.721] ReadFile (in: hFile=0x31c, lpBuffer=0x26b30cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26b30cc*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.724] CloseHandle (hObject=0x31c) returned 1 [0105.725] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", nBufferLength=0x105, lpBuffer=0x3ce74c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", lpFilePart=0x0) returned 0x31 [0105.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9d8) returned 1 [0105.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_stqnygjunjco1x.docx"), fInfoLevelId=0x0, lpFileInformation=0x26db994 | out: lpFileInformation=0x26db994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4302a20, ftCreationTime.dwHighDateTime=0x1d7b3ef, ftLastAccessTime.dwLowDateTime=0x8d2ba50, ftLastAccessTime.dwHighDateTime=0x1d7c24c, ftLastWriteTime.dwLowDateTime=0x8d2ba50, ftLastWriteTime.dwHighDateTime=0x1d7c24c, nFileSizeHigh=0x0, nFileSizeLow=0xfbf0)) returned 1 [0105.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9d4) returned 1 [0105.725] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x3ce740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0105.725] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", nBufferLength=0x105, lpBuffer=0x3ce738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", lpFilePart=0x0) returned 0x31 [0105.725] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", nBufferLength=0x105, lpBuffer=0x3ce70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", lpFilePart=0x0) returned 0x31 [0105.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce94c) returned 1 [0105.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_stqnygjunjco1x.docx"), fInfoLevelId=0x0, lpFileInformation=0x3cec10 | out: lpFileInformation=0x3cec10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4302a20, ftCreationTime.dwHighDateTime=0x1d7b3ef, ftLastAccessTime.dwLowDateTime=0x8d2ba50, ftLastAccessTime.dwHighDateTime=0x1d7c24c, ftLastWriteTime.dwLowDateTime=0x8d2ba50, ftLastWriteTime.dwHighDateTime=0x1d7c24c, nFileSizeHigh=0x0, nFileSizeLow=0xfbf0)) returned 1 [0105.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce948) returned 1 [0105.726] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", nBufferLength=0x105, lpBuffer=0x3ce650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx", lpFilePart=0x0) returned 0x31 [0105.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb68) returned 1 [0105.726] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_StqNYgJunjcO1x.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_stqnygjunjco1x.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0105.726] GetFileType (hFile=0x31c) returned 0x1 [0105.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb64) returned 1 [0105.726] GetFileType (hFile=0x31c) returned 0x1 [0105.726] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.727] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.728] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.729] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.729] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.729] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.730] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.730] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.731] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.732] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.732] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.732] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.733] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.733] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.733] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x1000, lpOverlapped=0x0) returned 1 [0105.734] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0xbf0, lpOverlapped=0x0) returned 1 [0105.735] ReadFile (in: hFile=0x31c, lpBuffer=0x26dc418, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dc418*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.735] ReadFile (in: hFile=0x31c, lpBuffer=0x26dcc94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebd4, lpOverlapped=0x0 | out: lpBuffer=0x26dcc94*, lpNumberOfBytesRead=0x3cebd4*=0x0, lpOverlapped=0x0) returned 1 [0105.739] CloseHandle (hObject=0x31c) returned 1 [0105.743] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x2c3d0580, Data2=0xd0cb, Data3=0x4fc3, Data4=([0]=0xae, [1]=0x75, [2]=0xae, [3]=0x2, [4]=0x75, [5]=0x23, [6]=0x6a, [7]=0xa5))) returned 0x0 [0105.743] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0x67d9c89f, Data2=0x75e7, Data3=0x409d, Data4=([0]=0x91, [1]=0xbf, [2]=0xb, [3]=0x74, [4]=0x9, [5]=0xa4, [6]=0xf5, [7]=0xf7))) returned 0x0 [0105.774] send (s=0x238, buf=0x34e4dd6*, len=65536, flags=0) returned 65536 [0105.775] send (s=0x238, buf=0x34f4dd6*, len=65536, flags=0) returned 65536 [0106.382] send (s=0x238, buf=0x3504dd6*, len=65536, flags=0) returned 65536 [0106.612] send (s=0x238, buf=0x3514dd6*, len=2299, flags=0) returned 2299 [0106.679] recv (in: s=0x238, buf=0x255dec8, len=8192, flags=0 | out: buf=0x255dec8*) returned 128 [0106.877] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec38 | out: ppv=0x3cec38*=0x56e704) returned 0x0 [0106.877] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec30 | out: pAptType=0x3cec30*=1) returned 0x0 [0106.877] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec34 | out: ppvObject=0x3cec34*=0x0) returned 0x80004002 [0106.877] IUnknown:Release (This=0x56e704) returned 0x1 [0106.879] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce5a0 | out: ppv=0x3ce5a0*=0x5ea498) returned 0x0 [0106.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea498, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7b8 | out: ppvObject=0x3ce7b8*=0x0) returned 0x80004002 [0106.880] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea498, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce7c4 | out: ppvObject=0x3ce7c4*=0x5df6d0) returned 0x0 [0106.880] WbemDefPath:IUnknown:Release (This=0x5ea498) returned 0x0 [0106.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3e4 | out: ppvObject=0x3ce3e4*=0x5df6d0) returned 0x0 [0106.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce398 | out: ppvObject=0x3ce398*=0x0) returned 0x80004002 [0106.881] WbemDefPath:IUnknown:AddRef (This=0x5df6d0) returned 0x3 [0106.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcf4 | out: ppvObject=0x3cdcf4*=0x0) returned 0x80004002 [0106.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdca4 | out: ppvObject=0x3cdca4*=0x0) returned 0x80004002 [0106.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdcb0 | out: ppvObject=0x3cdcb0*=0x5ea268) returned 0x0 [0106.881] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea268, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdcb8 | out: pCid=0x3cdcb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0106.881] WbemDefPath:IUnknown:Release (This=0x5ea268) returned 0x3 [0106.881] CoGetContextToken (in: pToken=0x3cdd10 | out: pToken=0x3cdd10) returned 0x0 [0106.881] CoGetContextToken (in: pToken=0x3ce124 | out: pToken=0x3ce124) returned 0x0 [0106.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1a4 | out: ppvObject=0x3ce1a4*=0x0) returned 0x80004002 [0106.881] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x2 [0106.881] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x1 [0106.881] CoGetContextToken (in: pToken=0x3ceabc | out: pToken=0x3ceabc) returned 0x0 [0106.881] CoGetContextToken (in: pToken=0x3cea1c | out: pToken=0x3cea1c) returned 0x0 [0106.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x3ceaec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceae8 | out: ppvObject=0x3ceae8*=0x5df6d0) returned 0x0 [0106.882] WbemDefPath:IUnknown:AddRef (This=0x5df6d0) returned 0x3 [0106.882] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x2 [0106.882] WbemDefPath:IWbemPath:SetText (This=0x5df6d0, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0106.882] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df6d0, puCount=0x3cec60 | out: puCount=0x3cec60*=0x2) returned 0x0 [0106.882] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=4, puBuffLength=0x3cec5c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec5c*=0x18, pszText=0x0) returned 0x0 [0106.882] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=4, puBuffLength=0x3cec5c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec5c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.882] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df6d0, puCount=0x3cec4c | out: puCount=0x3cec4c*=0x2) returned 0x0 [0106.882] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=4, puBuffLength=0x3cec48*=0x0, pszText=0x0 | out: puBuffLength=0x3cec48*=0x18, pszText=0x0) returned 0x0 [0106.882] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=4, puBuffLength=0x3cec48*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec48*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.882] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebdc | out: ppv=0x3cebdc*=0x56e704) returned 0x0 [0106.882] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebd4 | out: pAptType=0x3cebd4*=1) returned 0x0 [0106.882] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebd8 | out: ppvObject=0x3cebd8*=0x0) returned 0x80004002 [0106.882] IUnknown:Release (This=0x56e704) returned 0x1 [0106.883] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7f8 | out: ppv=0x3ce7f8*=0x605430) returned 0x0 [0106.884] WbemLocator:IUnknown:QueryInterface (in: This=0x605430, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x0) returned 0x80004002 [0106.884] WbemLocator:IClassFactory:CreateInstance (in: This=0x605430, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x5ea3a8) returned 0x0 [0106.884] WbemLocator:IUnknown:Release (This=0x605430) returned 0x0 [0106.884] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea3a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce63c | out: ppvObject=0x3ce63c*=0x5ea3a8) returned 0x0 [0106.884] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea3a8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5f0 | out: ppvObject=0x3ce5f0*=0x0) returned 0x80004002 [0106.884] WbemLocator:IUnknown:AddRef (This=0x5ea3a8) returned 0x3 [0106.884] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea3a8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf4c | out: ppvObject=0x3cdf4c*=0x0) returned 0x80004002 [0106.884] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea3a8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdefc | out: ppvObject=0x3cdefc*=0x0) returned 0x80004002 [0106.884] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea3a8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf08 | out: ppvObject=0x3cdf08*=0x0) returned 0x80004002 [0106.884] CoGetContextToken (in: pToken=0x3cdf68 | out: pToken=0x3cdf68) returned 0x0 [0106.884] CoGetContextToken (in: pToken=0x3ce37c | out: pToken=0x3ce37c) returned 0x0 [0106.884] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea3a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3fc | out: ppvObject=0x3ce3fc*=0x0) returned 0x80004002 [0106.885] WbemLocator:IUnknown:Release (This=0x5ea3a8) returned 0x2 [0106.885] WbemLocator:IUnknown:Release (This=0x5ea3a8) returned 0x1 [0106.885] CoGetContextToken (in: pToken=0x3ce9fc | out: pToken=0x3ce9fc) returned 0x0 [0106.885] CoGetContextToken (in: pToken=0x3ce95c | out: pToken=0x3ce95c) returned 0x0 [0106.885] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea3a8, riid=0x3cea2c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3cea28 | out: ppvObject=0x3cea28*=0x5ea3a8) returned 0x0 [0106.885] WbemLocator:IUnknown:AddRef (This=0x5ea3a8) returned 0x3 [0106.885] WbemLocator:IUnknown:Release (This=0x5ea3a8) returned 0x2 [0106.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df6d0, puCount=0x3cebb8 | out: puCount=0x3cebb8*=0x2) returned 0x0 [0106.885] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=8, puBuffLength=0x3cebb4*=0x0, pszText=0x0 | out: puBuffLength=0x3cebb4*=0x18, pszText=0x0) returned 0x0 [0106.885] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=8, puBuffLength=0x3cebb4*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cebb4*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.885] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea50 | out: ppv=0x3cea50*=0x5ea448) returned 0x0 [0106.885] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5ea448, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceb04 | out: ppNamespace=0x3ceb04*=0x608e08) returned 0x0 [0106.896] WbemLocator:IUnknown:QueryInterface (in: This=0x608e08, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce974 | out: ppvObject=0x3ce974*=0x60352c) returned 0x0 [0106.896] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60352c, pProxy=0x608e08, pAuthnSvc=0x3ce9c4, pAuthzSvc=0x3ce9c0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc, pImpLevel=0x3ce9ac, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4 | out: pAuthnSvc=0x3ce9c4*=0xa, pAuthzSvc=0x3ce9c0*=0x0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc*=0x6, pImpLevel=0x3ce9ac*=0x2, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4*=0x1) returned 0x0 [0106.896] WbemLocator:IUnknown:Release (This=0x60352c) returned 0x1 [0106.896] WbemLocator:IUnknown:QueryInterface (in: This=0x608e08, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce968 | out: ppvObject=0x3ce968*=0x60354c) returned 0x0 [0106.896] WbemLocator:IUnknown:QueryInterface (in: This=0x608e08, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce954 | out: ppvObject=0x3ce954*=0x60352c) returned 0x0 [0106.896] WbemLocator:IClientSecurity:SetBlanket (This=0x60352c, pProxy=0x608e08, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.896] WbemLocator:IUnknown:Release (This=0x60352c) returned 0x2 [0106.896] WbemLocator:IUnknown:Release (This=0x60354c) returned 0x1 [0106.896] CoTaskMemFree (pv=0x600570) [0106.896] WbemLocator:IUnknown:AddRef (This=0x608e08) returned 0x2 [0106.896] WbemLocator:IUnknown:Release (This=0x5ea448) returned 0x0 [0106.897] CoGetContextToken (in: pToken=0x3cdea8 | out: pToken=0x3cdea8) returned 0x0 [0106.897] CoGetContextToken (in: pToken=0x3ce2bc | out: pToken=0x3ce2bc) returned 0x0 [0106.897] WbemLocator:IUnknown:QueryInterface (in: This=0x608e08, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce254 | out: ppvObject=0x3ce254*=0x603534) returned 0x0 [0106.897] WbemLocator:IRpcOptions:Query (in: This=0x603534, pPrx=0x605568, dwProperty=2, pdwValue=0x3ce348 | out: pdwValue=0x3ce348) returned 0x80004002 [0106.897] WbemLocator:IUnknown:Release (This=0x603534) returned 0x2 [0106.897] CoGetContextToken (in: pToken=0x3ce88c | out: pToken=0x3ce88c) returned 0x0 [0106.897] CoGetContextToken (in: pToken=0x3ce7ec | out: pToken=0x3ce7ec) returned 0x0 [0106.897] WbemLocator:IUnknown:QueryInterface (in: This=0x608e08, riid=0x3ce8bc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce788 | out: ppvObject=0x3ce788*=0x608e08) returned 0x0 [0106.898] WbemLocator:IUnknown:Release (This=0x608e08) returned 0x2 [0106.898] SysStringLen (param_1=0x0) returned 0x0 [0106.898] CoGetContextToken (in: pToken=0x3ce9bc | out: pToken=0x3ce9bc) returned 0x0 [0106.898] IWbemServices:ExecQuery (in: This=0x608e08, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x3cebc4 | out: ppEnum=0x3cebc4*=0x584860) returned 0x0 [0106.904] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea20 | out: ppvObject=0x3cea20*=0x584864) returned 0x0 [0106.905] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3cea70, pAuthzSvc=0x3cea6c, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68, pImpLevel=0x3cea58, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60 | out: pAuthnSvc=0x3cea70*=0xa, pAuthzSvc=0x3cea6c*=0x0, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68*=0x6, pImpLevel=0x3cea58*=0x2, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60*=0x1) returned 0x0 [0106.905] IUnknown:Release (This=0x584864) returned 0x1 [0106.905] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea14 | out: ppvObject=0x3cea14*=0x60345c) returned 0x0 [0106.905] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea00 | out: ppvObject=0x3cea00*=0x584864) returned 0x0 [0106.905] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.906] IUnknown:Release (This=0x584864) returned 0x2 [0106.906] WbemLocator:IUnknown:Release (This=0x60345c) returned 0x1 [0106.906] CoTaskMemFree (pv=0x6005a0) [0106.907] IUnknown:AddRef (This=0x584860) returned 0x2 [0106.907] CoGetContextToken (in: pToken=0x3cdf40 | out: pToken=0x3cdf40) returned 0x0 [0106.907] CoGetContextToken (in: pToken=0x3ce354 | out: pToken=0x3ce354) returned 0x0 [0106.907] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2ec | out: ppvObject=0x3ce2ec*=0x603444) returned 0x0 [0106.907] WbemLocator:IRpcOptions:Query (in: This=0x603444, pPrx=0x6053b8, dwProperty=2, pdwValue=0x3ce3e0 | out: pdwValue=0x3ce3e0) returned 0x80004002 [0106.907] WbemLocator:IUnknown:Release (This=0x603444) returned 0x2 [0106.907] CoGetContextToken (in: pToken=0x3ce924 | out: pToken=0x3ce924) returned 0x0 [0106.908] CoGetContextToken (in: pToken=0x3ce884 | out: pToken=0x3ce884) returned 0x0 [0106.908] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce954*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce820 | out: ppvObject=0x3ce820*=0x584860) returned 0x0 [0106.908] IUnknown:Release (This=0x584860) returned 0x2 [0106.908] SysStringLen (param_1=0x0) returned 0x0 [0106.908] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df6d0, puCount=0x3cec10 | out: puCount=0x3cec10*=0x2) returned 0x0 [0106.908] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=4, puBuffLength=0x3cec0c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec0c*=0x18, pszText=0x0) returned 0x0 [0106.908] WbemDefPath:IWbemPath:GetText (in: This=0x5df6d0, lFlags=4, puBuffLength=0x3cec0c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec0c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.908] CoGetContextToken (in: pToken=0x3cea64 | out: pToken=0x3cea64) returned 0x0 [0106.908] IEnumWbemClassObject:Clone (in: This=0x584860, ppEnum=0x3cec1c | out: ppEnum=0x3cec1c*=0x584928) returned 0x0 [0106.909] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cead8 | out: ppvObject=0x3cead8*=0x58492c) returned 0x0 [0106.909] IClientSecurity:QueryBlanket (in: This=0x58492c, pProxy=0x584928, pAuthnSvc=0x3ceb28, pAuthzSvc=0x3ceb24, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20, pImpLevel=0x3ceb10, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18 | out: pAuthnSvc=0x3ceb28*=0xa, pAuthzSvc=0x3ceb24*=0x0, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20*=0x6, pImpLevel=0x3ceb10*=0x2, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18*=0x1) returned 0x0 [0106.909] IUnknown:Release (This=0x58492c) returned 0x1 [0106.909] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceacc | out: ppvObject=0x3ceacc*=0x60372c) returned 0x0 [0106.909] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceab8 | out: ppvObject=0x3ceab8*=0x58492c) returned 0x0 [0106.909] IClientSecurity:SetBlanket (This=0x58492c, pProxy=0x584928, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.911] IUnknown:Release (This=0x58492c) returned 0x2 [0106.911] WbemLocator:IUnknown:Release (This=0x60372c) returned 0x1 [0106.911] CoTaskMemFree (pv=0x6005d0) [0106.911] IUnknown:AddRef (This=0x584928) returned 0x2 [0106.912] CoGetContextToken (in: pToken=0x3cdfe8 | out: pToken=0x3cdfe8) returned 0x0 [0106.912] CoGetContextToken (in: pToken=0x3ce3fc | out: pToken=0x3ce3fc) returned 0x0 [0106.912] IUnknown:QueryInterface (in: This=0x584928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce394 | out: ppvObject=0x3ce394*=0x603714) returned 0x0 [0106.912] WbemLocator:IRpcOptions:Query (in: This=0x603714, pPrx=0x609ef0, dwProperty=2, pdwValue=0x3ce488 | out: pdwValue=0x3ce488) returned 0x80004002 [0106.912] WbemLocator:IUnknown:Release (This=0x603714) returned 0x2 [0106.912] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0106.912] CoGetContextToken (in: pToken=0x3ce92c | out: pToken=0x3ce92c) returned 0x0 [0106.912] IUnknown:QueryInterface (in: This=0x584928, riid=0x3ce9fc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce8c8 | out: ppvObject=0x3ce8c8*=0x584928) returned 0x0 [0106.913] IUnknown:Release (This=0x584928) returned 0x2 [0106.913] SysStringLen (param_1=0x0) returned 0x0 [0106.913] IEnumWbemClassObject:Reset (This=0x584928) returned 0x0 [0106.914] CoTaskMemAlloc (cb=0x4) returned 0x5ea4e8 [0106.914] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x5ea4e8, puReturned=0x273309c | out: apObjects=0x5ea4e8*=0x0, puReturned=0x273309c*=0x0) returned 0x1 [0106.916] CoTaskMemFree (pv=0x5ea4e8) [0106.916] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0106.916] IUnknown:Release (This=0x584928) returned 0x1 [0106.917] IUnknown:Release (This=0x584928) returned 0x0 [0106.918] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0106.918] IUnknown:Release (This=0x584860) returned 0x1 [0106.918] IUnknown:Release (This=0x584860) returned 0x0 [0106.919] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec38 | out: ppv=0x3cec38*=0x56e704) returned 0x0 [0106.919] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec30 | out: pAptType=0x3cec30*=1) returned 0x0 [0106.919] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec34 | out: ppvObject=0x3cec34*=0x0) returned 0x80004002 [0106.919] IUnknown:Release (This=0x56e704) returned 0x1 [0106.920] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce5a0 | out: ppv=0x3ce5a0*=0x5ea4e8) returned 0x0 [0106.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea4e8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7b8 | out: ppvObject=0x3ce7b8*=0x0) returned 0x80004002 [0106.921] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea4e8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce7c4 | out: ppvObject=0x3ce7c4*=0x5df740) returned 0x0 [0106.921] WbemDefPath:IUnknown:Release (This=0x5ea4e8) returned 0x0 [0106.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df740, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3e4 | out: ppvObject=0x3ce3e4*=0x5df740) returned 0x0 [0106.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df740, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce398 | out: ppvObject=0x3ce398*=0x0) returned 0x80004002 [0106.921] WbemDefPath:IUnknown:AddRef (This=0x5df740) returned 0x3 [0106.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df740, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcf4 | out: ppvObject=0x3cdcf4*=0x0) returned 0x80004002 [0106.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df740, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdca4 | out: ppvObject=0x3cdca4*=0x0) returned 0x80004002 [0106.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df740, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdcb0 | out: ppvObject=0x3cdcb0*=0x5ea4a8) returned 0x0 [0106.921] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea4a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdcb8 | out: pCid=0x3cdcb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0106.921] WbemDefPath:IUnknown:Release (This=0x5ea4a8) returned 0x3 [0106.921] CoGetContextToken (in: pToken=0x3cdd10 | out: pToken=0x3cdd10) returned 0x0 [0106.922] CoGetContextToken (in: pToken=0x3ce124 | out: pToken=0x3ce124) returned 0x0 [0106.922] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df740, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1a4 | out: ppvObject=0x3ce1a4*=0x0) returned 0x80004002 [0106.922] WbemDefPath:IUnknown:Release (This=0x5df740) returned 0x2 [0106.922] WbemDefPath:IUnknown:Release (This=0x5df740) returned 0x1 [0106.922] CoGetContextToken (in: pToken=0x3ceabc | out: pToken=0x3ceabc) returned 0x0 [0106.922] CoGetContextToken (in: pToken=0x3cea1c | out: pToken=0x3cea1c) returned 0x0 [0106.922] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df740, riid=0x3ceaec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceae8 | out: ppvObject=0x3ceae8*=0x5df740) returned 0x0 [0106.922] WbemDefPath:IUnknown:AddRef (This=0x5df740) returned 0x3 [0106.922] WbemDefPath:IUnknown:Release (This=0x5df740) returned 0x2 [0106.922] WbemDefPath:IWbemPath:SetText (This=0x5df740, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0106.922] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df740, puCount=0x3cec60 | out: puCount=0x3cec60*=0x2) returned 0x0 [0106.922] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=4, puBuffLength=0x3cec5c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec5c*=0x18, pszText=0x0) returned 0x0 [0106.922] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=4, puBuffLength=0x3cec5c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec5c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.922] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df740, puCount=0x3cec4c | out: puCount=0x3cec4c*=0x2) returned 0x0 [0106.922] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=4, puBuffLength=0x3cec48*=0x0, pszText=0x0 | out: puBuffLength=0x3cec48*=0x18, pszText=0x0) returned 0x0 [0106.922] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=4, puBuffLength=0x3cec48*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec48*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.922] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebdc | out: ppv=0x3cebdc*=0x56e704) returned 0x0 [0106.922] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebd4 | out: pAptType=0x3cebd4*=1) returned 0x0 [0106.922] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebd8 | out: ppvObject=0x3cebd8*=0x0) returned 0x80004002 [0106.922] IUnknown:Release (This=0x56e704) returned 0x1 [0106.923] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7f8 | out: ppv=0x3ce7f8*=0x609f20) returned 0x0 [0106.923] WbemLocator:IUnknown:QueryInterface (in: This=0x609f20, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x0) returned 0x80004002 [0106.923] WbemLocator:IClassFactory:CreateInstance (in: This=0x609f20, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x5ea4d8) returned 0x0 [0106.923] WbemLocator:IUnknown:Release (This=0x609f20) returned 0x0 [0106.923] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea4d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce63c | out: ppvObject=0x3ce63c*=0x5ea4d8) returned 0x0 [0106.924] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea4d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5f0 | out: ppvObject=0x3ce5f0*=0x0) returned 0x80004002 [0106.924] WbemLocator:IUnknown:AddRef (This=0x5ea4d8) returned 0x3 [0106.924] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea4d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf4c | out: ppvObject=0x3cdf4c*=0x0) returned 0x80004002 [0106.924] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea4d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdefc | out: ppvObject=0x3cdefc*=0x0) returned 0x80004002 [0106.924] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea4d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf08 | out: ppvObject=0x3cdf08*=0x0) returned 0x80004002 [0106.924] CoGetContextToken (in: pToken=0x3cdf68 | out: pToken=0x3cdf68) returned 0x0 [0106.924] CoGetContextToken (in: pToken=0x3ce37c | out: pToken=0x3ce37c) returned 0x0 [0106.924] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea4d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3fc | out: ppvObject=0x3ce3fc*=0x0) returned 0x80004002 [0106.924] WbemLocator:IUnknown:Release (This=0x5ea4d8) returned 0x2 [0106.924] WbemLocator:IUnknown:Release (This=0x5ea4d8) returned 0x1 [0106.924] CoGetContextToken (in: pToken=0x3ce9fc | out: pToken=0x3ce9fc) returned 0x0 [0106.924] CoGetContextToken (in: pToken=0x3ce95c | out: pToken=0x3ce95c) returned 0x0 [0106.924] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea4d8, riid=0x3cea2c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3cea28 | out: ppvObject=0x3cea28*=0x5ea4d8) returned 0x0 [0106.924] WbemLocator:IUnknown:AddRef (This=0x5ea4d8) returned 0x3 [0106.924] WbemLocator:IUnknown:Release (This=0x5ea4d8) returned 0x2 [0106.924] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df740, puCount=0x3cebb8 | out: puCount=0x3cebb8*=0x2) returned 0x0 [0106.924] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=8, puBuffLength=0x3cebb4*=0x0, pszText=0x0 | out: puBuffLength=0x3cebb4*=0x18, pszText=0x0) returned 0x0 [0106.924] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=8, puBuffLength=0x3cebb4*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cebb4*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.924] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea50 | out: ppv=0x3cea50*=0x5ea4b8) returned 0x0 [0106.925] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5ea4b8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceb04 | out: ppNamespace=0x3ceb04*=0x608f48) returned 0x0 [0106.931] WbemLocator:IUnknown:QueryInterface (in: This=0x608f48, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce974 | out: ppvObject=0x3ce974*=0x60361c) returned 0x0 [0106.931] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60361c, pProxy=0x608f48, pAuthnSvc=0x3ce9c4, pAuthzSvc=0x3ce9c0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc, pImpLevel=0x3ce9ac, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4 | out: pAuthnSvc=0x3ce9c4*=0xa, pAuthzSvc=0x3ce9c0*=0x0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc*=0x6, pImpLevel=0x3ce9ac*=0x2, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4*=0x1) returned 0x0 [0106.931] WbemLocator:IUnknown:Release (This=0x60361c) returned 0x1 [0106.931] WbemLocator:IUnknown:QueryInterface (in: This=0x608f48, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce968 | out: ppvObject=0x3ce968*=0x60363c) returned 0x0 [0106.931] WbemLocator:IUnknown:QueryInterface (in: This=0x608f48, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce954 | out: ppvObject=0x3ce954*=0x60361c) returned 0x0 [0106.931] WbemLocator:IClientSecurity:SetBlanket (This=0x60361c, pProxy=0x608f48, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.931] WbemLocator:IUnknown:Release (This=0x60361c) returned 0x2 [0106.931] WbemLocator:IUnknown:Release (This=0x60363c) returned 0x1 [0106.931] CoTaskMemFree (pv=0x600510) [0106.931] WbemLocator:IUnknown:AddRef (This=0x608f48) returned 0x2 [0106.931] WbemLocator:IUnknown:Release (This=0x5ea4b8) returned 0x0 [0106.932] CoGetContextToken (in: pToken=0x3cdea8 | out: pToken=0x3cdea8) returned 0x0 [0106.932] CoGetContextToken (in: pToken=0x3ce2bc | out: pToken=0x3ce2bc) returned 0x0 [0106.932] WbemLocator:IUnknown:QueryInterface (in: This=0x608f48, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce254 | out: ppvObject=0x3ce254*=0x603624) returned 0x0 [0106.932] WbemLocator:IRpcOptions:Query (in: This=0x603624, pPrx=0x609f68, dwProperty=2, pdwValue=0x3ce348 | out: pdwValue=0x3ce348) returned 0x80004002 [0106.932] WbemLocator:IUnknown:Release (This=0x603624) returned 0x2 [0106.932] CoGetContextToken (in: pToken=0x3ce88c | out: pToken=0x3ce88c) returned 0x0 [0106.932] CoGetContextToken (in: pToken=0x3ce7ec | out: pToken=0x3ce7ec) returned 0x0 [0106.932] WbemLocator:IUnknown:QueryInterface (in: This=0x608f48, riid=0x3ce8bc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce788 | out: ppvObject=0x3ce788*=0x608f48) returned 0x0 [0106.933] WbemLocator:IUnknown:Release (This=0x608f48) returned 0x2 [0106.933] SysStringLen (param_1=0x0) returned 0x0 [0106.933] CoGetContextToken (in: pToken=0x3ce9bc | out: pToken=0x3ce9bc) returned 0x0 [0106.933] IWbemServices:ExecQuery (in: This=0x608f48, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x3cebc4 | out: ppEnum=0x3cebc4*=0x584860) returned 0x0 [0106.936] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x584864) returned 0x0 [0106.936] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3cea6c, pAuthzSvc=0x3cea68, pServerPrincName=0x3cea60, pAuthnLevel=0x3cea64, pImpLevel=0x3cea54, pAuthInfo=0x3cea58, pCapabilites=0x3cea5c | out: pAuthnSvc=0x3cea6c*=0xa, pAuthzSvc=0x3cea68*=0x0, pServerPrincName=0x3cea60, pAuthnLevel=0x3cea64*=0x6, pImpLevel=0x3cea54*=0x2, pAuthInfo=0x3cea58, pCapabilites=0x3cea5c*=0x1) returned 0x0 [0106.936] IUnknown:Release (This=0x584864) returned 0x1 [0106.936] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x60345c) returned 0x0 [0106.936] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9fc | out: ppvObject=0x3ce9fc*=0x584864) returned 0x0 [0106.936] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.938] IUnknown:Release (This=0x584864) returned 0x2 [0106.938] WbemLocator:IUnknown:Release (This=0x60345c) returned 0x1 [0106.938] CoTaskMemFree (pv=0x600600) [0106.938] IUnknown:AddRef (This=0x584860) returned 0x2 [0106.939] CoGetContextToken (in: pToken=0x3cdf3c | out: pToken=0x3cdf3c) returned 0x0 [0106.939] CoGetContextToken (in: pToken=0x3ce34c | out: pToken=0x3ce34c) returned 0x0 [0106.939] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x603444) returned 0x0 [0106.939] WbemLocator:IRpcOptions:Query (in: This=0x603444, pPrx=0x609f50, dwProperty=2, pdwValue=0x3ce3dc | out: pdwValue=0x3ce3dc) returned 0x80004002 [0106.939] WbemLocator:IUnknown:Release (This=0x603444) returned 0x2 [0106.939] CoGetContextToken (in: pToken=0x3ce91c | out: pToken=0x3ce91c) returned 0x0 [0106.939] CoGetContextToken (in: pToken=0x3ce87c | out: pToken=0x3ce87c) returned 0x0 [0106.939] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce94c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce818 | out: ppvObject=0x3ce818*=0x584860) returned 0x0 [0106.939] IUnknown:Release (This=0x584860) returned 0x2 [0106.939] SysStringLen (param_1=0x0) returned 0x0 [0106.940] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df740, puCount=0x3cec10 | out: puCount=0x3cec10*=0x2) returned 0x0 [0106.940] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=4, puBuffLength=0x3cec0c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec0c*=0x18, pszText=0x0) returned 0x0 [0106.940] WbemDefPath:IWbemPath:GetText (in: This=0x5df740, lFlags=4, puBuffLength=0x3cec0c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec0c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.940] CoGetContextToken (in: pToken=0x3cea64 | out: pToken=0x3cea64) returned 0x0 [0106.940] IEnumWbemClassObject:Clone (in: This=0x584860, ppEnum=0x3cec1c | out: ppEnum=0x3cec1c*=0x584928) returned 0x0 [0106.942] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cead8 | out: ppvObject=0x3cead8*=0x58492c) returned 0x0 [0106.942] IClientSecurity:QueryBlanket (in: This=0x58492c, pProxy=0x584928, pAuthnSvc=0x3ceb28, pAuthzSvc=0x3ceb24, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20, pImpLevel=0x3ceb10, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18 | out: pAuthnSvc=0x3ceb28*=0xa, pAuthzSvc=0x3ceb24*=0x0, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20*=0x6, pImpLevel=0x3ceb10*=0x2, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18*=0x1) returned 0x0 [0106.942] IUnknown:Release (This=0x58492c) returned 0x1 [0106.942] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceacc | out: ppvObject=0x3ceacc*=0x60381c) returned 0x0 [0106.942] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceab8 | out: ppvObject=0x3ceab8*=0x58492c) returned 0x0 [0106.942] IClientSecurity:SetBlanket (This=0x58492c, pProxy=0x584928, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.943] IUnknown:Release (This=0x58492c) returned 0x2 [0106.943] WbemLocator:IUnknown:Release (This=0x60381c) returned 0x1 [0106.944] CoTaskMemFree (pv=0x600630) [0106.944] IUnknown:AddRef (This=0x584928) returned 0x2 [0106.944] CoGetContextToken (in: pToken=0x3cdfe8 | out: pToken=0x3cdfe8) returned 0x0 [0106.944] CoGetContextToken (in: pToken=0x3ce3fc | out: pToken=0x3ce3fc) returned 0x0 [0106.944] IUnknown:QueryInterface (in: This=0x584928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce394 | out: ppvObject=0x3ce394*=0x603804) returned 0x0 [0106.944] WbemLocator:IRpcOptions:Query (in: This=0x603804, pPrx=0x609fe0, dwProperty=2, pdwValue=0x3ce488 | out: pdwValue=0x3ce488) returned 0x80004002 [0106.944] WbemLocator:IUnknown:Release (This=0x603804) returned 0x2 [0106.945] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0106.945] CoGetContextToken (in: pToken=0x3ce92c | out: pToken=0x3ce92c) returned 0x0 [0106.945] IUnknown:QueryInterface (in: This=0x584928, riid=0x3ce9fc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce8c8 | out: ppvObject=0x3ce8c8*=0x584928) returned 0x0 [0106.945] IUnknown:Release (This=0x584928) returned 0x2 [0106.945] SysStringLen (param_1=0x0) returned 0x0 [0106.945] IEnumWbemClassObject:Reset (This=0x584928) returned 0x0 [0106.946] CoTaskMemAlloc (cb=0x4) returned 0x60a700 [0106.946] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x60a700, puReturned=0x273415c | out: apObjects=0x60a700*=0x0, puReturned=0x273415c*=0x0) returned 0x1 [0106.946] CoTaskMemFree (pv=0x60a700) [0106.947] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0106.947] IUnknown:Release (This=0x584928) returned 0x1 [0106.947] IUnknown:Release (This=0x584928) returned 0x0 [0106.947] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0106.948] IUnknown:Release (This=0x584860) returned 0x1 [0106.948] IUnknown:Release (This=0x584860) returned 0x0 [0106.949] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec38 | out: ppv=0x3cec38*=0x56e704) returned 0x0 [0106.949] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec30 | out: pAptType=0x3cec30*=1) returned 0x0 [0106.949] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec34 | out: ppvObject=0x3cec34*=0x0) returned 0x80004002 [0106.949] IUnknown:Release (This=0x56e704) returned 0x1 [0106.950] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce5a0 | out: ppv=0x3ce5a0*=0x5ea518) returned 0x0 [0106.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea518, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7b8 | out: ppvObject=0x3ce7b8*=0x0) returned 0x80004002 [0106.950] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea518, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce7c4 | out: ppvObject=0x3ce7c4*=0x5df7b0) returned 0x0 [0106.950] WbemDefPath:IUnknown:Release (This=0x5ea518) returned 0x0 [0106.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3e4 | out: ppvObject=0x3ce3e4*=0x5df7b0) returned 0x0 [0106.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce398 | out: ppvObject=0x3ce398*=0x0) returned 0x80004002 [0106.960] WbemDefPath:IUnknown:AddRef (This=0x5df7b0) returned 0x3 [0106.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcf4 | out: ppvObject=0x3cdcf4*=0x0) returned 0x80004002 [0106.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdca4 | out: ppvObject=0x3cdca4*=0x0) returned 0x80004002 [0106.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdcb0 | out: ppvObject=0x3cdcb0*=0x5ea508) returned 0x0 [0106.960] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea508, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdcb8 | out: pCid=0x3cdcb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0106.960] WbemDefPath:IUnknown:Release (This=0x5ea508) returned 0x3 [0106.961] CoGetContextToken (in: pToken=0x3cdd10 | out: pToken=0x3cdd10) returned 0x0 [0106.961] CoGetContextToken (in: pToken=0x3ce124 | out: pToken=0x3ce124) returned 0x0 [0106.961] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1a4 | out: ppvObject=0x3ce1a4*=0x0) returned 0x80004002 [0106.961] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x2 [0106.961] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x1 [0106.961] CoGetContextToken (in: pToken=0x3ceabc | out: pToken=0x3ceabc) returned 0x0 [0106.961] CoGetContextToken (in: pToken=0x3cea1c | out: pToken=0x3cea1c) returned 0x0 [0106.961] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x3ceaec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceae8 | out: ppvObject=0x3ceae8*=0x5df7b0) returned 0x0 [0106.961] WbemDefPath:IUnknown:AddRef (This=0x5df7b0) returned 0x3 [0106.961] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x2 [0106.961] WbemDefPath:IWbemPath:SetText (This=0x5df7b0, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0106.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df7b0, puCount=0x3cec60 | out: puCount=0x3cec60*=0x2) returned 0x0 [0106.961] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=4, puBuffLength=0x3cec5c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec5c*=0x18, pszText=0x0) returned 0x0 [0106.961] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=4, puBuffLength=0x3cec5c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec5c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df7b0, puCount=0x3cec4c | out: puCount=0x3cec4c*=0x2) returned 0x0 [0106.961] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=4, puBuffLength=0x3cec48*=0x0, pszText=0x0 | out: puBuffLength=0x3cec48*=0x18, pszText=0x0) returned 0x0 [0106.961] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=4, puBuffLength=0x3cec48*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec48*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.961] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebdc | out: ppv=0x3cebdc*=0x56e704) returned 0x0 [0106.962] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebd4 | out: pAptType=0x3cebd4*=1) returned 0x0 [0106.962] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebd8 | out: ppvObject=0x3cebd8*=0x0) returned 0x80004002 [0106.962] IUnknown:Release (This=0x56e704) returned 0x1 [0106.963] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7f8 | out: ppv=0x3ce7f8*=0x609ff8) returned 0x0 [0106.963] WbemLocator:IUnknown:QueryInterface (in: This=0x609ff8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x0) returned 0x80004002 [0106.963] WbemLocator:IClassFactory:CreateInstance (in: This=0x609ff8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x5ea408) returned 0x0 [0106.963] WbemLocator:IUnknown:Release (This=0x609ff8) returned 0x0 [0106.963] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea408, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce63c | out: ppvObject=0x3ce63c*=0x5ea408) returned 0x0 [0106.963] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea408, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5f0 | out: ppvObject=0x3ce5f0*=0x0) returned 0x80004002 [0106.964] WbemLocator:IUnknown:AddRef (This=0x5ea408) returned 0x3 [0106.964] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea408, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf4c | out: ppvObject=0x3cdf4c*=0x0) returned 0x80004002 [0106.964] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea408, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdefc | out: ppvObject=0x3cdefc*=0x0) returned 0x80004002 [0106.964] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea408, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf08 | out: ppvObject=0x3cdf08*=0x0) returned 0x80004002 [0106.964] CoGetContextToken (in: pToken=0x3cdf68 | out: pToken=0x3cdf68) returned 0x0 [0106.964] CoGetContextToken (in: pToken=0x3ce37c | out: pToken=0x3ce37c) returned 0x0 [0106.964] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea408, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3fc | out: ppvObject=0x3ce3fc*=0x0) returned 0x80004002 [0106.964] WbemLocator:IUnknown:Release (This=0x5ea408) returned 0x2 [0106.964] WbemLocator:IUnknown:Release (This=0x5ea408) returned 0x1 [0106.964] CoGetContextToken (in: pToken=0x3ce9fc | out: pToken=0x3ce9fc) returned 0x0 [0106.964] CoGetContextToken (in: pToken=0x3ce95c | out: pToken=0x3ce95c) returned 0x0 [0106.964] WbemLocator:IUnknown:QueryInterface (in: This=0x5ea408, riid=0x3cea2c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3cea28 | out: ppvObject=0x3cea28*=0x5ea408) returned 0x0 [0106.964] WbemLocator:IUnknown:AddRef (This=0x5ea408) returned 0x3 [0106.964] WbemLocator:IUnknown:Release (This=0x5ea408) returned 0x2 [0106.964] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df7b0, puCount=0x3cebb8 | out: puCount=0x3cebb8*=0x2) returned 0x0 [0106.964] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=8, puBuffLength=0x3cebb4*=0x0, pszText=0x0 | out: puBuffLength=0x3cebb4*=0x18, pszText=0x0) returned 0x0 [0106.964] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=8, puBuffLength=0x3cebb4*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cebb4*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.965] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea50 | out: ppv=0x3cea50*=0x60a6f0) returned 0x0 [0106.965] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a6f0, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceb04 | out: ppNamespace=0x3ceb04*=0x608e58) returned 0x0 [0106.975] WbemLocator:IUnknown:QueryInterface (in: This=0x608e58, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce974 | out: ppvObject=0x3ce974*=0x60370c) returned 0x0 [0106.975] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60370c, pProxy=0x608e58, pAuthnSvc=0x3ce9c4, pAuthzSvc=0x3ce9c0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc, pImpLevel=0x3ce9ac, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4 | out: pAuthnSvc=0x3ce9c4*=0xa, pAuthzSvc=0x3ce9c0*=0x0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc*=0x6, pImpLevel=0x3ce9ac*=0x2, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4*=0x1) returned 0x0 [0106.975] WbemLocator:IUnknown:Release (This=0x60370c) returned 0x1 [0106.975] WbemLocator:IUnknown:QueryInterface (in: This=0x608e58, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce968 | out: ppvObject=0x3ce968*=0x60372c) returned 0x0 [0106.975] WbemLocator:IUnknown:QueryInterface (in: This=0x608e58, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce954 | out: ppvObject=0x3ce954*=0x60370c) returned 0x0 [0106.975] WbemLocator:IClientSecurity:SetBlanket (This=0x60370c, pProxy=0x608e58, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.976] WbemLocator:IUnknown:Release (This=0x60370c) returned 0x2 [0106.976] WbemLocator:IUnknown:Release (This=0x60372c) returned 0x1 [0106.976] CoTaskMemFree (pv=0x6005a0) [0106.976] WbemLocator:IUnknown:AddRef (This=0x608e58) returned 0x2 [0106.976] WbemLocator:IUnknown:Release (This=0x60a6f0) returned 0x0 [0106.976] CoGetContextToken (in: pToken=0x3cdea8 | out: pToken=0x3cdea8) returned 0x0 [0106.976] CoGetContextToken (in: pToken=0x3ce2bc | out: pToken=0x3ce2bc) returned 0x0 [0106.976] WbemLocator:IUnknown:QueryInterface (in: This=0x608e58, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce254 | out: ppvObject=0x3ce254*=0x603714) returned 0x0 [0106.976] WbemLocator:IRpcOptions:Query (in: This=0x603714, pPrx=0x60a070, dwProperty=2, pdwValue=0x3ce348 | out: pdwValue=0x3ce348) returned 0x80004002 [0106.976] WbemLocator:IUnknown:Release (This=0x603714) returned 0x2 [0106.977] CoGetContextToken (in: pToken=0x3ce88c | out: pToken=0x3ce88c) returned 0x0 [0106.977] CoGetContextToken (in: pToken=0x3ce7ec | out: pToken=0x3ce7ec) returned 0x0 [0106.977] WbemLocator:IUnknown:QueryInterface (in: This=0x608e58, riid=0x3ce8bc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce788 | out: ppvObject=0x3ce788*=0x608e58) returned 0x0 [0106.977] WbemLocator:IUnknown:Release (This=0x608e58) returned 0x2 [0106.977] SysStringLen (param_1=0x0) returned 0x0 [0106.977] CoGetContextToken (in: pToken=0x3ce9bc | out: pToken=0x3ce9bc) returned 0x0 [0106.977] IWbemServices:ExecQuery (in: This=0x608e58, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x3cebc4 | out: ppEnum=0x3cebc4*=0x584860) returned 0x0 [0106.979] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea20 | out: ppvObject=0x3cea20*=0x584864) returned 0x0 [0106.979] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3cea70, pAuthzSvc=0x3cea6c, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68, pImpLevel=0x3cea58, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60 | out: pAuthnSvc=0x3cea70*=0xa, pAuthzSvc=0x3cea6c*=0x0, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68*=0x6, pImpLevel=0x3cea58*=0x2, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60*=0x1) returned 0x0 [0106.979] IUnknown:Release (This=0x584864) returned 0x1 [0106.979] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea14 | out: ppvObject=0x3cea14*=0x60345c) returned 0x0 [0106.979] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea00 | out: ppvObject=0x3cea00*=0x584864) returned 0x0 [0106.979] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.981] IUnknown:Release (This=0x584864) returned 0x2 [0106.981] WbemLocator:IUnknown:Release (This=0x60345c) returned 0x1 [0106.981] CoTaskMemFree (pv=0x60aef0) [0106.981] IUnknown:AddRef (This=0x584860) returned 0x2 [0106.982] CoGetContextToken (in: pToken=0x3cdf40 | out: pToken=0x3cdf40) returned 0x0 [0106.982] CoGetContextToken (in: pToken=0x3ce354 | out: pToken=0x3ce354) returned 0x0 [0106.982] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2ec | out: ppvObject=0x3ce2ec*=0x603444) returned 0x0 [0106.983] WbemLocator:IRpcOptions:Query (in: This=0x603444, pPrx=0x609fe0, dwProperty=2, pdwValue=0x3ce3e0 | out: pdwValue=0x3ce3e0) returned 0x80004002 [0106.983] WbemLocator:IUnknown:Release (This=0x603444) returned 0x2 [0106.983] CoGetContextToken (in: pToken=0x3ce924 | out: pToken=0x3ce924) returned 0x0 [0106.983] CoGetContextToken (in: pToken=0x3ce884 | out: pToken=0x3ce884) returned 0x0 [0106.983] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce954*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce820 | out: ppvObject=0x3ce820*=0x584860) returned 0x0 [0106.983] IUnknown:Release (This=0x584860) returned 0x2 [0106.983] SysStringLen (param_1=0x0) returned 0x0 [0106.983] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df7b0, puCount=0x3cec10 | out: puCount=0x3cec10*=0x2) returned 0x0 [0106.983] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=4, puBuffLength=0x3cec0c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec0c*=0x18, pszText=0x0) returned 0x0 [0106.983] WbemDefPath:IWbemPath:GetText (in: This=0x5df7b0, lFlags=4, puBuffLength=0x3cec0c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x3cec0c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0106.983] CoGetContextToken (in: pToken=0x3cea64 | out: pToken=0x3cea64) returned 0x0 [0106.984] IEnumWbemClassObject:Clone (in: This=0x584860, ppEnum=0x3cec1c | out: ppEnum=0x3cec1c*=0x584928) returned 0x0 [0106.985] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cead8 | out: ppvObject=0x3cead8*=0x58492c) returned 0x0 [0106.985] IClientSecurity:QueryBlanket (in: This=0x58492c, pProxy=0x584928, pAuthnSvc=0x3ceb28, pAuthzSvc=0x3ceb24, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20, pImpLevel=0x3ceb10, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18 | out: pAuthnSvc=0x3ceb28*=0xa, pAuthzSvc=0x3ceb24*=0x0, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20*=0x6, pImpLevel=0x3ceb10*=0x2, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18*=0x1) returned 0x0 [0106.985] IUnknown:Release (This=0x58492c) returned 0x1 [0106.985] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceacc | out: ppvObject=0x3ceacc*=0x60390c) returned 0x0 [0106.985] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceab8 | out: ppvObject=0x3ceab8*=0x58492c) returned 0x0 [0106.985] IClientSecurity:SetBlanket (This=0x58492c, pProxy=0x584928, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0106.987] IUnknown:Release (This=0x58492c) returned 0x2 [0106.987] WbemLocator:IUnknown:Release (This=0x60390c) returned 0x1 [0106.987] CoTaskMemFree (pv=0x60af20) [0106.987] IUnknown:AddRef (This=0x584928) returned 0x2 [0106.988] CoGetContextToken (in: pToken=0x3cdfe8 | out: pToken=0x3cdfe8) returned 0x0 [0106.988] CoGetContextToken (in: pToken=0x3ce3fc | out: pToken=0x3ce3fc) returned 0x0 [0106.988] IUnknown:QueryInterface (in: This=0x584928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce394 | out: ppvObject=0x3ce394*=0x6038f4) returned 0x0 [0106.988] WbemLocator:IRpcOptions:Query (in: This=0x6038f4, pPrx=0x60a100, dwProperty=2, pdwValue=0x3ce488 | out: pdwValue=0x3ce488) returned 0x80004002 [0106.988] WbemLocator:IUnknown:Release (This=0x6038f4) returned 0x2 [0106.988] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0106.988] CoGetContextToken (in: pToken=0x3ce92c | out: pToken=0x3ce92c) returned 0x0 [0106.988] IUnknown:QueryInterface (in: This=0x584928, riid=0x3ce9fc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce8c8 | out: ppvObject=0x3ce8c8*=0x584928) returned 0x0 [0106.988] IUnknown:Release (This=0x584928) returned 0x2 [0106.988] SysStringLen (param_1=0x0) returned 0x0 [0106.988] IEnumWbemClassObject:Reset (This=0x584928) returned 0x0 [0106.989] CoTaskMemAlloc (cb=0x4) returned 0x60a760 [0106.989] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x60a760, puReturned=0x2735208 | out: apObjects=0x60a760*=0x0, puReturned=0x2735208*=0x0) returned 0x1 [0106.990] CoTaskMemFree (pv=0x60a760) [0106.990] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0106.990] IUnknown:Release (This=0x584928) returned 0x1 [0106.990] IUnknown:Release (This=0x584928) returned 0x0 [0106.991] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0106.991] IUnknown:Release (This=0x584860) returned 0x1 [0106.991] IUnknown:Release (This=0x584860) returned 0x0 [0106.993] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec38 | out: ppv=0x3cec38*=0x56e704) returned 0x0 [0106.993] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec30 | out: pAptType=0x3cec30*=1) returned 0x0 [0106.993] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec34 | out: ppvObject=0x3cec34*=0x0) returned 0x80004002 [0106.993] IUnknown:Release (This=0x56e704) returned 0x1 [0106.994] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce5a0 | out: ppv=0x3ce5a0*=0x60a760) returned 0x0 [0106.994] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a760, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7b8 | out: ppvObject=0x3ce7b8*=0x0) returned 0x80004002 [0106.994] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a760, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce7c4 | out: ppvObject=0x3ce7c4*=0x5df820) returned 0x0 [0106.994] WbemDefPath:IUnknown:Release (This=0x60a760) returned 0x0 [0106.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3e4 | out: ppvObject=0x3ce3e4*=0x5df820) returned 0x0 [0106.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce398 | out: ppvObject=0x3ce398*=0x0) returned 0x80004002 [0106.995] WbemDefPath:IUnknown:AddRef (This=0x5df820) returned 0x3 [0106.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcf4 | out: ppvObject=0x3cdcf4*=0x0) returned 0x80004002 [0106.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdca4 | out: ppvObject=0x3cdca4*=0x0) returned 0x80004002 [0106.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdcb0 | out: ppvObject=0x3cdcb0*=0x60a720) returned 0x0 [0106.995] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a720, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdcb8 | out: pCid=0x3cdcb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0106.995] WbemDefPath:IUnknown:Release (This=0x60a720) returned 0x3 [0106.995] CoGetContextToken (in: pToken=0x3cdd10 | out: pToken=0x3cdd10) returned 0x0 [0106.995] CoGetContextToken (in: pToken=0x3ce124 | out: pToken=0x3ce124) returned 0x0 [0106.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1a4 | out: ppvObject=0x3ce1a4*=0x0) returned 0x80004002 [0106.995] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x2 [0106.995] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x1 [0106.995] CoGetContextToken (in: pToken=0x3ceabc | out: pToken=0x3ceabc) returned 0x0 [0106.996] CoGetContextToken (in: pToken=0x3cea1c | out: pToken=0x3cea1c) returned 0x0 [0106.996] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x3ceaec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceae8 | out: ppvObject=0x3ceae8*=0x5df820) returned 0x0 [0106.996] WbemDefPath:IUnknown:AddRef (This=0x5df820) returned 0x3 [0106.996] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x2 [0106.996] WbemDefPath:IWbemPath:SetText (This=0x5df820, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0106.996] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df820, puCount=0x3cec60 | out: puCount=0x3cec60*=0x2) returned 0x0 [0106.996] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=4, puBuffLength=0x3cec5c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec5c*=0x19, pszText=0x0) returned 0x0 [0106.996] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=4, puBuffLength=0x3cec5c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec5c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0106.996] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df820, puCount=0x3cec4c | out: puCount=0x3cec4c*=0x2) returned 0x0 [0106.996] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=4, puBuffLength=0x3cec48*=0x0, pszText=0x0 | out: puBuffLength=0x3cec48*=0x19, pszText=0x0) returned 0x0 [0106.996] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=4, puBuffLength=0x3cec48*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec48*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0106.996] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebdc | out: ppv=0x3cebdc*=0x56e704) returned 0x0 [0106.996] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebd4 | out: pAptType=0x3cebd4*=1) returned 0x0 [0106.996] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebd8 | out: ppvObject=0x3cebd8*=0x0) returned 0x80004002 [0106.996] IUnknown:Release (This=0x56e704) returned 0x1 [0106.998] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7f8 | out: ppv=0x3ce7f8*=0x60a178) returned 0x0 [0106.998] WbemLocator:IUnknown:QueryInterface (in: This=0x60a178, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x0) returned 0x80004002 [0106.998] WbemLocator:IClassFactory:CreateInstance (in: This=0x60a178, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x60a750) returned 0x0 [0106.998] WbemLocator:IUnknown:Release (This=0x60a178) returned 0x0 [0106.998] WbemLocator:IUnknown:QueryInterface (in: This=0x60a750, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce63c | out: ppvObject=0x3ce63c*=0x60a750) returned 0x0 [0106.998] WbemLocator:IUnknown:QueryInterface (in: This=0x60a750, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5f0 | out: ppvObject=0x3ce5f0*=0x0) returned 0x80004002 [0106.998] WbemLocator:IUnknown:AddRef (This=0x60a750) returned 0x3 [0106.998] WbemLocator:IUnknown:QueryInterface (in: This=0x60a750, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf4c | out: ppvObject=0x3cdf4c*=0x0) returned 0x80004002 [0106.999] WbemLocator:IUnknown:QueryInterface (in: This=0x60a750, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdefc | out: ppvObject=0x3cdefc*=0x0) returned 0x80004002 [0106.999] WbemLocator:IUnknown:QueryInterface (in: This=0x60a750, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf08 | out: ppvObject=0x3cdf08*=0x0) returned 0x80004002 [0106.999] CoGetContextToken (in: pToken=0x3cdf68 | out: pToken=0x3cdf68) returned 0x0 [0106.999] CoGetContextToken (in: pToken=0x3ce37c | out: pToken=0x3ce37c) returned 0x0 [0106.999] WbemLocator:IUnknown:QueryInterface (in: This=0x60a750, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3fc | out: ppvObject=0x3ce3fc*=0x0) returned 0x80004002 [0106.999] WbemLocator:IUnknown:Release (This=0x60a750) returned 0x2 [0106.999] WbemLocator:IUnknown:Release (This=0x60a750) returned 0x1 [0106.999] CoGetContextToken (in: pToken=0x3ce9fc | out: pToken=0x3ce9fc) returned 0x0 [0106.999] CoGetContextToken (in: pToken=0x3ce95c | out: pToken=0x3ce95c) returned 0x0 [0106.999] WbemLocator:IUnknown:QueryInterface (in: This=0x60a750, riid=0x3cea2c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3cea28 | out: ppvObject=0x3cea28*=0x60a750) returned 0x0 [0106.999] WbemLocator:IUnknown:AddRef (This=0x60a750) returned 0x3 [0106.999] WbemLocator:IUnknown:Release (This=0x60a750) returned 0x2 [0106.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df820, puCount=0x3cebb8 | out: puCount=0x3cebb8*=0x2) returned 0x0 [0106.999] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=8, puBuffLength=0x3cebb4*=0x0, pszText=0x0 | out: puBuffLength=0x3cebb4*=0x19, pszText=0x0) returned 0x0 [0107.000] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=8, puBuffLength=0x3cebb4*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cebb4*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.000] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea50 | out: ppv=0x3cea50*=0x60a730) returned 0x0 [0107.000] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a730, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceb04 | out: ppNamespace=0x3ceb04*=0x6090d8) returned 0x0 [0107.007] WbemLocator:IUnknown:QueryInterface (in: This=0x6090d8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce974 | out: ppvObject=0x3ce974*=0x6037fc) returned 0x0 [0107.008] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6037fc, pProxy=0x6090d8, pAuthnSvc=0x3ce9c4, pAuthzSvc=0x3ce9c0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc, pImpLevel=0x3ce9ac, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4 | out: pAuthnSvc=0x3ce9c4*=0xa, pAuthzSvc=0x3ce9c0*=0x0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc*=0x6, pImpLevel=0x3ce9ac*=0x2, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4*=0x1) returned 0x0 [0107.008] WbemLocator:IUnknown:Release (This=0x6037fc) returned 0x1 [0107.008] WbemLocator:IUnknown:QueryInterface (in: This=0x6090d8, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce968 | out: ppvObject=0x3ce968*=0x60381c) returned 0x0 [0107.008] WbemLocator:IUnknown:QueryInterface (in: This=0x6090d8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce954 | out: ppvObject=0x3ce954*=0x6037fc) returned 0x0 [0107.008] WbemLocator:IClientSecurity:SetBlanket (This=0x6037fc, pProxy=0x6090d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.008] WbemLocator:IUnknown:Release (This=0x6037fc) returned 0x2 [0107.008] WbemLocator:IUnknown:Release (This=0x60381c) returned 0x1 [0107.008] CoTaskMemFree (pv=0x60aef0) [0107.008] WbemLocator:IUnknown:AddRef (This=0x6090d8) returned 0x2 [0107.008] WbemLocator:IUnknown:Release (This=0x60a730) returned 0x0 [0107.009] CoGetContextToken (in: pToken=0x3cdea8 | out: pToken=0x3cdea8) returned 0x0 [0107.009] CoGetContextToken (in: pToken=0x3ce2bc | out: pToken=0x3ce2bc) returned 0x0 [0107.009] WbemLocator:IUnknown:QueryInterface (in: This=0x6090d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce254 | out: ppvObject=0x3ce254*=0x603804) returned 0x0 [0107.009] WbemLocator:IRpcOptions:Query (in: This=0x603804, pPrx=0x60a1c0, dwProperty=2, pdwValue=0x3ce348 | out: pdwValue=0x3ce348) returned 0x80004002 [0107.009] WbemLocator:IUnknown:Release (This=0x603804) returned 0x2 [0107.009] CoGetContextToken (in: pToken=0x3ce88c | out: pToken=0x3ce88c) returned 0x0 [0107.009] CoGetContextToken (in: pToken=0x3ce7ec | out: pToken=0x3ce7ec) returned 0x0 [0107.010] WbemLocator:IUnknown:QueryInterface (in: This=0x6090d8, riid=0x3ce8bc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce788 | out: ppvObject=0x3ce788*=0x6090d8) returned 0x0 [0107.010] WbemLocator:IUnknown:Release (This=0x6090d8) returned 0x2 [0107.010] SysStringLen (param_1=0x0) returned 0x0 [0107.010] CoGetContextToken (in: pToken=0x3ce9bc | out: pToken=0x3ce9bc) returned 0x0 [0107.010] IWbemServices:ExecQuery (in: This=0x6090d8, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x3cebc4 | out: ppEnum=0x3cebc4*=0x584860) returned 0x0 [0107.014] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea20 | out: ppvObject=0x3cea20*=0x584864) returned 0x0 [0107.015] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3cea70, pAuthzSvc=0x3cea6c, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68, pImpLevel=0x3cea58, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60 | out: pAuthnSvc=0x3cea70*=0xa, pAuthzSvc=0x3cea6c*=0x0, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68*=0x6, pImpLevel=0x3cea58*=0x2, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60*=0x1) returned 0x0 [0107.015] IUnknown:Release (This=0x584864) returned 0x1 [0107.015] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea14 | out: ppvObject=0x3cea14*=0x60345c) returned 0x0 [0107.015] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea00 | out: ppvObject=0x3cea00*=0x584864) returned 0x0 [0107.015] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.017] IUnknown:Release (This=0x584864) returned 0x2 [0107.017] WbemLocator:IUnknown:Release (This=0x60345c) returned 0x1 [0107.017] CoTaskMemFree (pv=0x60af20) [0107.017] IUnknown:AddRef (This=0x584860) returned 0x2 [0107.018] CoGetContextToken (in: pToken=0x3cdf40 | out: pToken=0x3cdf40) returned 0x0 [0107.018] CoGetContextToken (in: pToken=0x3ce354 | out: pToken=0x3ce354) returned 0x0 [0107.018] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2ec | out: ppvObject=0x3ce2ec*=0x603444) returned 0x0 [0107.018] WbemLocator:IRpcOptions:Query (in: This=0x603444, pPrx=0x60a190, dwProperty=2, pdwValue=0x3ce3e0 | out: pdwValue=0x3ce3e0) returned 0x80004002 [0107.018] WbemLocator:IUnknown:Release (This=0x603444) returned 0x2 [0107.018] CoGetContextToken (in: pToken=0x3ce924 | out: pToken=0x3ce924) returned 0x0 [0107.018] CoGetContextToken (in: pToken=0x3ce884 | out: pToken=0x3ce884) returned 0x0 [0107.018] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce954*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce820 | out: ppvObject=0x3ce820*=0x584860) returned 0x0 [0107.018] IUnknown:Release (This=0x584860) returned 0x2 [0107.019] SysStringLen (param_1=0x0) returned 0x0 [0107.019] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df820, puCount=0x3cec10 | out: puCount=0x3cec10*=0x2) returned 0x0 [0107.019] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=4, puBuffLength=0x3cec0c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec0c*=0x19, pszText=0x0) returned 0x0 [0107.019] WbemDefPath:IWbemPath:GetText (in: This=0x5df820, lFlags=4, puBuffLength=0x3cec0c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec0c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.019] CoGetContextToken (in: pToken=0x3cea64 | out: pToken=0x3cea64) returned 0x0 [0107.019] IEnumWbemClassObject:Clone (in: This=0x584860, ppEnum=0x3cec1c | out: ppEnum=0x3cec1c*=0x584928) returned 0x0 [0107.020] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cead8 | out: ppvObject=0x3cead8*=0x58492c) returned 0x0 [0107.020] IClientSecurity:QueryBlanket (in: This=0x58492c, pProxy=0x584928, pAuthnSvc=0x3ceb28, pAuthzSvc=0x3ceb24, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20, pImpLevel=0x3ceb10, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18 | out: pAuthnSvc=0x3ceb28*=0xa, pAuthzSvc=0x3ceb24*=0x0, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20*=0x6, pImpLevel=0x3ceb10*=0x2, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18*=0x1) returned 0x0 [0107.020] IUnknown:Release (This=0x58492c) returned 0x1 [0107.020] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceacc | out: ppvObject=0x3ceacc*=0x6039fc) returned 0x0 [0107.020] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceab8 | out: ppvObject=0x3ceab8*=0x58492c) returned 0x0 [0107.020] IClientSecurity:SetBlanket (This=0x58492c, pProxy=0x584928, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.023] IUnknown:Release (This=0x58492c) returned 0x2 [0107.023] WbemLocator:IUnknown:Release (This=0x6039fc) returned 0x1 [0107.023] CoTaskMemFree (pv=0x60af50) [0107.023] IUnknown:AddRef (This=0x584928) returned 0x2 [0107.023] CoGetContextToken (in: pToken=0x3cdfe8 | out: pToken=0x3cdfe8) returned 0x0 [0107.023] CoGetContextToken (in: pToken=0x3ce3fc | out: pToken=0x3ce3fc) returned 0x0 [0107.023] IUnknown:QueryInterface (in: This=0x584928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce394 | out: ppvObject=0x3ce394*=0x6039e4) returned 0x0 [0107.024] WbemLocator:IRpcOptions:Query (in: This=0x6039e4, pPrx=0x60a250, dwProperty=2, pdwValue=0x3ce488 | out: pdwValue=0x3ce488) returned 0x80004002 [0107.024] WbemLocator:IUnknown:Release (This=0x6039e4) returned 0x2 [0107.024] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0107.024] CoGetContextToken (in: pToken=0x3ce92c | out: pToken=0x3ce92c) returned 0x0 [0107.024] IUnknown:QueryInterface (in: This=0x584928, riid=0x3ce9fc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce8c8 | out: ppvObject=0x3ce8c8*=0x584928) returned 0x0 [0107.024] IUnknown:Release (This=0x584928) returned 0x2 [0107.024] SysStringLen (param_1=0x0) returned 0x0 [0107.024] IEnumWbemClassObject:Reset (This=0x584928) returned 0x0 [0107.026] CoTaskMemAlloc (cb=0x4) returned 0x60a7c0 [0107.026] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x60a7c0, puReturned=0x273672c | out: apObjects=0x60a7c0*=0x0, puReturned=0x273672c*=0x0) returned 0x1 [0107.027] CoTaskMemFree (pv=0x60a7c0) [0107.027] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0107.027] IUnknown:Release (This=0x584928) returned 0x1 [0107.027] IUnknown:Release (This=0x584928) returned 0x0 [0107.028] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0107.028] IUnknown:Release (This=0x584860) returned 0x1 [0107.028] IUnknown:Release (This=0x584860) returned 0x0 [0107.029] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec38 | out: ppv=0x3cec38*=0x56e704) returned 0x0 [0107.029] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec30 | out: pAptType=0x3cec30*=1) returned 0x0 [0107.029] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec34 | out: ppvObject=0x3cec34*=0x0) returned 0x80004002 [0107.029] IUnknown:Release (This=0x56e704) returned 0x1 [0107.030] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce5a0 | out: ppv=0x3ce5a0*=0x60a7c0) returned 0x0 [0107.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a7c0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7b8 | out: ppvObject=0x3ce7b8*=0x0) returned 0x80004002 [0107.031] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a7c0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce7c4 | out: ppvObject=0x3ce7c4*=0x5df890) returned 0x0 [0107.031] WbemDefPath:IUnknown:Release (This=0x60a7c0) returned 0x0 [0107.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3e4 | out: ppvObject=0x3ce3e4*=0x5df890) returned 0x0 [0107.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce398 | out: ppvObject=0x3ce398*=0x0) returned 0x80004002 [0107.031] WbemDefPath:IUnknown:AddRef (This=0x5df890) returned 0x3 [0107.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcf4 | out: ppvObject=0x3cdcf4*=0x0) returned 0x80004002 [0107.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdca4 | out: ppvObject=0x3cdca4*=0x0) returned 0x80004002 [0107.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdcb0 | out: ppvObject=0x3cdcb0*=0x60a780) returned 0x0 [0107.031] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a780, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdcb8 | out: pCid=0x3cdcb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0107.031] WbemDefPath:IUnknown:Release (This=0x60a780) returned 0x3 [0107.031] CoGetContextToken (in: pToken=0x3cdd10 | out: pToken=0x3cdd10) returned 0x0 [0107.031] CoGetContextToken (in: pToken=0x3ce124 | out: pToken=0x3ce124) returned 0x0 [0107.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1a4 | out: ppvObject=0x3ce1a4*=0x0) returned 0x80004002 [0107.031] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x2 [0107.031] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x1 [0107.032] CoGetContextToken (in: pToken=0x3ceabc | out: pToken=0x3ceabc) returned 0x0 [0107.032] CoGetContextToken (in: pToken=0x3cea1c | out: pToken=0x3cea1c) returned 0x0 [0107.032] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x3ceaec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceae8 | out: ppvObject=0x3ceae8*=0x5df890) returned 0x0 [0107.032] WbemDefPath:IUnknown:AddRef (This=0x5df890) returned 0x3 [0107.032] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x2 [0107.032] WbemDefPath:IWbemPath:SetText (This=0x5df890, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0107.032] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df890, puCount=0x3cec60 | out: puCount=0x3cec60*=0x2) returned 0x0 [0107.032] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec5c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec5c*=0x19, pszText=0x0) returned 0x0 [0107.032] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec5c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec5c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.032] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df890, puCount=0x3cec4c | out: puCount=0x3cec4c*=0x2) returned 0x0 [0107.032] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec48*=0x0, pszText=0x0 | out: puBuffLength=0x3cec48*=0x19, pszText=0x0) returned 0x0 [0107.032] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec48*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec48*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.032] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebdc | out: ppv=0x3cebdc*=0x56e704) returned 0x0 [0107.032] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebd4 | out: pAptType=0x3cebd4*=1) returned 0x0 [0107.032] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebd8 | out: ppvObject=0x3cebd8*=0x0) returned 0x80004002 [0107.032] IUnknown:Release (This=0x56e704) returned 0x1 [0107.033] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7f8 | out: ppv=0x3ce7f8*=0x60a2c8) returned 0x0 [0107.033] WbemLocator:IUnknown:QueryInterface (in: This=0x60a2c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x0) returned 0x80004002 [0107.033] WbemLocator:IClassFactory:CreateInstance (in: This=0x60a2c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x60a7b0) returned 0x0 [0107.033] WbemLocator:IUnknown:Release (This=0x60a2c8) returned 0x0 [0107.033] WbemLocator:IUnknown:QueryInterface (in: This=0x60a7b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce63c | out: ppvObject=0x3ce63c*=0x60a7b0) returned 0x0 [0107.034] WbemLocator:IUnknown:QueryInterface (in: This=0x60a7b0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5f0 | out: ppvObject=0x3ce5f0*=0x0) returned 0x80004002 [0107.034] WbemLocator:IUnknown:AddRef (This=0x60a7b0) returned 0x3 [0107.034] WbemLocator:IUnknown:QueryInterface (in: This=0x60a7b0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf4c | out: ppvObject=0x3cdf4c*=0x0) returned 0x80004002 [0107.034] WbemLocator:IUnknown:QueryInterface (in: This=0x60a7b0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdefc | out: ppvObject=0x3cdefc*=0x0) returned 0x80004002 [0107.034] WbemLocator:IUnknown:QueryInterface (in: This=0x60a7b0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf08 | out: ppvObject=0x3cdf08*=0x0) returned 0x80004002 [0107.034] CoGetContextToken (in: pToken=0x3cdf68 | out: pToken=0x3cdf68) returned 0x0 [0107.034] CoGetContextToken (in: pToken=0x3ce37c | out: pToken=0x3ce37c) returned 0x0 [0107.034] WbemLocator:IUnknown:QueryInterface (in: This=0x60a7b0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3fc | out: ppvObject=0x3ce3fc*=0x0) returned 0x80004002 [0107.034] WbemLocator:IUnknown:Release (This=0x60a7b0) returned 0x2 [0107.034] WbemLocator:IUnknown:Release (This=0x60a7b0) returned 0x1 [0107.034] CoGetContextToken (in: pToken=0x3ce9fc | out: pToken=0x3ce9fc) returned 0x0 [0107.034] CoGetContextToken (in: pToken=0x3ce95c | out: pToken=0x3ce95c) returned 0x0 [0107.034] WbemLocator:IUnknown:QueryInterface (in: This=0x60a7b0, riid=0x3cea2c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3cea28 | out: ppvObject=0x3cea28*=0x60a7b0) returned 0x0 [0107.034] WbemLocator:IUnknown:AddRef (This=0x60a7b0) returned 0x3 [0107.034] WbemLocator:IUnknown:Release (This=0x60a7b0) returned 0x2 [0107.034] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df890, puCount=0x3cebb8 | out: puCount=0x3cebb8*=0x2) returned 0x0 [0107.034] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=8, puBuffLength=0x3cebb4*=0x0, pszText=0x0 | out: puBuffLength=0x3cebb4*=0x19, pszText=0x0) returned 0x0 [0107.034] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=8, puBuffLength=0x3cebb4*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cebb4*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.034] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea50 | out: ppv=0x3cea50*=0x60a790) returned 0x0 [0107.035] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a790, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceb04 | out: ppNamespace=0x3ceb04*=0x6091c8) returned 0x0 [0107.040] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce974 | out: ppvObject=0x3ce974*=0x6038ec) returned 0x0 [0107.040] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6038ec, pProxy=0x6091c8, pAuthnSvc=0x3ce9c4, pAuthzSvc=0x3ce9c0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc, pImpLevel=0x3ce9ac, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4 | out: pAuthnSvc=0x3ce9c4*=0xa, pAuthzSvc=0x3ce9c0*=0x0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc*=0x6, pImpLevel=0x3ce9ac*=0x2, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4*=0x1) returned 0x0 [0107.040] WbemLocator:IUnknown:Release (This=0x6038ec) returned 0x1 [0107.041] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce968 | out: ppvObject=0x3ce968*=0x60390c) returned 0x0 [0107.041] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce954 | out: ppvObject=0x3ce954*=0x6038ec) returned 0x0 [0107.041] WbemLocator:IClientSecurity:SetBlanket (This=0x6038ec, pProxy=0x6091c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.041] WbemLocator:IUnknown:Release (This=0x6038ec) returned 0x2 [0107.041] WbemLocator:IUnknown:Release (This=0x60390c) returned 0x1 [0107.041] CoTaskMemFree (pv=0x60af20) [0107.041] WbemLocator:IUnknown:AddRef (This=0x6091c8) returned 0x2 [0107.041] WbemLocator:IUnknown:Release (This=0x60a790) returned 0x0 [0107.042] CoGetContextToken (in: pToken=0x3cdea8 | out: pToken=0x3cdea8) returned 0x0 [0107.042] CoGetContextToken (in: pToken=0x3ce2bc | out: pToken=0x3ce2bc) returned 0x0 [0107.042] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce254 | out: ppvObject=0x3ce254*=0x6038f4) returned 0x0 [0107.042] WbemLocator:IRpcOptions:Query (in: This=0x6038f4, pPrx=0x60a310, dwProperty=2, pdwValue=0x3ce348 | out: pdwValue=0x3ce348) returned 0x80004002 [0107.042] WbemLocator:IUnknown:Release (This=0x6038f4) returned 0x2 [0107.042] CoGetContextToken (in: pToken=0x3ce88c | out: pToken=0x3ce88c) returned 0x0 [0107.042] CoGetContextToken (in: pToken=0x3ce7ec | out: pToken=0x3ce7ec) returned 0x0 [0107.042] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x3ce8bc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce788 | out: ppvObject=0x3ce788*=0x6091c8) returned 0x0 [0107.042] WbemLocator:IUnknown:Release (This=0x6091c8) returned 0x2 [0107.042] SysStringLen (param_1=0x0) returned 0x0 [0107.043] CoGetContextToken (in: pToken=0x3ce9bc | out: pToken=0x3ce9bc) returned 0x0 [0107.043] IWbemServices:ExecQuery (in: This=0x6091c8, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x3cebc4 | out: ppEnum=0x3cebc4*=0x584860) returned 0x0 [0107.045] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x584864) returned 0x0 [0107.045] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3cea6c, pAuthzSvc=0x3cea68, pServerPrincName=0x3cea60, pAuthnLevel=0x3cea64, pImpLevel=0x3cea54, pAuthInfo=0x3cea58, pCapabilites=0x3cea5c | out: pAuthnSvc=0x3cea6c*=0xa, pAuthzSvc=0x3cea68*=0x0, pServerPrincName=0x3cea60, pAuthnLevel=0x3cea64*=0x6, pImpLevel=0x3cea54*=0x2, pAuthInfo=0x3cea58, pCapabilites=0x3cea5c*=0x1) returned 0x0 [0107.045] IUnknown:Release (This=0x584864) returned 0x1 [0107.045] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x60345c) returned 0x0 [0107.045] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9fc | out: ppvObject=0x3ce9fc*=0x584864) returned 0x0 [0107.045] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.047] IUnknown:Release (This=0x584864) returned 0x2 [0107.047] WbemLocator:IUnknown:Release (This=0x60345c) returned 0x1 [0107.047] CoTaskMemFree (pv=0x60af80) [0107.048] IUnknown:AddRef (This=0x584860) returned 0x2 [0107.048] CoGetContextToken (in: pToken=0x3cdf3c | out: pToken=0x3cdf3c) returned 0x0 [0107.048] CoGetContextToken (in: pToken=0x3ce34c | out: pToken=0x3ce34c) returned 0x0 [0107.048] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x603444) returned 0x0 [0107.048] WbemLocator:IRpcOptions:Query (in: This=0x603444, pPrx=0x60a2e0, dwProperty=2, pdwValue=0x3ce3dc | out: pdwValue=0x3ce3dc) returned 0x80004002 [0107.048] WbemLocator:IUnknown:Release (This=0x603444) returned 0x2 [0107.049] CoGetContextToken (in: pToken=0x3ce91c | out: pToken=0x3ce91c) returned 0x0 [0107.049] CoGetContextToken (in: pToken=0x3ce87c | out: pToken=0x3ce87c) returned 0x0 [0107.049] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce94c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce818 | out: ppvObject=0x3ce818*=0x584860) returned 0x0 [0107.049] IUnknown:Release (This=0x584860) returned 0x2 [0107.049] SysStringLen (param_1=0x0) returned 0x0 [0107.049] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df890, puCount=0x3cec10 | out: puCount=0x3cec10*=0x2) returned 0x0 [0107.049] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec0c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec0c*=0x19, pszText=0x0) returned 0x0 [0107.049] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec0c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec0c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.049] CoGetContextToken (in: pToken=0x3cea64 | out: pToken=0x3cea64) returned 0x0 [0107.050] IEnumWbemClassObject:Clone (in: This=0x584860, ppEnum=0x3cec1c | out: ppEnum=0x3cec1c*=0x584928) returned 0x0 [0107.051] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cead8 | out: ppvObject=0x3cead8*=0x58492c) returned 0x0 [0107.051] IClientSecurity:QueryBlanket (in: This=0x58492c, pProxy=0x584928, pAuthnSvc=0x3ceb28, pAuthzSvc=0x3ceb24, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20, pImpLevel=0x3ceb10, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18 | out: pAuthnSvc=0x3ceb28*=0xa, pAuthzSvc=0x3ceb24*=0x0, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20*=0x6, pImpLevel=0x3ceb10*=0x2, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18*=0x1) returned 0x0 [0107.051] IUnknown:Release (This=0x58492c) returned 0x1 [0107.051] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceacc | out: ppvObject=0x3ceacc*=0x603aec) returned 0x0 [0107.051] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceab8 | out: ppvObject=0x3ceab8*=0x58492c) returned 0x0 [0107.051] IClientSecurity:SetBlanket (This=0x58492c, pProxy=0x584928, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.053] IUnknown:Release (This=0x58492c) returned 0x2 [0107.053] WbemLocator:IUnknown:Release (This=0x603aec) returned 0x1 [0107.053] CoTaskMemFree (pv=0x60afb0) [0107.053] IUnknown:AddRef (This=0x584928) returned 0x2 [0107.053] CoGetContextToken (in: pToken=0x3cdfe8 | out: pToken=0x3cdfe8) returned 0x0 [0107.053] CoGetContextToken (in: pToken=0x3ce3fc | out: pToken=0x3ce3fc) returned 0x0 [0107.053] IUnknown:QueryInterface (in: This=0x584928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce394 | out: ppvObject=0x3ce394*=0x603ad4) returned 0x0 [0107.054] WbemLocator:IRpcOptions:Query (in: This=0x603ad4, pPrx=0x60a3a0, dwProperty=2, pdwValue=0x3ce488 | out: pdwValue=0x3ce488) returned 0x80004002 [0107.054] WbemLocator:IUnknown:Release (This=0x603ad4) returned 0x2 [0107.054] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0107.054] CoGetContextToken (in: pToken=0x3ce92c | out: pToken=0x3ce92c) returned 0x0 [0107.054] IUnknown:QueryInterface (in: This=0x584928, riid=0x3ce9fc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce8c8 | out: ppvObject=0x3ce8c8*=0x584928) returned 0x0 [0107.054] IUnknown:Release (This=0x584928) returned 0x2 [0107.054] SysStringLen (param_1=0x0) returned 0x0 [0107.054] IEnumWbemClassObject:Reset (This=0x584928) returned 0x0 [0107.055] CoTaskMemAlloc (cb=0x4) returned 0x60a820 [0107.055] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x60a820, puReturned=0x27377f4 | out: apObjects=0x60a820*=0x5c6840, puReturned=0x27377f4*=0x1) returned 0x0 [0107.056] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce274 | out: ppvObject=0x3ce274*=0x5c6840) returned 0x0 [0107.056] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce228 | out: ppvObject=0x3ce228*=0x0) returned 0x80004002 [0107.056] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce050 | out: ppvObject=0x3ce050*=0x0) returned 0x80004002 [0107.057] IUnknown:AddRef (This=0x5c6840) returned 0x3 [0107.057] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdb84 | out: ppvObject=0x3cdb84*=0x0) returned 0x80004002 [0107.057] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdb34 | out: ppvObject=0x3cdb34*=0x0) returned 0x80004002 [0107.057] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdb40 | out: ppvObject=0x3cdb40*=0x5c6844) returned 0x0 [0107.057] IMarshal:GetUnmarshalClass (in: This=0x5c6844, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdb48 | out: pCid=0x3cdb48*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0107.057] IUnknown:Release (This=0x5c6844) returned 0x3 [0107.057] CoGetContextToken (in: pToken=0x3cdba0 | out: pToken=0x3cdba0) returned 0x0 [0107.057] CoGetContextToken (in: pToken=0x3cdfb4 | out: pToken=0x3cdfb4) returned 0x0 [0107.057] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce034 | out: ppvObject=0x3ce034*=0x0) returned 0x80004002 [0107.057] IUnknown:Release (This=0x5c6840) returned 0x2 [0107.057] CoGetContextToken (in: pToken=0x3ce59c | out: pToken=0x3ce59c) returned 0x0 [0107.057] CoGetContextToken (in: pToken=0x3ce4fc | out: pToken=0x3ce4fc) returned 0x0 [0107.057] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x3ce5cc*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce5c8 | out: ppvObject=0x3ce5c8*=0x5c6840) returned 0x0 [0107.057] IUnknown:AddRef (This=0x5c6840) returned 0x4 [0107.057] IUnknown:Release (This=0x5c6840) returned 0x3 [0107.057] IUnknown:Release (This=0x5c6840) returned 0x2 [0107.057] CoTaskMemFree (pv=0x60a820) [0107.058] CoGetContextToken (in: pToken=0x3ce90c | out: pToken=0x3ce90c) returned 0x0 [0107.058] IUnknown:AddRef (This=0x5c6840) returned 0x3 [0107.058] IWbemClassObject:Get (in: This=0x5c6840, wszName="__GENUS", lFlags=0, pVal=0x3cec0c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec8c*=0, plFlavor=0x3cec88*=0 | out: pVal=0x3cec0c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cec8c*=3, plFlavor=0x3cec88*=64) returned 0x0 [0107.058] IWbemClassObject:Get (in: This=0x5c6840, wszName="__PATH", lFlags=0, pVal=0x3cebf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec74*=0, plFlavor=0x3cec70*=0 | out: pVal=0x3cebf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"", varVal2=0x0), pType=0x3cec74*=8, plFlavor=0x3cec70*=64) returned 0x0 [0107.058] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xd4 [0107.058] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xd4 [0107.058] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec1c | out: ppv=0x3cec1c*=0x56e704) returned 0x0 [0107.059] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec14 | out: pAptType=0x3cec14*=1) returned 0x0 [0107.059] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec18 | out: ppvObject=0x3cec18*=0x0) returned 0x80004002 [0107.059] IUnknown:Release (This=0x56e704) returned 0x1 [0107.060] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce588 | out: ppv=0x3ce588*=0x60a820) returned 0x0 [0107.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a820, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7a0 | out: ppvObject=0x3ce7a0*=0x0) returned 0x80004002 [0107.061] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a820, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce7ac | out: ppvObject=0x3ce7ac*=0x5df900) returned 0x0 [0107.061] WbemDefPath:IUnknown:Release (This=0x60a820) returned 0x0 [0107.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3cc | out: ppvObject=0x3ce3cc*=0x5df900) returned 0x0 [0107.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce380 | out: ppvObject=0x3ce380*=0x0) returned 0x80004002 [0107.061] WbemDefPath:IUnknown:AddRef (This=0x5df900) returned 0x3 [0107.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcdc | out: ppvObject=0x3cdcdc*=0x0) returned 0x80004002 [0107.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdc8c | out: ppvObject=0x3cdc8c*=0x0) returned 0x80004002 [0107.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc98 | out: ppvObject=0x3cdc98*=0x60a830) returned 0x0 [0107.061] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a830, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdca0 | out: pCid=0x3cdca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0107.062] WbemDefPath:IUnknown:Release (This=0x60a830) returned 0x3 [0107.062] CoGetContextToken (in: pToken=0x3cdcf8 | out: pToken=0x3cdcf8) returned 0x0 [0107.062] CoGetContextToken (in: pToken=0x3ce10c | out: pToken=0x3ce10c) returned 0x0 [0107.062] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce18c | out: ppvObject=0x3ce18c*=0x0) returned 0x80004002 [0107.062] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x2 [0107.062] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x1 [0107.062] CoGetContextToken (in: pToken=0x3cea9c | out: pToken=0x3cea9c) returned 0x0 [0107.062] CoGetContextToken (in: pToken=0x3ce9fc | out: pToken=0x3ce9fc) returned 0x0 [0107.062] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x3ceacc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceac8 | out: ppvObject=0x3ceac8*=0x5df900) returned 0x0 [0107.062] WbemDefPath:IUnknown:AddRef (This=0x5df900) returned 0x3 [0107.062] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x2 [0107.062] WbemDefPath:IWbemPath:SetText (This=0x5df900, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0x0 [0107.062] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df890, puCount=0x3cec48 | out: puCount=0x3cec48*=0x2) returned 0x0 [0107.062] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec44*=0x0, pszText=0x0 | out: puBuffLength=0x3cec44*=0x19, pszText=0x0) returned 0x0 [0107.062] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec44*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec44*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.062] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df890, puCount=0x3cec14 | out: puCount=0x3cec14*=0x2) returned 0x0 [0107.062] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec10*=0x0, pszText=0x0 | out: puBuffLength=0x3cec10*=0x19, pszText=0x0) returned 0x0 [0107.063] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec10*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec10*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.063] IWbemClassObject:Get (in: This=0x5c6840, wszName="displayName", lFlags=0, pVal=0x3cec10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27380ec*=0, plFlavor=0x27380f0*=0 | out: pVal=0x3cec10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x27380ec*=8, plFlavor=0x27380f0*=0) returned 0x0 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.063] IWbemClassObject:Get (in: This=0x5c6840, wszName="displayName", lFlags=0, pVal=0x3cec18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27380ec*=8, plFlavor=0x27380f0*=0 | out: pVal=0x3cec18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x27380ec*=8, plFlavor=0x27380f0*=0) returned 0x0 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.063] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df890, puCount=0x3cec14 | out: puCount=0x3cec14*=0x2) returned 0x0 [0107.063] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec10*=0x0, pszText=0x0 | out: puBuffLength=0x3cec10*=0x19, pszText=0x0) returned 0x0 [0107.063] WbemDefPath:IWbemPath:GetText (in: This=0x5df890, lFlags=4, puBuffLength=0x3cec10*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec10*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.063] IWbemClassObject:Get (in: This=0x5c6840, wszName="displayName", lFlags=0, pVal=0x3cec10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27381fc*=0, plFlavor=0x2738200*=0 | out: pVal=0x3cec10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x27381fc*=8, plFlavor=0x2738200*=0) returned 0x0 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.063] IWbemClassObject:Get (in: This=0x5c6840, wszName="displayName", lFlags=0, pVal=0x3cec18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x27381fc*=8, plFlavor=0x2738200*=0 | out: pVal=0x3cec18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x27381fc*=8, plFlavor=0x2738200*=0) returned 0x0 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.063] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0107.064] CoTaskMemAlloc (cb=0x4) returned 0x60a860 [0107.064] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x60a860, puReturned=0x27377f4 | out: apObjects=0x60a860*=0x0, puReturned=0x27377f4*=0x0) returned 0x1 [0107.065] CoTaskMemFree (pv=0x60a860) [0107.065] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0107.065] IUnknown:Release (This=0x584928) returned 0x1 [0107.065] IUnknown:Release (This=0x584928) returned 0x0 [0107.065] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0107.066] IUnknown:Release (This=0x584860) returned 0x1 [0107.066] IUnknown:Release (This=0x584860) returned 0x0 [0107.067] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec38 | out: ppv=0x3cec38*=0x56e704) returned 0x0 [0107.067] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cec30 | out: pAptType=0x3cec30*=1) returned 0x0 [0107.067] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec34 | out: ppvObject=0x3cec34*=0x0) returned 0x80004002 [0107.067] IUnknown:Release (This=0x56e704) returned 0x1 [0107.068] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce5a0 | out: ppv=0x3ce5a0*=0x60a860) returned 0x0 [0107.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a860, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce7b8 | out: ppvObject=0x3ce7b8*=0x0) returned 0x80004002 [0107.068] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a860, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce7c4 | out: ppvObject=0x3ce7c4*=0x5df970) returned 0x0 [0107.068] WbemDefPath:IUnknown:Release (This=0x60a860) returned 0x0 [0107.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3e4 | out: ppvObject=0x3ce3e4*=0x5df970) returned 0x0 [0107.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce398 | out: ppvObject=0x3ce398*=0x0) returned 0x80004002 [0107.069] WbemDefPath:IUnknown:AddRef (This=0x5df970) returned 0x3 [0107.069] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcf4 | out: ppvObject=0x3cdcf4*=0x0) returned 0x80004002 [0107.069] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdca4 | out: ppvObject=0x3cdca4*=0x0) returned 0x80004002 [0107.069] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdcb0 | out: ppvObject=0x3cdcb0*=0x60a7e0) returned 0x0 [0107.069] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a7e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdcb8 | out: pCid=0x3cdcb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0107.069] WbemDefPath:IUnknown:Release (This=0x60a7e0) returned 0x3 [0107.069] CoGetContextToken (in: pToken=0x3cdd10 | out: pToken=0x3cdd10) returned 0x0 [0107.069] CoGetContextToken (in: pToken=0x3ce124 | out: pToken=0x3ce124) returned 0x0 [0107.069] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1a4 | out: ppvObject=0x3ce1a4*=0x0) returned 0x80004002 [0107.069] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x2 [0107.069] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x1 [0107.069] CoGetContextToken (in: pToken=0x3ceabc | out: pToken=0x3ceabc) returned 0x0 [0107.069] CoGetContextToken (in: pToken=0x3cea1c | out: pToken=0x3cea1c) returned 0x0 [0107.069] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x3ceaec*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceae8 | out: ppvObject=0x3ceae8*=0x5df970) returned 0x0 [0107.069] WbemDefPath:IUnknown:AddRef (This=0x5df970) returned 0x3 [0107.069] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x2 [0107.069] WbemDefPath:IWbemPath:SetText (This=0x5df970, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0107.069] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df970, puCount=0x3cec60 | out: puCount=0x3cec60*=0x2) returned 0x0 [0107.069] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=4, puBuffLength=0x3cec5c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec5c*=0x19, pszText=0x0) returned 0x0 [0107.070] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=4, puBuffLength=0x3cec5c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec5c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.070] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df970, puCount=0x3cec4c | out: puCount=0x3cec4c*=0x2) returned 0x0 [0107.070] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=4, puBuffLength=0x3cec48*=0x0, pszText=0x0 | out: puBuffLength=0x3cec48*=0x19, pszText=0x0) returned 0x0 [0107.070] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=4, puBuffLength=0x3cec48*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec48*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.070] CoGetObjectContext (in: riid=0x262bad8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebdc | out: ppv=0x3cebdc*=0x56e704) returned 0x0 [0107.070] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebd4 | out: pAptType=0x3cebd4*=1) returned 0x0 [0107.070] IUnknown:QueryInterface (in: This=0x56e704, riid=0x262bac0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebd8 | out: ppvObject=0x3cebd8*=0x0) returned 0x80004002 [0107.070] IUnknown:Release (This=0x56e704) returned 0x1 [0107.071] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7f8 | out: ppv=0x3ce7f8*=0x60a418) returned 0x0 [0107.071] WbemLocator:IUnknown:QueryInterface (in: This=0x60a418, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cea10 | out: ppvObject=0x3cea10*=0x0) returned 0x80004002 [0107.071] WbemLocator:IClassFactory:CreateInstance (in: This=0x60a418, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea1c | out: ppvObject=0x3cea1c*=0x60a810) returned 0x0 [0107.071] WbemLocator:IUnknown:Release (This=0x60a418) returned 0x0 [0107.071] WbemLocator:IUnknown:QueryInterface (in: This=0x60a810, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce63c | out: ppvObject=0x3ce63c*=0x60a810) returned 0x0 [0107.071] WbemLocator:IUnknown:QueryInterface (in: This=0x60a810, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5f0 | out: ppvObject=0x3ce5f0*=0x0) returned 0x80004002 [0107.071] WbemLocator:IUnknown:AddRef (This=0x60a810) returned 0x3 [0107.071] WbemLocator:IUnknown:QueryInterface (in: This=0x60a810, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf4c | out: ppvObject=0x3cdf4c*=0x0) returned 0x80004002 [0107.071] WbemLocator:IUnknown:QueryInterface (in: This=0x60a810, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdefc | out: ppvObject=0x3cdefc*=0x0) returned 0x80004002 [0107.072] WbemLocator:IUnknown:QueryInterface (in: This=0x60a810, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf08 | out: ppvObject=0x3cdf08*=0x0) returned 0x80004002 [0107.072] CoGetContextToken (in: pToken=0x3cdf68 | out: pToken=0x3cdf68) returned 0x0 [0107.072] CoGetContextToken (in: pToken=0x3ce37c | out: pToken=0x3ce37c) returned 0x0 [0107.072] WbemLocator:IUnknown:QueryInterface (in: This=0x60a810, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3fc | out: ppvObject=0x3ce3fc*=0x0) returned 0x80004002 [0107.072] WbemLocator:IUnknown:Release (This=0x60a810) returned 0x2 [0107.072] WbemLocator:IUnknown:Release (This=0x60a810) returned 0x1 [0107.072] CoGetContextToken (in: pToken=0x3ce9fc | out: pToken=0x3ce9fc) returned 0x0 [0107.072] CoGetContextToken (in: pToken=0x3ce95c | out: pToken=0x3ce95c) returned 0x0 [0107.072] WbemLocator:IUnknown:QueryInterface (in: This=0x60a810, riid=0x3cea2c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3cea28 | out: ppvObject=0x3cea28*=0x60a810) returned 0x0 [0107.072] WbemLocator:IUnknown:AddRef (This=0x60a810) returned 0x3 [0107.072] WbemLocator:IUnknown:Release (This=0x60a810) returned 0x2 [0107.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df970, puCount=0x3cebb8 | out: puCount=0x3cebb8*=0x2) returned 0x0 [0107.072] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=8, puBuffLength=0x3cebb4*=0x0, pszText=0x0 | out: puBuffLength=0x3cebb4*=0x19, pszText=0x0) returned 0x0 [0107.072] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=8, puBuffLength=0x3cebb4*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cebb4*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.072] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea50 | out: ppv=0x3cea50*=0x60a7f0) returned 0x0 [0107.072] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a7f0, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceb04 | out: ppNamespace=0x3ceb04*=0x6093a8) returned 0x0 [0107.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce974 | out: ppvObject=0x3ce974*=0x6039dc) returned 0x0 [0107.079] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6039dc, pProxy=0x6093a8, pAuthnSvc=0x3ce9c4, pAuthzSvc=0x3ce9c0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc, pImpLevel=0x3ce9ac, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4 | out: pAuthnSvc=0x3ce9c4*=0xa, pAuthzSvc=0x3ce9c0*=0x0, pServerPrincName=0x3ce9b8, pAuthnLevel=0x3ce9bc*=0x6, pImpLevel=0x3ce9ac*=0x2, pAuthInfo=0x3ce9b0, pCapabilites=0x3ce9b4*=0x1) returned 0x0 [0107.079] WbemLocator:IUnknown:Release (This=0x6039dc) returned 0x1 [0107.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce968 | out: ppvObject=0x3ce968*=0x6039fc) returned 0x0 [0107.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce954 | out: ppvObject=0x3ce954*=0x6039dc) returned 0x0 [0107.079] WbemLocator:IClientSecurity:SetBlanket (This=0x6039dc, pProxy=0x6093a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.079] WbemLocator:IUnknown:Release (This=0x6039dc) returned 0x2 [0107.079] WbemLocator:IUnknown:Release (This=0x6039fc) returned 0x1 [0107.079] CoTaskMemFree (pv=0x60afb0) [0107.079] WbemLocator:IUnknown:AddRef (This=0x6093a8) returned 0x2 [0107.079] WbemLocator:IUnknown:Release (This=0x60a7f0) returned 0x0 [0107.080] CoGetContextToken (in: pToken=0x3cdea8 | out: pToken=0x3cdea8) returned 0x0 [0107.080] CoGetContextToken (in: pToken=0x3ce2bc | out: pToken=0x3ce2bc) returned 0x0 [0107.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce254 | out: ppvObject=0x3ce254*=0x6039e4) returned 0x0 [0107.080] WbemLocator:IRpcOptions:Query (in: This=0x6039e4, pPrx=0x60a568, dwProperty=2, pdwValue=0x3ce348 | out: pdwValue=0x3ce348) returned 0x80004002 [0107.080] WbemLocator:IUnknown:Release (This=0x6039e4) returned 0x2 [0107.080] CoGetContextToken (in: pToken=0x3ce88c | out: pToken=0x3ce88c) returned 0x0 [0107.080] CoGetContextToken (in: pToken=0x3ce7ec | out: pToken=0x3ce7ec) returned 0x0 [0107.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x3ce8bc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce788 | out: ppvObject=0x3ce788*=0x6093a8) returned 0x0 [0107.080] WbemLocator:IUnknown:Release (This=0x6093a8) returned 0x2 [0107.080] SysStringLen (param_1=0x0) returned 0x0 [0107.081] CoGetContextToken (in: pToken=0x3ce9bc | out: pToken=0x3ce9bc) returned 0x0 [0107.081] IWbemServices:ExecQuery (in: This=0x6093a8, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x3cebc4 | out: ppEnum=0x3cebc4*=0x584860) returned 0x0 [0107.083] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea20 | out: ppvObject=0x3cea20*=0x584864) returned 0x0 [0107.083] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3cea70, pAuthzSvc=0x3cea6c, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68, pImpLevel=0x3cea58, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60 | out: pAuthnSvc=0x3cea70*=0xa, pAuthzSvc=0x3cea6c*=0x0, pServerPrincName=0x3cea64, pAuthnLevel=0x3cea68*=0x6, pImpLevel=0x3cea58*=0x2, pAuthInfo=0x3cea5c, pCapabilites=0x3cea60*=0x1) returned 0x0 [0107.083] IUnknown:Release (This=0x584864) returned 0x1 [0107.083] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea14 | out: ppvObject=0x3cea14*=0x60345c) returned 0x0 [0107.083] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea00 | out: ppvObject=0x3cea00*=0x584864) returned 0x0 [0107.083] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.084] IUnknown:Release (This=0x584864) returned 0x2 [0107.085] WbemLocator:IUnknown:Release (This=0x60345c) returned 0x1 [0107.085] CoTaskMemFree (pv=0x60af50) [0107.085] IUnknown:AddRef (This=0x584860) returned 0x2 [0107.085] CoGetContextToken (in: pToken=0x3cdf40 | out: pToken=0x3cdf40) returned 0x0 [0107.085] CoGetContextToken (in: pToken=0x3ce354 | out: pToken=0x3ce354) returned 0x0 [0107.085] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2ec | out: ppvObject=0x3ce2ec*=0x603444) returned 0x0 [0107.086] WbemLocator:IRpcOptions:Query (in: This=0x603444, pPrx=0x60a550, dwProperty=2, pdwValue=0x3ce3e0 | out: pdwValue=0x3ce3e0) returned 0x80004002 [0107.086] WbemLocator:IUnknown:Release (This=0x603444) returned 0x2 [0107.086] CoGetContextToken (in: pToken=0x3ce924 | out: pToken=0x3ce924) returned 0x0 [0107.086] CoGetContextToken (in: pToken=0x3ce884 | out: pToken=0x3ce884) returned 0x0 [0107.086] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce954*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce820 | out: ppvObject=0x3ce820*=0x584860) returned 0x0 [0107.086] IUnknown:Release (This=0x584860) returned 0x2 [0107.086] SysStringLen (param_1=0x0) returned 0x0 [0107.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df970, puCount=0x3cec10 | out: puCount=0x3cec10*=0x2) returned 0x0 [0107.086] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=4, puBuffLength=0x3cec0c*=0x0, pszText=0x0 | out: puBuffLength=0x3cec0c*=0x19, pszText=0x0) returned 0x0 [0107.086] WbemDefPath:IWbemPath:GetText (in: This=0x5df970, lFlags=4, puBuffLength=0x3cec0c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x3cec0c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0107.086] CoGetContextToken (in: pToken=0x3cea64 | out: pToken=0x3cea64) returned 0x0 [0107.087] IEnumWbemClassObject:Clone (in: This=0x584860, ppEnum=0x3cec1c | out: ppEnum=0x3cec1c*=0x584928) returned 0x0 [0107.087] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cead8 | out: ppvObject=0x3cead8*=0x58492c) returned 0x0 [0107.088] IClientSecurity:QueryBlanket (in: This=0x58492c, pProxy=0x584928, pAuthnSvc=0x3ceb28, pAuthzSvc=0x3ceb24, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20, pImpLevel=0x3ceb10, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18 | out: pAuthnSvc=0x3ceb28*=0xa, pAuthzSvc=0x3ceb24*=0x0, pServerPrincName=0x3ceb1c, pAuthnLevel=0x3ceb20*=0x6, pImpLevel=0x3ceb10*=0x2, pAuthInfo=0x3ceb14, pCapabilites=0x3ceb18*=0x1) returned 0x0 [0107.088] IUnknown:Release (This=0x58492c) returned 0x1 [0107.088] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceacc | out: ppvObject=0x3ceacc*=0x603bdc) returned 0x0 [0107.088] IUnknown:QueryInterface (in: This=0x584928, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceab8 | out: ppvObject=0x3ceab8*=0x58492c) returned 0x0 [0107.088] IClientSecurity:SetBlanket (This=0x58492c, pProxy=0x584928, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0107.089] IUnknown:Release (This=0x58492c) returned 0x2 [0107.089] WbemLocator:IUnknown:Release (This=0x603bdc) returned 0x1 [0107.089] CoTaskMemFree (pv=0x60afe0) [0107.089] IUnknown:AddRef (This=0x584928) returned 0x2 [0107.090] CoGetContextToken (in: pToken=0x3cdfe8 | out: pToken=0x3cdfe8) returned 0x0 [0107.090] CoGetContextToken (in: pToken=0x3ce3fc | out: pToken=0x3ce3fc) returned 0x0 [0107.090] IUnknown:QueryInterface (in: This=0x584928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce394 | out: ppvObject=0x3ce394*=0x603bc4) returned 0x0 [0107.090] WbemLocator:IRpcOptions:Query (in: This=0x603bc4, pPrx=0x60a5f8, dwProperty=2, pdwValue=0x3ce488 | out: pdwValue=0x3ce488) returned 0x80004002 [0107.090] WbemLocator:IUnknown:Release (This=0x603bc4) returned 0x2 [0107.090] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0107.090] CoGetContextToken (in: pToken=0x3ce92c | out: pToken=0x3ce92c) returned 0x0 [0107.090] IUnknown:QueryInterface (in: This=0x584928, riid=0x3ce9fc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce8c8 | out: ppvObject=0x3ce8c8*=0x584928) returned 0x0 [0107.090] IUnknown:Release (This=0x584928) returned 0x2 [0107.090] SysStringLen (param_1=0x0) returned 0x0 [0107.090] IEnumWbemClassObject:Reset (This=0x584928) returned 0x0 [0107.091] CoTaskMemAlloc (cb=0x4) returned 0x60a8c0 [0107.091] IEnumWbemClassObject:Next (in: This=0x584928, lTimeout=-1, uCount=0x1, apObjects=0x60a8c0, puReturned=0x2739324 | out: apObjects=0x60a8c0*=0x0, puReturned=0x2739324*=0x0) returned 0x1 [0107.092] CoTaskMemFree (pv=0x60a8c0) [0107.092] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0107.092] IUnknown:Release (This=0x584928) returned 0x1 [0107.092] IUnknown:Release (This=0x584928) returned 0x0 [0107.093] CoGetContextToken (in: pToken=0x3ceb40 | out: pToken=0x3ceb40) returned 0x0 [0107.093] IUnknown:Release (This=0x584860) returned 0x1 [0107.093] IUnknown:Release (This=0x584860) returned 0x0 [0107.098] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0xca29fef6, Data2=0x15f, Data3=0x4287, Data4=([0]=0x99, [1]=0x5f, [2]=0xac, [3]=0x97, [4]=0xb5, [5]=0xd2, [6]=0xc3, [7]=0x2a))) returned 0x0 [0107.098] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0x534f6a27, Data2=0xb066, Data3=0x4708, Data4=([0]=0x91, [1]=0x7e, [2]=0x20, [3]=0xb4, [4]=0x8e, [5]=0xcf, [6]=0xb1, [7]=0x9b))) returned 0x0 [0107.098] send (s=0x238, buf=0x34e4dd7*, len=198, flags=0) returned 198 [0107.099] recv (in: s=0x238, buf=0x255dec8, len=8192, flags=0 | out: buf=0x255dec8*) returned 125 [0107.217] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0107.217] GetKeyboardLayoutList (in: nBuff=1, lpList=0x2739b48 | out: lpList=0x2739b48) returned 1 [0107.226] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x710e2f7a, Data2=0x3996, Data3=0x47a9, Data4=([0]=0x98, [1]=0x96, [2]=0xb9, [3]=0x62, [4]=0x72, [5]=0xdb, [6]=0x4b, [7]=0x91))) returned 0x0 [0107.226] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0xbcd387a1, Data2=0xb436, Data3=0x4443, Data4=([0]=0xb5, [1]=0x9c, [2]=0xbc, [3]=0x4e, [4]=0x58, [5]=0xea, [6]=0x9c, [7]=0x78))) returned 0x0 [0107.227] send (s=0x238, buf=0x34e4dd7*, len=198, flags=0) returned 198 [0107.227] recv (in: s=0x238, buf=0x255dec8, len=8192, flags=0 | out: buf=0x255dec8*) returned 125 [0107.325] GdipCreateFromHWND (hwnd=0x0, graphics=0x3cec34) returned 0x0 [0107.328] GdipGetDC (graphics=0x4ae2230, hdc=0x3cec44) returned 0x0 [0107.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x3cebe4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32E\x1c", lpUsedDefaultChar=0x0) returned 5 [0107.329] LoadLibraryA (lpLibFileName="gdi32") returned 0x77240000 [0107.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x3cebdc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCapsF\x1c", lpUsedDefaultChar=0x0) returned 13 [0107.329] GetProcAddress (hModule=0x77240000, lpProcName="GetDeviceCaps") returned 0x77254de0 [0107.330] GetDeviceCaps (hdc=0x501090f, index=10) returned 900 [0107.330] GetDeviceCaps (hdc=0x501090f, index=117) returned 900 [0107.330] GdipReleaseDC (graphics=0x4ae2230, hdc=0x501090f) returned 0x0 [0107.330] GdipDeleteGraphics (graphics=0x4ae2230) returned 0x0 [0107.617] GdipSetPixelOffsetMode (graphics=0x4ae2730, pixelOffsetMode=0x1) returned 0x0 [0107.617] GdipSetSmoothingMode (graphics=0x4ae2730, smoothingMode=0x1) returned 0x0 [0107.728] GetDC (hWnd=0x0) returned 0x17010774 [0107.738] GetCurrentObject (hdc=0x17010774, type=0x1) returned 0x1b00017 [0107.738] GetCurrentObject (hdc=0x17010774, type=0x2) returned 0x1900010 [0107.739] GetCurrentObject (hdc=0x17010774, type=0x7) returned 0x1050032 [0107.739] GetCurrentObject (hdc=0x17010774, type=0x6) returned 0x18a002e [0107.740] GdipGetDC (graphics=0x4ae2730, hdc=0x3ceba4) returned 0x0 [0107.816] BitBlt (hdc=0x1e010b4d, x=0, y=0, cx=1440, cy=900, hdcSrc=0x17010774, x1=0, y1=0, rop=0xcc0020) returned 1 [0107.836] GdipReleaseDC (graphics=0x4ae2730, hdc=0x1e010b4d) returned 0x0 [0107.841] ReleaseDC (hWnd=0x0, hDC=0x17010774) returned 1 [0107.841] GdipDeleteGraphics (graphics=0x4ae2730) returned 0x0 [0107.855] GdipGetImageEncodersSize (numEncoders=0x3cec2c, size=0x3cec28) returned 0x0 [0107.855] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x616468 [0107.856] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x616468 | out: encoders=0x616468) returned 0x0 [0107.862] LocalFree (hMem=0x616468) returned 0x0 [0107.874] GdipSaveImageToStream (image=0x4ae2230, stream=0x480030, clsidEncoder=0x3cec3c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0108.821] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0xac9477b2, Data2=0x6f83, Data3=0x44a4, Data4=([0]=0x86, [1]=0x8e, [2]=0xbc, [3]=0xf3, [4]=0x1d, [5]=0xe7, [6]=0x74, [7]=0xe6))) returned 0x0 [0108.821] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0x430d6a8d, Data2=0x38aa, Data3=0x492b, Data4=([0]=0x97, [1]=0x92, [2]=0x91, [3]=0xe1, [4]=0xbf, [5]=0xa3, [6]=0xe8, [7]=0xf8))) returned 0x0 [0108.919] send (s=0x238, buf=0x60b101d*, len=65536, flags=0) returned 65536 [0108.922] send (s=0x238, buf=0x60c101d*, len=65536, flags=0) returned 65536 [0109.189] send (s=0x238, buf=0x60d101d*, len=65536, flags=0) returned 65536 [0109.269] send (s=0x238, buf=0x60e101d*, len=65536, flags=0) returned 65536 [0109.358] send (s=0x238, buf=0x60f101d*, len=65536, flags=0) returned 65536 [0109.397] send (s=0x238, buf=0x610101d*, len=65536, flags=0) returned 65536 [0109.446] send (s=0x238, buf=0x611101d*, len=65536, flags=0) returned 65536 [0109.637] send (s=0x238, buf=0x612101d*, len=65536, flags=0) returned 65536 [0110.033] send (s=0x238, buf=0x613101d*, len=65536, flags=0) returned 65536 [0110.087] send (s=0x238, buf=0x614101d*, len=65536, flags=0) returned 65536 [0110.301] send (s=0x238, buf=0x615101d*, len=65536, flags=0) returned 65536 [0110.360] send (s=0x238, buf=0x616101d*, len=65536, flags=0) returned 65536 [0110.880] send (s=0x238, buf=0x617101d*, len=65536, flags=0) returned 65536 [0111.062] send (s=0x238, buf=0x618101d*, len=65536, flags=0) returned 65536 [0111.422] send (s=0x238, buf=0x619101d*, len=65536, flags=0) returned 65536 [0111.641] send (s=0x238, buf=0x61a101d*, len=65536, flags=0) returned 65536 [0111.964] send (s=0x238, buf=0x61b101d*, len=65536, flags=0) returned 65536 [0112.172] send (s=0x238, buf=0x61c101d*, len=65536, flags=0) returned 65536 [0112.790] send (s=0x238, buf=0x61d101d*, len=65536, flags=0) returned 65536 [0113.019] send (s=0x238, buf=0x61e101d*, len=65536, flags=0) returned 65536 [0113.315] send (s=0x238, buf=0x61f101d*, len=65536, flags=0) returned 65536 [0113.630] send (s=0x238, buf=0x620101d*, len=65536, flags=0) returned 65536 [0113.958] send (s=0x238, buf=0x621101d*, len=65536, flags=0) returned 65536 [0114.283] send (s=0x238, buf=0x622101d*, len=65536, flags=0) returned 65536 [0114.610] send (s=0x238, buf=0x623101d*, len=65536, flags=0) returned 65536 [0114.938] send (s=0x238, buf=0x624101d*, len=65536, flags=0) returned 65536 [0115.161] send (s=0x238, buf=0x625101d*, len=65536, flags=0) returned 65536 [0115.477] send (s=0x238, buf=0x626101d*, len=65536, flags=0) returned 65536 [0115.722] send (s=0x238, buf=0x627101d*, len=65536, flags=0) returned 65536 [0116.051] send (s=0x238, buf=0x628101d*, len=65536, flags=0) returned 65536 [0116.265] send (s=0x238, buf=0x629101d*, len=65536, flags=0) returned 65536 [0116.586] send (s=0x238, buf=0x62a101d*, len=65536, flags=0) returned 65536 [0116.812] send (s=0x238, buf=0x62b101d*, len=65536, flags=0) returned 65536 [0117.031] send (s=0x238, buf=0x62c101d*, len=65536, flags=0) returned 65536 [0117.531] send (s=0x238, buf=0x62d101d*, len=65536, flags=0) returned 65536 [0117.798] send (s=0x238, buf=0x62e101d*, len=65536, flags=0) returned 65536 [0118.031] send (s=0x238, buf=0x62f101d*, len=65536, flags=0) returned 65536 [0118.284] send (s=0x238, buf=0x630101d*, len=65536, flags=0) returned 65536 [0118.516] send (s=0x238, buf=0x631101d*, len=65536, flags=0) returned 65536 [0118.751] send (s=0x238, buf=0x632101d*, len=65536, flags=0) returned 65536 [0119.907] send (s=0x238, buf=0x633101d*, len=37111, flags=0) returned 37111 [0120.563] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 125 [0121.447] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x824aaece, Data2=0xf1d9, Data3=0x4a92, Data4=([0]=0xa5, [1]=0xe3, [2]=0xca, [3]=0x1c, [4]=0x3e, [5]=0x82, [6]=0xb1, [7]=0xcc))) returned 0x0 [0121.448] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0x52465200, Data2=0xb4c6, Data3=0x4b01, Data4=([0]=0xa4, [1]=0x28, [2]=0x10, [3]=0x57, [4]=0x86, [5]=0x4a, [6]=0x91, [7]=0x44))) returned 0x0 [0121.449] send (s=0x238, buf=0x3d04eb7*, len=171, flags=0) returned 171 [0121.450] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 125 [0121.797] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb4c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0121.797] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local", lpDst=0x3ceb4c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x21 [0121.797] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x3ce770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x28 [0121.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce9e4) returned 1 [0121.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x262b154 | out: lpFileInformation=0x262b154*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9e0) returned 1 [0121.799] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x12e7c6f8, Data2=0xd447, Data3=0x41a8, Data4=([0]=0xbd, [1]=0x92, [2]=0x9b, [3]=0x4, [4]=0xd1, [5]=0x56, [6]=0x50, [7]=0xba))) returned 0x0 [0121.799] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0xfcabb179, Data2=0x9bd4, Data3=0x4ca4, Data4=([0]=0x89, [1]=0x55, [2]=0xb1, [3]=0xc8, [4]=0x28, [5]=0xcf, [6]=0x7f, [7]=0x9a))) returned 0x0 [0121.800] send (s=0x238, buf=0x3d04eb7*, len=178, flags=0) returned 178 [0121.801] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 128 [0121.854] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%", lpDst=0x3ceb20, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%") returned 0x18 [0121.854] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng", lpDst=0x3ceb20, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng") returned 0x3c [0121.907] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x3ce77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x51 [0121.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec4c) returned 1 [0121.907] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x3ce72c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x51 [0121.908] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles\\*ovpn", lpFindFileData=0x3ce9fc | out: lpFindFileData=0x3ce9fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0121.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9bc) returned 1 [0121.921] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x474583b4, Data2=0x4d2d, Data3=0x4289, Data4=([0]=0xab, [1]=0x4, [2]=0x11, [3]=0x9a, [4]=0x87, [5]=0x6f, [6]=0x8a, [7]=0xd4))) returned 0x0 [0121.921] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0xc94db02a, Data2=0x3b5f, Data3=0x4206, Data4=([0]=0xb3, [1]=0x3, [2]=0x61, [3]=0x36, [4]=0x4, [5]=0x9f, [6]=0x33, [7]=0x6a))) returned 0x0 [0121.921] send (s=0x238, buf=0x3d04eb7*, len=167, flags=0) returned 167 [0121.922] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 128 [0121.961] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%") returned 0x28 [0121.961] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Exte<갢") returned 0x6a [0121.961] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x3ceb20, nSize=0x6a | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl") returned 0x6a [0121.962] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x3ce77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x40 [0121.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec4c) returned 1 [0121.962] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x3ce72c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x40 [0121.962] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN\\*ovpn", lpFindFileData=0x3ce9fc | out: lpFindFileData=0x3ce9fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0121.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9bc) returned 1 [0121.966] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x9da6e8e4, Data2=0xb106, Data3=0x40d8, Data4=([0]=0xa0, [1]=0x44, [2]=0x6e, [3]=0xeb, [4]=0xe5, [5]=0x47, [6]=0xe3, [7]=0x1c))) returned 0x0 [0121.966] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0x3719d381, Data2=0xf983, Data3=0x4acc, Data4=([0]=0x80, [1]=0xb, [2]=0xc9, [3]=0x99, [4]=0xcf, [5]=0x5f, [6]=0x1a, [7]=0x4c))) returned 0x0 [0121.967] send (s=0x238, buf=0x3d04eb7*, len=167, flags=0) returned 167 [0121.967] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 128 [0122.031] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Valve\\Steam", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec28 | out: phkResult=0x3cec28*=0x0) returned 0x2 [0122.049] CoCreateGuid (in: pguid=0x3ce978 | out: pguid=0x3ce978*(Data1=0x2983115b, Data2=0x118f, Data3=0x4406, Data4=([0]=0xaf, [1]=0xae, [2]=0x93, [3]=0x8e, [4]=0x90, [5]=0x6, [6]=0x78, [7]=0x11))) returned 0x0 [0122.049] CoCreateGuid (in: pguid=0x3ce8bc | out: pguid=0x3ce8bc*(Data1=0x62fea8e8, Data2=0x8a84, Data3=0x44c7, Data4=([0]=0xbc, [1]=0x5d, [2]=0xe4, [3]=0x38, [4]=0xca, [5]=0x43, [6]=0x36, [7]=0xd6))) returned 0x0 [0122.049] send (s=0x238, buf=0x24f3183*, len=162, flags=0) returned 162 [0122.050] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 128 [0122.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cec24 | out: puCount=0x3cec24*=0x2) returned 0x0 [0122.101] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec20*=0x0, pszText=0x0 | out: puBuffLength=0x3cec20*=0xf, pszText=0x0) returned 0x0 [0122.101] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec20*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0122.101] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebac | out: ppv=0x3cebac*=0x56e704) returned 0x0 [0122.102] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceba4 | out: pAptType=0x3ceba4*=1) returned 0x0 [0122.102] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceba8 | out: ppvObject=0x3ceba8*=0x0) returned 0x80004002 [0122.102] IUnknown:Release (This=0x56e704) returned 0x0 [0122.104] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7c8 | out: ppv=0x3ce7c8*=0x60a250) returned 0x0 [0122.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60a250, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce9e0 | out: ppvObject=0x3ce9e0*=0x0) returned 0x80004002 [0122.105] WbemLocator:IClassFactory:CreateInstance (in: This=0x60a250, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9ec | out: ppvObject=0x3ce9ec*=0x60a830) returned 0x0 [0122.105] WbemLocator:IUnknown:Release (This=0x60a250) returned 0x0 [0122.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60a830, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce60c | out: ppvObject=0x3ce60c*=0x60a830) returned 0x0 [0122.106] WbemLocator:IUnknown:QueryInterface (in: This=0x60a830, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5c0 | out: ppvObject=0x3ce5c0*=0x0) returned 0x80004002 [0122.106] WbemLocator:IUnknown:AddRef (This=0x60a830) returned 0x3 [0122.106] WbemLocator:IUnknown:QueryInterface (in: This=0x60a830, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf1c | out: ppvObject=0x3cdf1c*=0x0) returned 0x80004002 [0122.106] WbemLocator:IUnknown:QueryInterface (in: This=0x60a830, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdecc | out: ppvObject=0x3cdecc*=0x0) returned 0x80004002 [0122.106] WbemLocator:IUnknown:QueryInterface (in: This=0x60a830, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cded8 | out: ppvObject=0x3cded8*=0x0) returned 0x80004002 [0122.106] CoGetContextToken (in: pToken=0x3cdf38 | out: pToken=0x3cdf38) returned 0x0 [0122.106] CoGetObjectContext (in: riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x60a254 | out: ppv=0x60a254*=0x56e6f8) returned 0x0 [0122.106] CoGetContextToken (in: pToken=0x3ce34c | out: pToken=0x3ce34c) returned 0x0 [0122.107] WbemLocator:IUnknown:QueryInterface (in: This=0x60a830, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3cc | out: ppvObject=0x3ce3cc*=0x0) returned 0x80004002 [0122.107] WbemLocator:IUnknown:Release (This=0x60a830) returned 0x2 [0122.107] WbemLocator:IUnknown:Release (This=0x60a830) returned 0x1 [0122.107] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0122.107] CoGetContextToken (in: pToken=0x3ce92c | out: pToken=0x3ce92c) returned 0x0 [0122.107] WbemLocator:IUnknown:QueryInterface (in: This=0x60a830, riid=0x3ce9fc*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce9f8 | out: ppvObject=0x3ce9f8*=0x60a830) returned 0x0 [0122.107] WbemLocator:IUnknown:AddRef (This=0x60a830) returned 0x3 [0122.107] WbemLocator:IUnknown:Release (This=0x60a830) returned 0x2 [0122.107] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb88 | out: puCount=0x3ceb88*=0x2) returned 0x0 [0122.107] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3ceb84*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb84*=0xf, pszText=0x0) returned 0x0 [0122.107] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3ceb84*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb84*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0122.107] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea34 | out: ppv=0x3cea34*=0x60a730) returned 0x0 [0122.108] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a730, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3cead4 | out: ppNamespace=0x3cead4*=0x6091c8) returned 0x0 [0122.124] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce958 | out: ppvObject=0x3ce958*=0x6039dc) returned 0x0 [0122.124] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6039dc, pProxy=0x6091c8, pAuthnSvc=0x3ce9a8, pAuthzSvc=0x3ce9a4, pServerPrincName=0x3ce99c, pAuthnLevel=0x3ce9a0, pImpLevel=0x3ce990, pAuthInfo=0x3ce994, pCapabilites=0x3ce998 | out: pAuthnSvc=0x3ce9a8*=0xa, pAuthzSvc=0x3ce9a4*=0x0, pServerPrincName=0x3ce99c, pAuthnLevel=0x3ce9a0*=0x6, pImpLevel=0x3ce990*=0x2, pAuthInfo=0x3ce994, pCapabilites=0x3ce998*=0x1) returned 0x0 [0122.124] WbemLocator:IUnknown:Release (This=0x6039dc) returned 0x1 [0122.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce94c | out: ppvObject=0x3ce94c*=0x6039fc) returned 0x0 [0122.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce938 | out: ppvObject=0x3ce938*=0x6039dc) returned 0x0 [0122.125] WbemLocator:IClientSecurity:SetBlanket (This=0x6039dc, pProxy=0x6091c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0122.125] WbemLocator:IUnknown:Release (This=0x6039dc) returned 0x2 [0122.125] WbemLocator:IUnknown:Release (This=0x6039fc) returned 0x1 [0122.125] CoTaskMemFree (pv=0x60b010) [0122.126] WbemLocator:IUnknown:AddRef (This=0x6091c8) returned 0x2 [0122.126] WbemLocator:IUnknown:Release (This=0x60a730) returned 0x0 [0122.126] CoGetContextToken (in: pToken=0x3cde8c | out: pToken=0x3cde8c) returned 0x0 [0122.126] CoGetContextToken (in: pToken=0x3ce29c | out: pToken=0x3ce29c) returned 0x0 [0122.126] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce238 | out: ppvObject=0x3ce238*=0x6039e4) returned 0x0 [0122.127] WbemLocator:IRpcOptions:Query (in: This=0x6039e4, pPrx=0x60a4d8, dwProperty=2, pdwValue=0x3ce32c | out: pdwValue=0x3ce32c) returned 0x80004002 [0122.127] WbemLocator:IUnknown:Release (This=0x6039e4) returned 0x2 [0122.127] CoGetContextToken (in: pToken=0x3ce86c | out: pToken=0x3ce86c) returned 0x0 [0122.127] CoGetContextToken (in: pToken=0x3ce7cc | out: pToken=0x3ce7cc) returned 0x0 [0122.127] WbemLocator:IUnknown:QueryInterface (in: This=0x6091c8, riid=0x3ce89c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce768 | out: ppvObject=0x3ce768*=0x6091c8) returned 0x0 [0122.127] WbemLocator:IUnknown:Release (This=0x6091c8) returned 0x2 [0122.127] SysStringLen (param_1=0x0) returned 0x0 [0122.127] CoGetContextToken (in: pToken=0x3ce98c | out: pToken=0x3ce98c) returned 0x0 [0122.128] IWbemServices:ExecQuery (in: This=0x6091c8, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x3ceb94 | out: ppEnum=0x3ceb94*=0x584798) returned 0x0 [0122.138] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9f0 | out: ppvObject=0x3ce9f0*=0x58479c) returned 0x0 [0122.138] IClientSecurity:QueryBlanket (in: This=0x58479c, pProxy=0x584798, pAuthnSvc=0x3cea40, pAuthzSvc=0x3cea3c, pServerPrincName=0x3cea34, pAuthnLevel=0x3cea38, pImpLevel=0x3cea28, pAuthInfo=0x3cea2c, pCapabilites=0x3cea30 | out: pAuthnSvc=0x3cea40*=0xa, pAuthzSvc=0x3cea3c*=0x0, pServerPrincName=0x3cea34, pAuthnLevel=0x3cea38*=0x6, pImpLevel=0x3cea28*=0x2, pAuthInfo=0x3cea2c, pCapabilites=0x3cea30*=0x1) returned 0x0 [0122.138] IUnknown:Release (This=0x58479c) returned 0x1 [0122.138] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9e4 | out: ppvObject=0x3ce9e4*=0x60390c) returned 0x0 [0122.138] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9d0 | out: ppvObject=0x3ce9d0*=0x58479c) returned 0x0 [0122.138] IClientSecurity:SetBlanket (This=0x58479c, pProxy=0x584798, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0122.140] IUnknown:Release (This=0x58479c) returned 0x2 [0122.140] WbemLocator:IUnknown:Release (This=0x60390c) returned 0x1 [0122.140] CoTaskMemFree (pv=0x60b040) [0122.140] IUnknown:AddRef (This=0x584798) returned 0x2 [0122.141] CoGetContextToken (in: pToken=0x3cdf10 | out: pToken=0x3cdf10) returned 0x0 [0122.141] CoGetContextToken (in: pToken=0x3ce324 | out: pToken=0x3ce324) returned 0x0 [0122.141] IUnknown:QueryInterface (in: This=0x584798, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2bc | out: ppvObject=0x3ce2bc*=0x6038f4) returned 0x0 [0122.141] WbemLocator:IRpcOptions:Query (in: This=0x6038f4, pPrx=0x60a520, dwProperty=2, pdwValue=0x3ce3b0 | out: pdwValue=0x3ce3b0) returned 0x80004002 [0122.141] WbemLocator:IUnknown:Release (This=0x6038f4) returned 0x2 [0122.142] CoGetContextToken (in: pToken=0x3ce8f4 | out: pToken=0x3ce8f4) returned 0x0 [0122.142] CoGetContextToken (in: pToken=0x3ce854 | out: pToken=0x3ce854) returned 0x0 [0122.142] IUnknown:QueryInterface (in: This=0x584798, riid=0x3ce924*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce7f0 | out: ppvObject=0x3ce7f0*=0x584798) returned 0x0 [0122.142] IUnknown:Release (This=0x584798) returned 0x2 [0122.142] SysStringLen (param_1=0x0) returned 0x0 [0122.142] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebe0 | out: puCount=0x3cebe0*=0x2) returned 0x0 [0122.142] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebdc*=0x0, pszText=0x0 | out: puBuffLength=0x3cebdc*=0xf, pszText=0x0) returned 0x0 [0122.142] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebdc*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebdc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0122.142] CoGetContextToken (in: pToken=0x3cea34 | out: pToken=0x3cea34) returned 0x0 [0122.142] IEnumWbemClassObject:Clone (in: This=0x584798, ppEnum=0x3cebec | out: ppEnum=0x3cebec*=0x584860) returned 0x0 [0122.144] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceaa8 | out: ppvObject=0x3ceaa8*=0x584864) returned 0x0 [0122.144] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3ceaf8, pAuthzSvc=0x3ceaf4, pServerPrincName=0x3ceaec, pAuthnLevel=0x3ceaf0, pImpLevel=0x3ceae0, pAuthInfo=0x3ceae4, pCapabilites=0x3ceae8 | out: pAuthnSvc=0x3ceaf8*=0xa, pAuthzSvc=0x3ceaf4*=0x0, pServerPrincName=0x3ceaec, pAuthnLevel=0x3ceaf0*=0x6, pImpLevel=0x3ceae0*=0x2, pAuthInfo=0x3ceae4, pCapabilites=0x3ceae8*=0x1) returned 0x0 [0122.144] IUnknown:Release (This=0x584864) returned 0x1 [0122.144] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea9c | out: ppvObject=0x3cea9c*=0x60372c) returned 0x0 [0122.144] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea88 | out: ppvObject=0x3cea88*=0x584864) returned 0x0 [0122.144] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0122.147] IUnknown:Release (This=0x584864) returned 0x2 [0122.147] WbemLocator:IUnknown:Release (This=0x60372c) returned 0x1 [0122.147] CoTaskMemFree (pv=0x60b070) [0122.147] IUnknown:AddRef (This=0x584860) returned 0x2 [0122.148] CoGetContextToken (in: pToken=0x3cdfb8 | out: pToken=0x3cdfb8) returned 0x0 [0122.148] CoGetContextToken (in: pToken=0x3ce3cc | out: pToken=0x3ce3cc) returned 0x0 [0122.148] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce364 | out: ppvObject=0x3ce364*=0x603714) returned 0x0 [0122.148] WbemLocator:IRpcOptions:Query (in: This=0x603714, pPrx=0x60a238, dwProperty=2, pdwValue=0x3ce458 | out: pdwValue=0x3ce458) returned 0x80004002 [0122.148] WbemLocator:IUnknown:Release (This=0x603714) returned 0x2 [0122.148] CoGetContextToken (in: pToken=0x3ce99c | out: pToken=0x3ce99c) returned 0x0 [0122.148] CoGetContextToken (in: pToken=0x3ce8fc | out: pToken=0x3ce8fc) returned 0x0 [0122.149] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce9cc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce898 | out: ppvObject=0x3ce898*=0x584860) returned 0x0 [0122.149] IUnknown:Release (This=0x584860) returned 0x2 [0122.149] SysStringLen (param_1=0x0) returned 0x0 [0122.149] IEnumWbemClassObject:Reset (This=0x584860) returned 0x0 [0122.150] CoTaskMemAlloc (cb=0x4) returned 0x60a7d0 [0122.150] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a7d0, puReturned=0x263052c | out: apObjects=0x60a7d0*=0x5c6840, puReturned=0x263052c*=0x1) returned 0x0 [0134.280] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce244 | out: ppvObject=0x3ce244*=0x5c6840) returned 0x0 [0134.280] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce1f8 | out: ppvObject=0x3ce1f8*=0x0) returned 0x80004002 [0134.280] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce020 | out: ppvObject=0x3ce020*=0x0) returned 0x80004002 [0134.281] IUnknown:AddRef (This=0x5c6840) returned 0x3 [0134.281] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdb54 | out: ppvObject=0x3cdb54*=0x0) returned 0x80004002 [0134.281] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdb04 | out: ppvObject=0x3cdb04*=0x0) returned 0x80004002 [0134.281] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdb10 | out: ppvObject=0x3cdb10*=0x5c6844) returned 0x0 [0134.282] IMarshal:GetUnmarshalClass (in: This=0x5c6844, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdb18 | out: pCid=0x3cdb18*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0134.282] IUnknown:Release (This=0x5c6844) returned 0x3 [0134.282] CoGetContextToken (in: pToken=0x3cdb70 | out: pToken=0x3cdb70) returned 0x0 [0134.282] CoGetContextToken (in: pToken=0x3cdf84 | out: pToken=0x3cdf84) returned 0x0 [0134.282] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce004 | out: ppvObject=0x3ce004*=0x0) returned 0x80004002 [0134.282] IUnknown:Release (This=0x5c6840) returned 0x2 [0134.282] CoGetContextToken (in: pToken=0x3ce56c | out: pToken=0x3ce56c) returned 0x0 [0134.282] CoGetContextToken (in: pToken=0x3ce4cc | out: pToken=0x3ce4cc) returned 0x0 [0134.283] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x3ce59c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce598 | out: ppvObject=0x3ce598*=0x5c6840) returned 0x0 [0134.283] IUnknown:AddRef (This=0x5c6840) returned 0x4 [0134.283] IUnknown:Release (This=0x5c6840) returned 0x3 [0134.283] IUnknown:Release (This=0x5c6840) returned 0x2 [0134.283] CoTaskMemFree (pv=0x60a7d0) [0134.283] CoGetContextToken (in: pToken=0x3ce8dc | out: pToken=0x3ce8dc) returned 0x0 [0134.283] IUnknown:AddRef (This=0x5c6840) returned 0x3 [0134.284] IWbemClassObject:Get (in: This=0x5c6840, wszName="__GENUS", lFlags=0, pVal=0x3cebdc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec5c*=0, plFlavor=0x3cec58*=0 | out: pVal=0x3cebdc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cec5c*=3, plFlavor=0x3cec58*=64) returned 0x0 [0134.284] IWbemClassObject:Get (in: This=0x5c6840, wszName="__PATH", lFlags=0, pVal=0x3cebc0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec44*=0, plFlavor=0x3cec40*=0 | out: pVal=0x3cebc0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x3cec44*=8, plFlavor=0x3cec40*=64) returned 0x0 [0134.285] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0134.285] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0134.285] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebec | out: ppv=0x3cebec*=0x56e704) returned 0x0 [0134.285] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebe4 | out: pAptType=0x3cebe4*=1) returned 0x0 [0134.286] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebe8 | out: ppvObject=0x3cebe8*=0x0) returned 0x80004002 [0134.286] IUnknown:Release (This=0x56e704) returned 0x1 [0134.290] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce558 | out: ppv=0x3ce558*=0x60a7d0) returned 0x0 [0134.291] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a7d0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce770 | out: ppvObject=0x3ce770*=0x0) returned 0x80004002 [0134.291] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a7d0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce77c | out: ppvObject=0x3ce77c*=0x5df9e0) returned 0x0 [0134.292] WbemDefPath:IUnknown:Release (This=0x60a7d0) returned 0x0 [0134.292] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df9e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce39c | out: ppvObject=0x3ce39c*=0x5df9e0) returned 0x0 [0134.292] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df9e0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce350 | out: ppvObject=0x3ce350*=0x0) returned 0x80004002 [0134.292] WbemDefPath:IUnknown:AddRef (This=0x5df9e0) returned 0x3 [0134.292] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df9e0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcac | out: ppvObject=0x3cdcac*=0x0) returned 0x80004002 [0134.292] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df9e0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdc5c | out: ppvObject=0x3cdc5c*=0x0) returned 0x80004002 [0134.292] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df9e0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc68 | out: ppvObject=0x3cdc68*=0x60a6f0) returned 0x0 [0134.292] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a6f0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc70 | out: pCid=0x3cdc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.292] WbemDefPath:IUnknown:Release (This=0x60a6f0) returned 0x3 [0134.292] CoGetContextToken (in: pToken=0x3cdcc8 | out: pToken=0x3cdcc8) returned 0x0 [0134.293] CoGetContextToken (in: pToken=0x3ce0dc | out: pToken=0x3ce0dc) returned 0x0 [0134.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df9e0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce15c | out: ppvObject=0x3ce15c*=0x0) returned 0x80004002 [0134.293] WbemDefPath:IUnknown:Release (This=0x5df9e0) returned 0x2 [0134.293] WbemDefPath:IUnknown:Release (This=0x5df9e0) returned 0x1 [0134.293] CoGetContextToken (in: pToken=0x3cea6c | out: pToken=0x3cea6c) returned 0x0 [0134.293] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0134.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df9e0, riid=0x3cea9c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea98 | out: ppvObject=0x3cea98*=0x5df9e0) returned 0x0 [0134.293] WbemDefPath:IUnknown:AddRef (This=0x5df9e0) returned 0x3 [0134.293] WbemDefPath:IUnknown:Release (This=0x5df9e0) returned 0x2 [0134.293] WbemDefPath:IWbemPath:SetText (This=0x5df9e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0134.294] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cec18 | out: puCount=0x3cec18*=0x2) returned 0x0 [0134.294] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec14*=0x0, pszText=0x0 | out: puBuffLength=0x3cec14*=0xf, pszText=0x0) returned 0x0 [0134.294] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec14*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec14*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.294] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebe4 | out: puCount=0x3cebe4*=0x2) returned 0x0 [0134.294] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebe0*=0x0, pszText=0x0 | out: puBuffLength=0x3cebe0*=0xf, pszText=0x0) returned 0x0 [0134.294] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.294] IWbemClassObject:Get (in: This=0x5c6840, wszName="Name", lFlags=0, pVal=0x3cebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2630e20*=0, plFlavor=0x2630e24*=0 | out: pVal=0x3cebe0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2630e20*=8, plFlavor=0x2630e24*=0) returned 0x0 [0134.294] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0134.295] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0134.295] IWbemClassObject:Get (in: This=0x5c6840, wszName="Name", lFlags=0, pVal=0x3cebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2630e20*=8, plFlavor=0x2630e24*=0 | out: pVal=0x3cebe8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2630e20*=8, plFlavor=0x2630e24*=0) returned 0x0 [0134.295] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0134.295] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0134.295] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebe4 | out: puCount=0x3cebe4*=0x2) returned 0x0 [0134.295] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebe0*=0x0, pszText=0x0 | out: puBuffLength=0x3cebe0*=0xf, pszText=0x0) returned 0x0 [0134.295] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.295] IWbemClassObject:Get (in: This=0x5c6840, wszName="NumberOfCores", lFlags=0, pVal=0x3cebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2630f2c*=0, plFlavor=0x2630f30*=0 | out: pVal=0x3cebe0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x2630f2c*=19, plFlavor=0x2630f30*=0) returned 0x0 [0134.295] IWbemClassObject:Get (in: This=0x5c6840, wszName="NumberOfCores", lFlags=0, pVal=0x3cebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2630f2c*=19, plFlavor=0x2630f30*=0 | out: pVal=0x3cebe8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x2630f2c*=19, plFlavor=0x2630f30*=0) returned 0x0 [0134.300] CoTaskMemAlloc (cb=0x4) returned 0x60a810 [0134.300] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a810, puReturned=0x263052c | out: apObjects=0x60a810*=0x0, puReturned=0x263052c*=0x0) returned 0x1 [0134.306] CoTaskMemFree (pv=0x60a810) [0134.306] CoGetContextToken (in: pToken=0x3ceb10 | out: pToken=0x3ceb10) returned 0x0 [0134.306] IUnknown:Release (This=0x584860) returned 0x1 [0134.306] IUnknown:Release (This=0x584860) returned 0x0 [0134.308] CoGetContextToken (in: pToken=0x3ceb10 | out: pToken=0x3ceb10) returned 0x0 [0134.308] IUnknown:Release (This=0x584798) returned 0x1 [0134.308] IUnknown:Release (This=0x584798) returned 0x0 [0134.334] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cec04 | out: ppv=0x3cec04*=0x56e704) returned 0x0 [0134.335] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebfc | out: pAptType=0x3cebfc*=1) returned 0x0 [0134.335] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cec00 | out: ppvObject=0x3cec00*=0x0) returned 0x80004002 [0134.335] IUnknown:Release (This=0x56e704) returned 0x1 [0134.336] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce570 | out: ppv=0x3ce570*=0x60a810) returned 0x0 [0134.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a810, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce788 | out: ppvObject=0x3ce788*=0x0) returned 0x80004002 [0134.336] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a810, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce794 | out: ppvObject=0x3ce794*=0x5df900) returned 0x0 [0134.336] WbemDefPath:IUnknown:Release (This=0x60a810) returned 0x0 [0134.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3b4 | out: ppvObject=0x3ce3b4*=0x5df900) returned 0x0 [0134.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce368 | out: ppvObject=0x3ce368*=0x0) returned 0x80004002 [0134.337] WbemDefPath:IUnknown:AddRef (This=0x5df900) returned 0x3 [0134.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdcc4 | out: ppvObject=0x3cdcc4*=0x0) returned 0x80004002 [0134.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdc74 | out: ppvObject=0x3cdc74*=0x0) returned 0x80004002 [0134.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc80 | out: ppvObject=0x3cdc80*=0x60a7c0) returned 0x0 [0134.337] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a7c0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc88 | out: pCid=0x3cdc88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.337] WbemDefPath:IUnknown:Release (This=0x60a7c0) returned 0x3 [0134.337] CoGetContextToken (in: pToken=0x3cdce0 | out: pToken=0x3cdce0) returned 0x0 [0134.337] CoGetContextToken (in: pToken=0x3ce0f4 | out: pToken=0x3ce0f4) returned 0x0 [0134.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce174 | out: ppvObject=0x3ce174*=0x0) returned 0x80004002 [0134.337] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x2 [0134.337] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x1 [0134.337] CoGetContextToken (in: pToken=0x3cea84 | out: pToken=0x3cea84) returned 0x0 [0134.337] CoGetContextToken (in: pToken=0x3ce9e4 | out: pToken=0x3ce9e4) returned 0x0 [0134.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df900, riid=0x3ceab4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ceab0 | out: ppvObject=0x3ceab0*=0x5df900) returned 0x0 [0134.337] WbemDefPath:IUnknown:AddRef (This=0x5df900) returned 0x3 [0134.337] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x2 [0134.337] WbemDefPath:IWbemPath:SetText (This=0x5df900, uMode=0x4, pszPath="root\\CIMV2") returned 0x0 [0134.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df900, puCount=0x3cec2c | out: puCount=0x3cec2c*=0x2) returned 0x0 [0134.337] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cec28*=0x0, pszText=0x0 | out: puBuffLength=0x3cec28*=0xf, pszText=0x0) returned 0x0 [0134.338] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cec28*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec28*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0134.338] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df900, puCount=0x3cec18 | out: puCount=0x3cec18*=0x2) returned 0x0 [0134.338] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cec14*=0x0, pszText=0x0 | out: puBuffLength=0x3cec14*=0xf, pszText=0x0) returned 0x0 [0134.338] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cec14*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec14*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0134.338] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceba8 | out: ppv=0x3ceba8*=0x56e704) returned 0x0 [0134.338] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceba0 | out: pAptType=0x3ceba0*=1) returned 0x0 [0134.338] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceba4 | out: ppvObject=0x3ceba4*=0x0) returned 0x80004002 [0134.338] IUnknown:Release (This=0x56e704) returned 0x1 [0134.339] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7c8 | out: ppv=0x3ce7c8*=0x60a2f8) returned 0x0 [0134.339] WbemLocator:IUnknown:QueryInterface (in: This=0x60a2f8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce9e0 | out: ppvObject=0x3ce9e0*=0x0) returned 0x80004002 [0134.339] WbemLocator:IClassFactory:CreateInstance (in: This=0x60a2f8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9ec | out: ppvObject=0x3ce9ec*=0x60a860) returned 0x0 [0134.339] WbemLocator:IUnknown:Release (This=0x60a2f8) returned 0x0 [0134.339] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce60c | out: ppvObject=0x3ce60c*=0x60a860) returned 0x0 [0134.339] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5c0 | out: ppvObject=0x3ce5c0*=0x0) returned 0x80004002 [0134.340] WbemLocator:IUnknown:AddRef (This=0x60a860) returned 0x3 [0134.340] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf1c | out: ppvObject=0x3cdf1c*=0x0) returned 0x80004002 [0134.340] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdecc | out: ppvObject=0x3cdecc*=0x0) returned 0x80004002 [0134.340] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cded8 | out: ppvObject=0x3cded8*=0x0) returned 0x80004002 [0134.340] CoGetContextToken (in: pToken=0x3cdf38 | out: pToken=0x3cdf38) returned 0x0 [0134.340] CoGetContextToken (in: pToken=0x3ce34c | out: pToken=0x3ce34c) returned 0x0 [0134.340] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3cc | out: ppvObject=0x3ce3cc*=0x0) returned 0x80004002 [0134.340] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x2 [0134.340] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x1 [0134.340] CoGetContextToken (in: pToken=0x3ce9c4 | out: pToken=0x3ce9c4) returned 0x0 [0134.340] CoGetContextToken (in: pToken=0x3ce924 | out: pToken=0x3ce924) returned 0x0 [0134.340] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x3ce9f4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce9f0 | out: ppvObject=0x3ce9f0*=0x60a860) returned 0x0 [0134.340] WbemLocator:IUnknown:AddRef (This=0x60a860) returned 0x3 [0134.340] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x2 [0134.340] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df900, puCount=0x3ceb84 | out: puCount=0x3ceb84*=0x2) returned 0x0 [0134.340] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=8, puBuffLength=0x3ceb80*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb80*=0xf, pszText=0x0) returned 0x0 [0134.340] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=8, puBuffLength=0x3ceb80*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb80*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0134.340] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea30 | out: ppv=0x3cea30*=0x60a770) returned 0x0 [0134.341] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a770, strNetworkResource="\\\\.\\root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3cead0 | out: ppNamespace=0x3cead0*=0x609308) returned 0x0 [0134.357] WbemLocator:IUnknown:QueryInterface (in: This=0x609308, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce954 | out: ppvObject=0x3ce954*=0x6037fc) returned 0x0 [0134.357] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6037fc, pProxy=0x609308, pAuthnSvc=0x3ce9a4, pAuthzSvc=0x3ce9a0, pServerPrincName=0x3ce998, pAuthnLevel=0x3ce99c, pImpLevel=0x3ce98c, pAuthInfo=0x3ce990, pCapabilites=0x3ce994 | out: pAuthnSvc=0x3ce9a4*=0xa, pAuthzSvc=0x3ce9a0*=0x0, pServerPrincName=0x3ce998, pAuthnLevel=0x3ce99c*=0x6, pImpLevel=0x3ce98c*=0x2, pAuthInfo=0x3ce990, pCapabilites=0x3ce994*=0x1) returned 0x0 [0134.357] WbemLocator:IUnknown:Release (This=0x6037fc) returned 0x1 [0134.357] WbemLocator:IUnknown:QueryInterface (in: This=0x609308, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce948 | out: ppvObject=0x3ce948*=0x60381c) returned 0x0 [0134.357] WbemLocator:IUnknown:QueryInterface (in: This=0x609308, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce934 | out: ppvObject=0x3ce934*=0x6037fc) returned 0x0 [0134.357] WbemLocator:IClientSecurity:SetBlanket (This=0x6037fc, pProxy=0x609308, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.358] WbemLocator:IUnknown:Release (This=0x6037fc) returned 0x2 [0134.358] WbemLocator:IUnknown:Release (This=0x60381c) returned 0x1 [0134.358] CoTaskMemFree (pv=0x60b070) [0134.358] WbemLocator:IUnknown:AddRef (This=0x609308) returned 0x2 [0134.358] WbemLocator:IUnknown:Release (This=0x60a770) returned 0x0 [0134.358] CoGetContextToken (in: pToken=0x3cde88 | out: pToken=0x3cde88) returned 0x0 [0134.359] CoGetContextToken (in: pToken=0x3ce29c | out: pToken=0x3ce29c) returned 0x0 [0134.359] WbemLocator:IUnknown:QueryInterface (in: This=0x609308, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce234 | out: ppvObject=0x3ce234*=0x603804) returned 0x0 [0134.359] WbemLocator:IRpcOptions:Query (in: This=0x603804, pPrx=0x60a010, dwProperty=2, pdwValue=0x3ce328 | out: pdwValue=0x3ce328) returned 0x80004002 [0134.359] WbemLocator:IUnknown:Release (This=0x603804) returned 0x2 [0134.359] CoGetContextToken (in: pToken=0x3ce86c | out: pToken=0x3ce86c) returned 0x0 [0134.359] CoGetContextToken (in: pToken=0x3ce7cc | out: pToken=0x3ce7cc) returned 0x0 [0134.359] WbemLocator:IUnknown:QueryInterface (in: This=0x609308, riid=0x3ce89c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce768 | out: ppvObject=0x3ce768*=0x609308) returned 0x0 [0134.360] WbemLocator:IUnknown:Release (This=0x609308) returned 0x2 [0134.360] SysStringLen (param_1=0x0) returned 0x0 [0134.360] CoGetContextToken (in: pToken=0x3ce97c | out: pToken=0x3ce97c) returned 0x0 [0134.360] IWbemServices:ExecQuery (in: This=0x609308, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x3ceb90 | out: ppEnum=0x3ceb90*=0x584798) returned 0x0 [0134.372] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9e0 | out: ppvObject=0x3ce9e0*=0x58479c) returned 0x0 [0134.372] IClientSecurity:QueryBlanket (in: This=0x58479c, pProxy=0x584798, pAuthnSvc=0x3cea30, pAuthzSvc=0x3cea2c, pServerPrincName=0x3cea24, pAuthnLevel=0x3cea28, pImpLevel=0x3cea18, pAuthInfo=0x3cea1c, pCapabilites=0x3cea20 | out: pAuthnSvc=0x3cea30*=0xa, pAuthzSvc=0x3cea2c*=0x0, pServerPrincName=0x3cea24, pAuthnLevel=0x3cea28*=0x6, pImpLevel=0x3cea18*=0x2, pAuthInfo=0x3cea1c, pCapabilites=0x3cea20*=0x1) returned 0x0 [0134.372] IUnknown:Release (This=0x58479c) returned 0x1 [0134.372] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9d4 | out: ppvObject=0x3ce9d4*=0x60390c) returned 0x0 [0134.372] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9c0 | out: ppvObject=0x3ce9c0*=0x58479c) returned 0x0 [0134.372] IClientSecurity:SetBlanket (This=0x58479c, pProxy=0x584798, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.374] IUnknown:Release (This=0x58479c) returned 0x2 [0134.374] WbemLocator:IUnknown:Release (This=0x60390c) returned 0x1 [0134.374] CoTaskMemFree (pv=0x60af80) [0134.375] IUnknown:AddRef (This=0x584798) returned 0x2 [0134.375] CoGetContextToken (in: pToken=0x3cdf00 | out: pToken=0x3cdf00) returned 0x0 [0134.375] CoGetContextToken (in: pToken=0x3ce314 | out: pToken=0x3ce314) returned 0x0 [0134.375] IUnknown:QueryInterface (in: This=0x584798, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2ac | out: ppvObject=0x3ce2ac*=0x6038f4) returned 0x0 [0134.376] WbemLocator:IRpcOptions:Query (in: This=0x6038f4, pPrx=0x60a0b8, dwProperty=2, pdwValue=0x3ce3a0 | out: pdwValue=0x3ce3a0) returned 0x80004002 [0134.376] WbemLocator:IUnknown:Release (This=0x6038f4) returned 0x2 [0134.376] CoGetContextToken (in: pToken=0x3ce8e4 | out: pToken=0x3ce8e4) returned 0x0 [0134.376] CoGetContextToken (in: pToken=0x3ce844 | out: pToken=0x3ce844) returned 0x0 [0134.376] IUnknown:QueryInterface (in: This=0x584798, riid=0x3ce914*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce7e0 | out: ppvObject=0x3ce7e0*=0x584798) returned 0x0 [0134.376] IUnknown:Release (This=0x584798) returned 0x2 [0134.376] SysStringLen (param_1=0x0) returned 0x0 [0134.376] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df900, puCount=0x3cebdc | out: puCount=0x3cebdc*=0x2) returned 0x0 [0134.376] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cebd8*=0x0, pszText=0x0 | out: puBuffLength=0x3cebd8*=0xf, pszText=0x0) returned 0x0 [0134.377] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cebd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebd8*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0134.377] CoGetContextToken (in: pToken=0x3cea34 | out: pToken=0x3cea34) returned 0x0 [0134.377] IEnumWbemClassObject:Clone (in: This=0x584798, ppEnum=0x3cebe8 | out: ppEnum=0x3cebe8*=0x584860) returned 0x0 [0134.378] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ceaa4 | out: ppvObject=0x3ceaa4*=0x584864) returned 0x0 [0134.378] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3ceaf4, pAuthzSvc=0x3ceaf0, pServerPrincName=0x3ceae8, pAuthnLevel=0x3ceaec, pImpLevel=0x3ceadc, pAuthInfo=0x3ceae0, pCapabilites=0x3ceae4 | out: pAuthnSvc=0x3ceaf4*=0xa, pAuthzSvc=0x3ceaf0*=0x0, pServerPrincName=0x3ceae8, pAuthnLevel=0x3ceaec*=0x6, pImpLevel=0x3ceadc*=0x2, pAuthInfo=0x3ceae0, pCapabilites=0x3ceae4*=0x1) returned 0x0 [0134.378] IUnknown:Release (This=0x584864) returned 0x1 [0134.378] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea98 | out: ppvObject=0x3cea98*=0x60354c) returned 0x0 [0134.378] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea84 | out: ppvObject=0x3cea84*=0x584864) returned 0x0 [0134.378] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.380] IUnknown:Release (This=0x584864) returned 0x2 [0134.380] WbemLocator:IUnknown:Release (This=0x60354c) returned 0x1 [0134.380] CoTaskMemFree (pv=0x60b0a0) [0134.380] IUnknown:AddRef (This=0x584860) returned 0x2 [0134.380] CoGetContextToken (in: pToken=0x3cdfb4 | out: pToken=0x3cdfb4) returned 0x0 [0134.381] CoGetContextToken (in: pToken=0x3ce3c4 | out: pToken=0x3ce3c4) returned 0x0 [0134.381] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce360 | out: ppvObject=0x3ce360*=0x603534) returned 0x0 [0134.381] WbemLocator:IRpcOptions:Query (in: This=0x603534, pPrx=0x60a0e8, dwProperty=2, pdwValue=0x3ce454 | out: pdwValue=0x3ce454) returned 0x80004002 [0134.381] WbemLocator:IUnknown:Release (This=0x603534) returned 0x2 [0134.381] CoGetContextToken (in: pToken=0x3ce994 | out: pToken=0x3ce994) returned 0x0 [0134.381] CoGetContextToken (in: pToken=0x3ce8f4 | out: pToken=0x3ce8f4) returned 0x0 [0134.381] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce9c4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce890 | out: ppvObject=0x3ce890*=0x584860) returned 0x0 [0134.381] IUnknown:Release (This=0x584860) returned 0x2 [0134.381] SysStringLen (param_1=0x0) returned 0x0 [0134.381] IEnumWbemClassObject:Reset (This=0x584860) returned 0x0 [0134.382] CoTaskMemAlloc (cb=0x4) returned 0x60a900 [0134.382] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a900, puReturned=0x26320cc | out: apObjects=0x60a900*=0x61fab8, puReturned=0x26320cc*=0x1) returned 0x0 [0134.388] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce23c | out: ppvObject=0x3ce23c*=0x61fab8) returned 0x0 [0134.388] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce1f0 | out: ppvObject=0x3ce1f0*=0x0) returned 0x80004002 [0134.388] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce018 | out: ppvObject=0x3ce018*=0x0) returned 0x80004002 [0134.388] IUnknown:AddRef (This=0x61fab8) returned 0x3 [0134.388] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdb4c | out: ppvObject=0x3cdb4c*=0x0) returned 0x80004002 [0134.388] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdafc | out: ppvObject=0x3cdafc*=0x0) returned 0x80004002 [0134.388] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdb08 | out: ppvObject=0x3cdb08*=0x61fabc) returned 0x0 [0134.388] IMarshal:GetUnmarshalClass (in: This=0x61fabc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdb10 | out: pCid=0x3cdb10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0134.389] IUnknown:Release (This=0x61fabc) returned 0x3 [0134.389] CoGetContextToken (in: pToken=0x3cdb68 | out: pToken=0x3cdb68) returned 0x0 [0134.389] CoGetContextToken (in: pToken=0x3cdf7c | out: pToken=0x3cdf7c) returned 0x0 [0134.389] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdffc | out: ppvObject=0x3cdffc*=0x0) returned 0x80004002 [0134.389] IUnknown:Release (This=0x61fab8) returned 0x2 [0134.389] CoGetContextToken (in: pToken=0x3ce56c | out: pToken=0x3ce56c) returned 0x0 [0134.389] CoGetContextToken (in: pToken=0x3ce4cc | out: pToken=0x3ce4cc) returned 0x0 [0134.389] IUnknown:QueryInterface (in: This=0x61fab8, riid=0x3ce59c*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce598 | out: ppvObject=0x3ce598*=0x61fab8) returned 0x0 [0134.389] IUnknown:AddRef (This=0x61fab8) returned 0x4 [0134.389] IUnknown:Release (This=0x61fab8) returned 0x3 [0134.389] IUnknown:Release (This=0x61fab8) returned 0x2 [0134.389] CoTaskMemFree (pv=0x60a900) [0134.389] CoGetContextToken (in: pToken=0x3ce8dc | out: pToken=0x3ce8dc) returned 0x0 [0134.389] IUnknown:AddRef (This=0x61fab8) returned 0x3 [0134.389] IWbemClassObject:Get (in: This=0x61fab8, wszName="__GENUS", lFlags=0, pVal=0x3cebd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec58*=0, plFlavor=0x3cec54*=0 | out: pVal=0x3cebd8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cec58*=3, plFlavor=0x3cec54*=64) returned 0x0 [0134.390] IWbemClassObject:Get (in: This=0x61fab8, wszName="__PATH", lFlags=0, pVal=0x3cebbc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec40*=0, plFlavor=0x3cec3c*=0 | out: pVal=0x3cebbc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x3cec40*=8, plFlavor=0x3cec3c*=64) returned 0x0 [0134.390] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x92 [0134.390] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x92 [0134.390] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebe8 | out: ppv=0x3cebe8*=0x56e704) returned 0x0 [0134.390] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebe0 | out: pAptType=0x3cebe0*=1) returned 0x0 [0134.390] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebe4 | out: ppvObject=0x3cebe4*=0x0) returned 0x80004002 [0134.390] IUnknown:Release (This=0x56e704) returned 0x1 [0134.391] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce550 | out: ppv=0x3ce550*=0x60a900) returned 0x0 [0134.391] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a900, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce768 | out: ppvObject=0x3ce768*=0x0) returned 0x80004002 [0134.392] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a900, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce774 | out: ppvObject=0x3ce774*=0x5df890) returned 0x0 [0134.392] WbemDefPath:IUnknown:Release (This=0x60a900) returned 0x0 [0134.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce394 | out: ppvObject=0x3ce394*=0x5df890) returned 0x0 [0134.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce348 | out: ppvObject=0x3ce348*=0x0) returned 0x80004002 [0134.392] WbemDefPath:IUnknown:AddRef (This=0x5df890) returned 0x3 [0134.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdca4 | out: ppvObject=0x3cdca4*=0x0) returned 0x80004002 [0134.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdc54 | out: ppvObject=0x3cdc54*=0x0) returned 0x80004002 [0134.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc60 | out: ppvObject=0x3cdc60*=0x60a910) returned 0x0 [0134.392] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a910, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc68 | out: pCid=0x3cdc68*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.392] WbemDefPath:IUnknown:Release (This=0x60a910) returned 0x3 [0134.392] CoGetContextToken (in: pToken=0x3cdcc0 | out: pToken=0x3cdcc0) returned 0x0 [0134.392] CoGetContextToken (in: pToken=0x3ce0d4 | out: pToken=0x3ce0d4) returned 0x0 [0134.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce154 | out: ppvObject=0x3ce154*=0x0) returned 0x80004002 [0134.393] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x2 [0134.393] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x1 [0134.393] CoGetContextToken (in: pToken=0x3cea6c | out: pToken=0x3cea6c) returned 0x0 [0134.393] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0134.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df890, riid=0x3cea9c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea98 | out: ppvObject=0x3cea98*=0x5df890) returned 0x0 [0134.393] WbemDefPath:IUnknown:AddRef (This=0x5df890) returned 0x3 [0134.393] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x2 [0134.393] WbemDefPath:IWbemPath:SetText (This=0x5df890, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0 [0134.393] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df900, puCount=0x3cec14 | out: puCount=0x3cec14*=0x2) returned 0x0 [0134.393] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cec10*=0x0, pszText=0x0 | out: puBuffLength=0x3cec10*=0xf, pszText=0x0) returned 0x0 [0134.393] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cec10*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec10*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0134.393] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df900, puCount=0x3cebe0 | out: puCount=0x3cebe0*=0x2) returned 0x0 [0134.393] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cebdc*=0x0, pszText=0x0 | out: puBuffLength=0x3cebdc*=0xf, pszText=0x0) returned 0x0 [0134.393] WbemDefPath:IWbemPath:GetText (in: This=0x5df900, lFlags=4, puBuffLength=0x3cebdc*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebdc*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0134.393] IWbemClassObject:Get (in: This=0x61fab8, wszName="AdapterRAM", lFlags=0, pVal=0x3cebdc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2632904*=0, plFlavor=0x2632908*=0 | out: pVal=0x3cebdc*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2632904*=19, plFlavor=0x2632908*=0) returned 0x0 [0134.394] IWbemClassObject:Get (in: This=0x61fab8, wszName="AdapterRAM", lFlags=0, pVal=0x3cebe4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2632904*=19, plFlavor=0x2632908*=0 | out: pVal=0x3cebe4*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2632904*=19, plFlavor=0x2632908*=0) returned 0x0 [0134.394] CoTaskMemAlloc (cb=0x4) returned 0x60a940 [0134.394] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a940, puReturned=0x26320cc | out: apObjects=0x60a940*=0x0, puReturned=0x26320cc*=0x0) returned 0x1 [0134.395] CoTaskMemFree (pv=0x60a940) [0134.396] CoGetContextToken (in: pToken=0x3ceb0c | out: pToken=0x3ceb0c) returned 0x0 [0134.396] IUnknown:Release (This=0x584860) returned 0x1 [0134.396] IUnknown:Release (This=0x584860) returned 0x0 [0134.397] CoGetContextToken (in: pToken=0x3ceb0c | out: pToken=0x3ceb0c) returned 0x0 [0134.397] IUnknown:Release (This=0x584798) returned 0x1 [0134.397] IUnknown:Release (This=0x584798) returned 0x0 [0134.421] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cec0c | out: puCount=0x3cec0c*=0x2) returned 0x0 [0134.421] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec08*=0x0, pszText=0x0 | out: puBuffLength=0x3cec08*=0xf, pszText=0x0) returned 0x0 [0134.421] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cec08*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cec08*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.421] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb94 | out: ppv=0x3ceb94*=0x56e704) returned 0x0 [0134.421] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb8c | out: pAptType=0x3ceb8c*=1) returned 0x0 [0134.421] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb90 | out: ppvObject=0x3ceb90*=0x0) returned 0x80004002 [0134.421] IUnknown:Release (This=0x56e704) returned 0x1 [0134.422] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce7b0 | out: ppv=0x3ce7b0*=0x60a130) returned 0x0 [0134.423] WbemLocator:IUnknown:QueryInterface (in: This=0x60a130, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce9c8 | out: ppvObject=0x3ce9c8*=0x0) returned 0x80004002 [0134.423] WbemLocator:IClassFactory:CreateInstance (in: This=0x60a130, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9d4 | out: ppvObject=0x3ce9d4*=0x60a940) returned 0x0 [0134.423] WbemLocator:IUnknown:Release (This=0x60a130) returned 0x0 [0134.423] WbemLocator:IUnknown:QueryInterface (in: This=0x60a940, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce5f4 | out: ppvObject=0x3ce5f4*=0x60a940) returned 0x0 [0134.423] WbemLocator:IUnknown:QueryInterface (in: This=0x60a940, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce5a8 | out: ppvObject=0x3ce5a8*=0x0) returned 0x80004002 [0134.423] WbemLocator:IUnknown:AddRef (This=0x60a940) returned 0x3 [0134.423] WbemLocator:IUnknown:QueryInterface (in: This=0x60a940, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdf04 | out: ppvObject=0x3cdf04*=0x0) returned 0x80004002 [0134.423] WbemLocator:IUnknown:QueryInterface (in: This=0x60a940, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdeb4 | out: ppvObject=0x3cdeb4*=0x0) returned 0x80004002 [0134.423] WbemLocator:IUnknown:QueryInterface (in: This=0x60a940, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdec0 | out: ppvObject=0x3cdec0*=0x0) returned 0x80004002 [0134.423] CoGetContextToken (in: pToken=0x3cdf20 | out: pToken=0x3cdf20) returned 0x0 [0134.423] CoGetContextToken (in: pToken=0x3ce334 | out: pToken=0x3ce334) returned 0x0 [0134.423] WbemLocator:IUnknown:QueryInterface (in: This=0x60a940, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce3b4 | out: ppvObject=0x3ce3b4*=0x0) returned 0x80004002 [0134.423] WbemLocator:IUnknown:Release (This=0x60a940) returned 0x2 [0134.423] WbemLocator:IUnknown:Release (This=0x60a940) returned 0x1 [0134.423] CoGetContextToken (in: pToken=0x3ce9b4 | out: pToken=0x3ce9b4) returned 0x0 [0134.423] CoGetContextToken (in: pToken=0x3ce914 | out: pToken=0x3ce914) returned 0x0 [0134.424] WbemLocator:IUnknown:QueryInterface (in: This=0x60a940, riid=0x3ce9e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce9e0 | out: ppvObject=0x3ce9e0*=0x60a940) returned 0x0 [0134.424] WbemLocator:IUnknown:AddRef (This=0x60a940) returned 0x3 [0134.424] WbemLocator:IUnknown:Release (This=0x60a940) returned 0x2 [0134.424] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb70 | out: puCount=0x3ceb70*=0x2) returned 0x0 [0134.424] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3ceb6c*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb6c*=0xf, pszText=0x0) returned 0x0 [0134.424] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3ceb6c*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb6c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.424] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3cea1c | out: ppv=0x3cea1c*=0x60a7b0) returned 0x0 [0134.424] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a7b0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3ceabc | out: ppNamespace=0x3ceabc*=0x608ef8) returned 0x0 [0134.431] WbemLocator:IUnknown:QueryInterface (in: This=0x608ef8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce940 | out: ppvObject=0x3ce940*=0x60370c) returned 0x0 [0134.432] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60370c, pProxy=0x608ef8, pAuthnSvc=0x3ce990, pAuthzSvc=0x3ce98c, pServerPrincName=0x3ce984, pAuthnLevel=0x3ce988, pImpLevel=0x3ce978, pAuthInfo=0x3ce97c, pCapabilites=0x3ce980 | out: pAuthnSvc=0x3ce990*=0xa, pAuthzSvc=0x3ce98c*=0x0, pServerPrincName=0x3ce984, pAuthnLevel=0x3ce988*=0x6, pImpLevel=0x3ce978*=0x2, pAuthInfo=0x3ce97c, pCapabilites=0x3ce980*=0x1) returned 0x0 [0134.432] WbemLocator:IUnknown:Release (This=0x60370c) returned 0x1 [0134.432] WbemLocator:IUnknown:QueryInterface (in: This=0x608ef8, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce934 | out: ppvObject=0x3ce934*=0x60372c) returned 0x0 [0134.432] WbemLocator:IUnknown:QueryInterface (in: This=0x608ef8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce920 | out: ppvObject=0x3ce920*=0x60370c) returned 0x0 [0134.432] WbemLocator:IClientSecurity:SetBlanket (This=0x60370c, pProxy=0x608ef8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.432] WbemLocator:IUnknown:Release (This=0x60370c) returned 0x2 [0134.432] WbemLocator:IUnknown:Release (This=0x60372c) returned 0x1 [0134.432] CoTaskMemFree (pv=0x60b0a0) [0134.432] WbemLocator:IUnknown:AddRef (This=0x608ef8) returned 0x2 [0134.432] WbemLocator:IUnknown:Release (This=0x60a7b0) returned 0x0 [0134.433] CoGetContextToken (in: pToken=0x3cde74 | out: pToken=0x3cde74) returned 0x0 [0134.433] CoGetContextToken (in: pToken=0x3ce284 | out: pToken=0x3ce284) returned 0x0 [0134.433] WbemLocator:IUnknown:QueryInterface (in: This=0x608ef8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce220 | out: ppvObject=0x3ce220*=0x603714) returned 0x0 [0134.433] WbemLocator:IRpcOptions:Query (in: This=0x603714, pPrx=0x609f98, dwProperty=2, pdwValue=0x3ce314 | out: pdwValue=0x3ce314) returned 0x80004002 [0134.433] WbemLocator:IUnknown:Release (This=0x603714) returned 0x2 [0134.433] CoGetContextToken (in: pToken=0x3ce854 | out: pToken=0x3ce854) returned 0x0 [0134.433] CoGetContextToken (in: pToken=0x3ce7b4 | out: pToken=0x3ce7b4) returned 0x0 [0134.433] WbemLocator:IUnknown:QueryInterface (in: This=0x608ef8, riid=0x3ce884*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce750 | out: ppvObject=0x3ce750*=0x608ef8) returned 0x0 [0134.433] WbemLocator:IUnknown:Release (This=0x608ef8) returned 0x2 [0134.433] SysStringLen (param_1=0x0) returned 0x0 [0134.434] CoGetContextToken (in: pToken=0x3ce96c | out: pToken=0x3ce96c) returned 0x0 [0134.434] IWbemServices:ExecQuery (in: This=0x608ef8, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x3ceb7c | out: ppEnum=0x3ceb7c*=0x584798) returned 0x0 [0134.436] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9cc | out: ppvObject=0x3ce9cc*=0x58479c) returned 0x0 [0134.436] IClientSecurity:QueryBlanket (in: This=0x58479c, pProxy=0x584798, pAuthnSvc=0x3cea1c, pAuthzSvc=0x3cea18, pServerPrincName=0x3cea10, pAuthnLevel=0x3cea14, pImpLevel=0x3cea04, pAuthInfo=0x3cea08, pCapabilites=0x3cea0c | out: pAuthnSvc=0x3cea1c*=0xa, pAuthzSvc=0x3cea18*=0x0, pServerPrincName=0x3cea10, pAuthnLevel=0x3cea14*=0x6, pImpLevel=0x3cea04*=0x2, pAuthInfo=0x3cea08, pCapabilites=0x3cea0c*=0x1) returned 0x0 [0134.436] IUnknown:Release (This=0x58479c) returned 0x1 [0134.436] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9c0 | out: ppvObject=0x3ce9c0*=0x60390c) returned 0x0 [0134.436] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce9ac | out: ppvObject=0x3ce9ac*=0x58479c) returned 0x0 [0134.436] IClientSecurity:SetBlanket (This=0x58479c, pProxy=0x584798, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.441] IUnknown:Release (This=0x58479c) returned 0x2 [0134.441] WbemLocator:IUnknown:Release (This=0x60390c) returned 0x1 [0134.441] CoTaskMemFree (pv=0x60b0d0) [0134.442] IUnknown:AddRef (This=0x584798) returned 0x2 [0134.442] CoGetContextToken (in: pToken=0x3cdeec | out: pToken=0x3cdeec) returned 0x0 [0134.442] CoGetContextToken (in: pToken=0x3ce2fc | out: pToken=0x3ce2fc) returned 0x0 [0134.442] IUnknown:QueryInterface (in: This=0x584798, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce298 | out: ppvObject=0x3ce298*=0x6038f4) returned 0x0 [0134.442] WbemLocator:IRpcOptions:Query (in: This=0x6038f4, pPrx=0x60a0b8, dwProperty=2, pdwValue=0x3ce38c | out: pdwValue=0x3ce38c) returned 0x80004002 [0134.442] WbemLocator:IUnknown:Release (This=0x6038f4) returned 0x2 [0134.443] CoGetContextToken (in: pToken=0x3ce8cc | out: pToken=0x3ce8cc) returned 0x0 [0134.443] CoGetContextToken (in: pToken=0x3ce82c | out: pToken=0x3ce82c) returned 0x0 [0134.443] IUnknown:QueryInterface (in: This=0x584798, riid=0x3ce8fc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce7c8 | out: ppvObject=0x3ce7c8*=0x584798) returned 0x0 [0134.443] IUnknown:Release (This=0x584798) returned 0x2 [0134.443] SysStringLen (param_1=0x0) returned 0x0 [0134.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebc8 | out: puCount=0x3cebc8*=0x2) returned 0x0 [0134.443] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebc4*=0x0, pszText=0x0 | out: puBuffLength=0x3cebc4*=0xf, pszText=0x0) returned 0x0 [0134.443] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebc4*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebc4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.443] CoGetContextToken (in: pToken=0x3cea1c | out: pToken=0x3cea1c) returned 0x0 [0134.443] IEnumWbemClassObject:Clone (in: This=0x584798, ppEnum=0x3cebd4 | out: ppEnum=0x3cebd4*=0x584860) returned 0x0 [0134.445] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea90 | out: ppvObject=0x3cea90*=0x584864) returned 0x0 [0134.445] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3ceae0, pAuthzSvc=0x3ceadc, pServerPrincName=0x3cead4, pAuthnLevel=0x3cead8, pImpLevel=0x3ceac8, pAuthInfo=0x3ceacc, pCapabilites=0x3cead0 | out: pAuthnSvc=0x3ceae0*=0xa, pAuthzSvc=0x3ceadc*=0x0, pServerPrincName=0x3cead4, pAuthnLevel=0x3cead8*=0x6, pImpLevel=0x3ceac8*=0x2, pAuthInfo=0x3ceacc, pCapabilites=0x3cead0*=0x1) returned 0x0 [0134.445] IUnknown:Release (This=0x584864) returned 0x1 [0134.445] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea84 | out: ppvObject=0x3cea84*=0x60336c) returned 0x0 [0134.445] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea70 | out: ppvObject=0x3cea70*=0x584864) returned 0x0 [0134.445] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.446] IUnknown:Release (This=0x584864) returned 0x2 [0134.447] WbemLocator:IUnknown:Release (This=0x60336c) returned 0x1 [0134.447] CoTaskMemFree (pv=0x60b100) [0134.447] IUnknown:AddRef (This=0x584860) returned 0x2 [0134.447] CoGetContextToken (in: pToken=0x3cdfa0 | out: pToken=0x3cdfa0) returned 0x0 [0134.447] CoGetContextToken (in: pToken=0x3ce3b4 | out: pToken=0x3ce3b4) returned 0x0 [0134.447] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce34c | out: ppvObject=0x3ce34c*=0x603354) returned 0x0 [0134.447] WbemLocator:IRpcOptions:Query (in: This=0x603354, pPrx=0x60a100, dwProperty=2, pdwValue=0x3ce440 | out: pdwValue=0x3ce440) returned 0x80004002 [0134.447] WbemLocator:IUnknown:Release (This=0x603354) returned 0x2 [0134.448] CoGetContextToken (in: pToken=0x3ce984 | out: pToken=0x3ce984) returned 0x0 [0134.448] CoGetContextToken (in: pToken=0x3ce8e4 | out: pToken=0x3ce8e4) returned 0x0 [0134.448] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce9b4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce880 | out: ppvObject=0x3ce880*=0x584860) returned 0x0 [0134.448] IUnknown:Release (This=0x584860) returned 0x2 [0134.448] SysStringLen (param_1=0x0) returned 0x0 [0134.448] IEnumWbemClassObject:Reset (This=0x584860) returned 0x0 [0134.449] CoTaskMemAlloc (cb=0x4) returned 0x60a960 [0134.449] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a960, puReturned=0x2633560 | out: apObjects=0x60a960*=0x61fde8, puReturned=0x2633560*=0x1) returned 0x0 [0134.453] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce22c | out: ppvObject=0x3ce22c*=0x61fde8) returned 0x0 [0134.453] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce1e0 | out: ppvObject=0x3ce1e0*=0x0) returned 0x80004002 [0134.453] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce008 | out: ppvObject=0x3ce008*=0x0) returned 0x80004002 [0134.453] IUnknown:AddRef (This=0x61fde8) returned 0x3 [0134.453] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdb3c | out: ppvObject=0x3cdb3c*=0x0) returned 0x80004002 [0134.453] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0134.453] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaf8 | out: ppvObject=0x3cdaf8*=0x61fdec) returned 0x0 [0134.454] IMarshal:GetUnmarshalClass (in: This=0x61fdec, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdb00 | out: pCid=0x3cdb00*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0134.454] IUnknown:Release (This=0x61fdec) returned 0x3 [0134.454] CoGetContextToken (in: pToken=0x3cdb58 | out: pToken=0x3cdb58) returned 0x0 [0134.454] CoGetContextToken (in: pToken=0x3cdf6c | out: pToken=0x3cdf6c) returned 0x0 [0134.454] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdfec | out: ppvObject=0x3cdfec*=0x0) returned 0x80004002 [0134.454] IUnknown:Release (This=0x61fde8) returned 0x2 [0134.454] CoGetContextToken (in: pToken=0x3ce554 | out: pToken=0x3ce554) returned 0x0 [0134.454] CoGetContextToken (in: pToken=0x3ce4b4 | out: pToken=0x3ce4b4) returned 0x0 [0134.454] IUnknown:QueryInterface (in: This=0x61fde8, riid=0x3ce584*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce580 | out: ppvObject=0x3ce580*=0x61fde8) returned 0x0 [0134.454] IUnknown:AddRef (This=0x61fde8) returned 0x4 [0134.454] IUnknown:Release (This=0x61fde8) returned 0x3 [0134.454] IUnknown:Release (This=0x61fde8) returned 0x2 [0134.454] CoTaskMemFree (pv=0x60a960) [0134.454] CoGetContextToken (in: pToken=0x3ce8c4 | out: pToken=0x3ce8c4) returned 0x0 [0134.454] IUnknown:AddRef (This=0x61fde8) returned 0x3 [0134.454] IWbemClassObject:Get (in: This=0x61fde8, wszName="__GENUS", lFlags=0, pVal=0x3cebc4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec44*=0, plFlavor=0x3cec40*=0 | out: pVal=0x3cebc4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cec44*=3, plFlavor=0x3cec40*=64) returned 0x0 [0134.455] IWbemClassObject:Get (in: This=0x61fde8, wszName="__PATH", lFlags=0, pVal=0x3ceba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cec2c*=0, plFlavor=0x3cec28*=0 | out: pVal=0x3ceba8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"", varVal2=0x0), pType=0x3cec2c*=8, plFlavor=0x3cec28*=64) returned 0x0 [0134.455] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0134.455] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0134.455] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3cebd4 | out: ppv=0x3cebd4*=0x56e704) returned 0x0 [0134.455] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3cebcc | out: pAptType=0x3cebcc*=1) returned 0x0 [0134.455] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3cebd0 | out: ppvObject=0x3cebd0*=0x0) returned 0x80004002 [0134.455] IUnknown:Release (This=0x56e704) returned 0x1 [0134.456] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce540 | out: ppv=0x3ce540*=0x60a960) returned 0x0 [0134.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a960, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce758 | out: ppvObject=0x3ce758*=0x0) returned 0x80004002 [0134.457] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a960, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce764 | out: ppvObject=0x3ce764*=0x5df970) returned 0x0 [0134.457] WbemDefPath:IUnknown:Release (This=0x60a960) returned 0x0 [0134.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce384 | out: ppvObject=0x3ce384*=0x5df970) returned 0x0 [0134.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce338 | out: ppvObject=0x3ce338*=0x0) returned 0x80004002 [0134.457] WbemDefPath:IUnknown:AddRef (This=0x5df970) returned 0x3 [0134.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc94 | out: ppvObject=0x3cdc94*=0x0) returned 0x80004002 [0134.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0134.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc50 | out: ppvObject=0x3cdc50*=0x60a970) returned 0x0 [0134.457] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a970, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc58 | out: pCid=0x3cdc58*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.457] WbemDefPath:IUnknown:Release (This=0x60a970) returned 0x3 [0134.457] CoGetContextToken (in: pToken=0x3cdcb0 | out: pToken=0x3cdcb0) returned 0x0 [0134.458] CoGetContextToken (in: pToken=0x3ce0c4 | out: pToken=0x3ce0c4) returned 0x0 [0134.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce144 | out: ppvObject=0x3ce144*=0x0) returned 0x80004002 [0134.458] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x2 [0134.458] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x1 [0134.458] CoGetContextToken (in: pToken=0x3cea54 | out: pToken=0x3cea54) returned 0x0 [0134.458] CoGetContextToken (in: pToken=0x3ce9b4 | out: pToken=0x3ce9b4) returned 0x0 [0134.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df970, riid=0x3cea84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea80 | out: ppvObject=0x3cea80*=0x5df970) returned 0x0 [0134.458] WbemDefPath:IUnknown:AddRef (This=0x5df970) returned 0x3 [0134.458] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x2 [0134.458] WbemDefPath:IWbemPath:SetText (This=0x5df970, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x0 [0134.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cec00 | out: puCount=0x3cec00*=0x2) returned 0x0 [0134.458] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebfc*=0x0, pszText=0x0 | out: puBuffLength=0x3cebfc*=0xf, pszText=0x0) returned 0x0 [0134.458] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebfc*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebfc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebcc | out: puCount=0x3cebcc*=0x2) returned 0x0 [0134.458] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebc8*=0x0, pszText=0x0 | out: puBuffLength=0x3cebc8*=0xf, pszText=0x0) returned 0x0 [0134.458] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebc8*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebc8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.458] IWbemClassObject:Get (in: This=0x61fde8, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x3cebc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2633dfc*=0, plFlavor=0x2633e00*=0 | out: pVal=0x3cebc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096624", varVal2=0x0), pType=0x2633dfc*=21, plFlavor=0x2633e00*=0) returned 0x0 [0134.458] SysStringByteLen (bstr="2096624") returned 0xe [0134.458] SysStringByteLen (bstr="2096624") returned 0xe [0134.459] IWbemClassObject:Get (in: This=0x61fde8, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x3cebd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2633dfc*=21, plFlavor=0x2633e00*=0 | out: pVal=0x3cebd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096624", varVal2=0x0), pType=0x2633dfc*=21, plFlavor=0x2633e00*=0) returned 0x0 [0134.459] SysStringByteLen (bstr="2096624") returned 0xe [0134.459] SysStringByteLen (bstr="2096624") returned 0xe [0134.461] CoTaskMemAlloc (cb=0x4) returned 0x60a9a0 [0134.461] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a9a0, puReturned=0x2633560 | out: apObjects=0x60a9a0*=0x0, puReturned=0x2633560*=0x0) returned 0x1 [0134.461] CoTaskMemFree (pv=0x60a9a0) [0134.462] CoGetContextToken (in: pToken=0x3ceaf8 | out: pToken=0x3ceaf8) returned 0x0 [0134.462] IUnknown:Release (This=0x584860) returned 0x1 [0134.462] IUnknown:Release (This=0x584860) returned 0x0 [0134.463] CoGetContextToken (in: pToken=0x3ceaf8 | out: pToken=0x3ceaf8) returned 0x0 [0134.463] IUnknown:Release (This=0x584798) returned 0x1 [0134.463] IUnknown:Release (This=0x584798) returned 0x0 [0134.475] CoCreateGuid (in: pguid=0x3ce928 | out: pguid=0x3ce928*(Data1=0xcbe27bc4, Data2=0x1c7b, Data3=0x405a, Data4=([0]=0xb6, [1]=0xb0, [2]=0xa0, [3]=0x61, [4]=0x9e, [5]=0xf0, [6]=0x5d, [7]=0x4c))) returned 0x0 [0134.475] CoCreateGuid (in: pguid=0x3ce86c | out: pguid=0x3ce86c*(Data1=0xeea93812, Data2=0x903d, Data3=0x46f0, Data4=([0]=0xbb, [1]=0x9, [2]=0x88, [3]=0x61, [4]=0x9b, [5]=0xee, [6]=0x2c, [7]=0xb0))) returned 0x0 [0134.513] send (s=0x238, buf=0x24f3183*, len=292, flags=0) returned 292 [0134.514] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 128 [0134.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x318) returned 0x0 [0134.579] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x3cec9c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x3cec98, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x3cec9c*=0x2b, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x3cec98*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.579] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.579] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.579] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.579] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.579] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x9, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0xa, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0xb, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0xc, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0xd, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0xe, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0xf, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x10, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x11, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x12, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x13, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.580] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x14, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x15, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x16, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x17, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x18, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x19, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1a, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1b, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1c, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1d, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1e, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1f, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x20, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x21, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x22, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.581] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x23, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x24, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x25, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x26, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x27, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x28, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x29, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2a, lpName=0x2638ec4, lpcchName=0x3cecb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x3cecb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.582] RegOpenKeyExW (in: hKey=0x318, lpSubKey="AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.582] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.582] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.582] RegCloseKey (hKey=0x33c) returned 0x0 [0134.583] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.583] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.583] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.583] RegCloseKey (hKey=0x33c) returned 0x0 [0134.583] RegOpenKeyExW (in: hKey=0x318, lpSubKey="DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.583] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.583] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.583] RegCloseKey (hKey=0x33c) returned 0x0 [0134.584] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.584] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.584] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.584] RegCloseKey (hKey=0x33c) returned 0x0 [0134.584] RegOpenKeyExW (in: hKey=0x318, lpSubKey="IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.584] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.584] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.584] RegCloseKey (hKey=0x33c) returned 0x0 [0134.584] RegOpenKeyExW (in: hKey=0x318, lpSubKey="IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.584] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.584] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.584] RegCloseKey (hKey=0x33c) returned 0x0 [0134.585] RegOpenKeyExW (in: hKey=0x318, lpSubKey="IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.585] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.585] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.585] RegCloseKey (hKey=0x33c) returned 0x0 [0134.585] RegOpenKeyExW (in: hKey=0x318, lpSubKey="IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.585] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.585] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.585] RegCloseKey (hKey=0x33c) returned 0x0 [0134.586] RegOpenKeyExW (in: hKey=0x318, lpSubKey="MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.586] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.586] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.586] RegCloseKey (hKey=0x33c) returned 0x0 [0134.586] RegOpenKeyExW (in: hKey=0x318, lpSubKey="SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.586] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.586] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.586] RegCloseKey (hKey=0x33c) returned 0x0 [0134.587] RegOpenKeyExW (in: hKey=0x318, lpSubKey="WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.587] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.587] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.587] RegCloseKey (hKey=0x33c) returned 0x0 [0134.587] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.587] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7e) returned 0x0 [0134.587] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x263b118, lpcbData=0x3cec90*=0x7e | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpcbData=0x3cec90*=0x7e) returned 0x0 [0134.587] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x18) returned 0x0 [0134.587] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x263b284, lpcbData=0x3cec90*=0x18 | out: lpType=0x3cec94*=0x1, lpData="14.25.28508", lpcbData=0x3cec90*=0x18) returned 0x0 [0134.605] RegCloseKey (hKey=0x33c) returned 0x0 [0134.606] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.606] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x76) returned 0x0 [0134.606] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2640b6c, lpcbData=0x3cec90*=0x76 | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpcbData=0x3cec90*=0x76) returned 0x0 [0134.606] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x16) returned 0x0 [0134.606] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2640cd4, lpcbData=0x3cec90*=0x16 | out: lpType=0x3cec94*=0x1, lpData="12.0.21005", lpcbData=0x3cec90*=0x16) returned 0x0 [0134.606] RegCloseKey (hKey=0x33c) returned 0x0 [0134.607] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.607] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.607] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.607] RegCloseKey (hKey=0x33c) returned 0x0 [0134.607] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.607] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.607] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.607] RegCloseKey (hKey=0x33c) returned 0x0 [0134.607] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.608] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.608] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.608] RegCloseKey (hKey=0x33c) returned 0x0 [0134.608] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.608] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.608] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.608] RegCloseKey (hKey=0x33c) returned 0x0 [0134.608] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.608] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.609] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.609] RegCloseKey (hKey=0x33c) returned 0x0 [0134.609] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.609] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.609] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.609] RegCloseKey (hKey=0x33c) returned 0x0 [0134.610] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.610] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.610] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.610] RegCloseKey (hKey=0x33c) returned 0x0 [0134.610] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.610] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x78) returned 0x0 [0134.610] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2641cf8, lpcbData=0x3cec90*=0x78 | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpcbData=0x3cec90*=0x78) returned 0x0 [0134.610] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x18) returned 0x0 [0134.610] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2641e54, lpcbData=0x3cec90*=0x18 | out: lpType=0x3cec94*=0x1, lpData="14.25.28508", lpcbData=0x3cec90*=0x18) returned 0x0 [0134.610] RegCloseKey (hKey=0x33c) returned 0x0 [0134.611] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.611] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.611] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x26421cc, lpcbData=0x3cec90*=0x7a | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.611] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.611] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2642330, lpcbData=0x3cec90*=0x1a | out: lpType=0x3cec94*=0x1, lpData="11.0.61030.0", lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.611] RegCloseKey (hKey=0x33c) returned 0x0 [0134.611] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.611] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.611] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x26426b4, lpcbData=0x3cec90*=0x7a | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.612] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.612] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2642818, lpcbData=0x3cec90*=0x1a | out: lpType=0x3cec94*=0x1, lpData="12.0.30501.0", lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.612] RegCloseKey (hKey=0x33c) returned 0x0 [0134.612] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.612] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x86) returned 0x0 [0134.612] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2642bd4, lpcbData=0x3cec90*=0x86 | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpcbData=0x3cec90*=0x86) returned 0x0 [0134.612] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1c) returned 0x0 [0134.612] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2642d50, lpcbData=0x3cec90*=0x1c | out: lpType=0x3cec94*=0x1, lpData="14.25.28508.3", lpcbData=0x3cec90*=0x1c) returned 0x0 [0134.613] RegCloseKey (hKey=0x33c) returned 0x0 [0134.613] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.613] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x86) returned 0x0 [0134.613] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x26430e4, lpcbData=0x3cec90*=0x86 | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpcbData=0x3cec90*=0x86) returned 0x0 [0134.613] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1c) returned 0x0 [0134.613] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2643260, lpcbData=0x3cec90*=0x1c | out: lpType=0x3cec94*=0x1, lpData="14.25.28508.3", lpcbData=0x3cec90*=0x1c) returned 0x0 [0134.613] RegCloseKey (hKey=0x33c) returned 0x0 [0134.613] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.613] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x54) returned 0x0 [0134.614] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x26435f4, lpcbData=0x3cec90*=0x54 | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x3cec90*=0x54) returned 0x0 [0134.614] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x14) returned 0x0 [0134.614] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2643708, lpcbData=0x3cec90*=0x14 | out: lpType=0x3cec94*=0x1, lpData="8.0.61001", lpcbData=0x3cec90*=0x14) returned 0x0 [0134.614] RegCloseKey (hKey=0x33c) returned 0x0 [0134.614] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.614] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x5e) returned 0x0 [0134.614] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2643a50, lpcbData=0x3cec90*=0x5e | out: lpType=0x3cec94*=0x1, lpData="Office 16 Click-to-Run Extensibility Component", lpcbData=0x3cec90*=0x5e) returned 0x0 [0134.614] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1e) returned 0x0 [0134.614] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2643b7c, lpcbData=0x3cec90*=0x1e | out: lpType=0x3cec94*=0x1, lpData="16.0.4266.1003", lpcbData=0x3cec90*=0x1e) returned 0x0 [0134.615] RegCloseKey (hKey=0x33c) returned 0x0 [0134.615] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.615] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x5c) returned 0x0 [0134.615] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2643f3c, lpcbData=0x3cec90*=0x5c | out: lpType=0x3cec94*=0x1, lpData="Office 16 Click-to-Run Localization Component", lpcbData=0x3cec90*=0x5c) returned 0x0 [0134.615] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1e) returned 0x0 [0134.615] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2644060, lpcbData=0x3cec90*=0x1e | out: lpType=0x3cec94*=0x1, lpData="16.0.4266.1003", lpcbData=0x3cec90*=0x1e) returned 0x0 [0134.615] RegCloseKey (hKey=0x33c) returned 0x0 [0134.615] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.616] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x68) returned 0x0 [0134.616] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x26443e8, lpcbData=0x3cec90*=0x68 | out: lpType=0x3cec94*=0x1, lpData="Update for Microsoft .NET Framework 4.8 (KB4503575)", lpcbData=0x3cec90*=0x68) returned 0x0 [0134.616] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x4) returned 0x0 [0134.616] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2644524, lpcbData=0x3cec90*=0x4 | out: lpType=0x3cec94*=0x1, lpData="1", lpcbData=0x3cec90*=0x4) returned 0x0 [0134.616] RegCloseKey (hKey=0x33c) returned 0x0 [0134.616] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.616] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7e) returned 0x0 [0134.616] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2644850, lpcbData=0x3cec90*=0x7e | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x3cec90*=0x7e) returned 0x0 [0134.617] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1e) returned 0x0 [0134.617] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x26449bc, lpcbData=0x3cec90*=0x1e | out: lpType=0x3cec94*=0x1, lpData="9.0.30729.6161", lpcbData=0x3cec90*=0x1e) returned 0x0 [0134.617] RegCloseKey (hKey=0x33c) returned 0x0 [0134.617] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.617] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7c) returned 0x0 [0134.617] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2644d5c, lpcbData=0x3cec90*=0x7c | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x3cec90*=0x7c) returned 0x0 [0134.617] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x16) returned 0x0 [0134.617] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2644ec0, lpcbData=0x3cec90*=0x16 | out: lpType=0x3cec94*=0x1, lpData="11.0.61030", lpcbData=0x3cec90*=0x16) returned 0x0 [0134.617] RegCloseKey (hKey=0x33c) returned 0x0 [0134.618] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x76) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x264523c, lpcbData=0x3cec90*=0x76 | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x3cec90*=0x76) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x16) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2645398, lpcbData=0x3cec90*=0x16 | out: lpType=0x3cec94*=0x1, lpData="11.0.61030", lpcbData=0x3cec90*=0x16) returned 0x0 [0134.618] RegCloseKey (hKey=0x33c) returned 0x0 [0134.618] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x264570c, lpcbData=0x3cec90*=0x7a | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.618] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2645870, lpcbData=0x3cec90*=0x1a | out: lpType=0x3cec94*=0x1, lpData="11.0.61030.0", lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.618] RegCloseKey (hKey=0x33c) returned 0x0 [0134.619] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.619] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.619] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x2645bf4, lpcbData=0x3cec90*=0x7a | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpcbData=0x3cec90*=0x7a) returned 0x0 [0134.619] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.619] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2645d58, lpcbData=0x3cec90*=0x1a | out: lpType=0x3cec94*=0x1, lpData="12.0.30501.0", lpcbData=0x3cec90*=0x1a) returned 0x0 [0134.619] RegCloseKey (hKey=0x33c) returned 0x0 [0134.619] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.619] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x78) returned 0x0 [0134.619] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x26460dc, lpcbData=0x3cec90*=0x78 | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x3cec90*=0x78) returned 0x0 [0134.619] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x16) returned 0x0 [0134.620] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x2646238, lpcbData=0x3cec90*=0x16 | out: lpType=0x3cec94*=0x1, lpData="10.0.40219", lpcbData=0x3cec90*=0x16) returned 0x0 [0134.620] RegCloseKey (hKey=0x33c) returned 0x0 [0134.620] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.620] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.620] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.620] RegCloseKey (hKey=0x33c) returned 0x0 [0134.620] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.620] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.620] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.621] RegCloseKey (hKey=0x33c) returned 0x0 [0134.621] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.621] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.621] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.621] RegCloseKey (hKey=0x33c) returned 0x0 [0134.621] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.621] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.621] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.622] RegCloseKey (hKey=0x33c) returned 0x0 [0134.622] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.622] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.622] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.622] RegCloseKey (hKey=0x33c) returned 0x0 [0134.622] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.622] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.622] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.622] RegCloseKey (hKey=0x33c) returned 0x0 [0134.623] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.623] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.623] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x0, lpData=0x0, lpcbData=0x3cec90*=0x0) returned 0x2 [0134.623] RegCloseKey (hKey=0x33c) returned 0x0 [0134.623] RegOpenKeyExW (in: hKey=0x318, lpSubKey="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec74 | out: phkResult=0x3cec74*=0x33c) returned 0x0 [0134.623] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x7c) returned 0x0 [0134.623] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayName", lpReserved=0x0, lpType=0x3cec94, lpData=0x26472f8, lpcbData=0x3cec90*=0x7c | out: lpType=0x3cec94*=0x1, lpData="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpcbData=0x3cec90*=0x7c) returned 0x0 [0134.623] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x0, lpcbData=0x3cec90*=0x0 | out: lpType=0x3cec94*=0x1, lpData=0x0, lpcbData=0x3cec90*=0x16) returned 0x0 [0134.623] RegQueryValueExW (in: hKey=0x33c, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x3cec94, lpData=0x264745c, lpcbData=0x3cec90*=0x16 | out: lpType=0x3cec94*=0x1, lpData="12.0.21005", lpcbData=0x3cec90*=0x16) returned 0x0 [0134.623] RegCloseKey (hKey=0x33c) returned 0x0 [0134.623] RegCloseKey (hKey=0x318) returned 0x0 [0134.631] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x2451a338, Data2=0xc165, Data3=0x42b5, Data4=([0]=0xbb, [1]=0x3, [2]=0x5b, [3]=0x2, [4]=0xbe, [5]=0x7d, [6]=0xf3, [7]=0x44))) returned 0x0 [0134.631] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0x2aae848b, Data2=0x199e, Data3=0x43d4, Data4=([0]=0xac, [1]=0xd7, [2]=0xc6, [3]=0x14, [4]=0xf0, [5]=0x3f, [6]=0xc2, [7]=0xad))) returned 0x0 [0134.632] send (s=0x238, buf=0x2647e4b*, len=1530, flags=0) returned 1530 [0134.633] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 126 [0134.753] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.753] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net") returned 0x2c [0134.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.768] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2b [0134.768] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.772] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.772] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data") returned 0x34 [0134.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.772] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0134.772] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.774] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.774] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x39 [0134.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.774] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0134.774] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.776] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.776] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x3e [0134.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.776] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x3d [0134.777] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.778] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.778] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\") returned 0x33 [0134.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.779] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x32 [0134.779] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.781] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.781] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x42 [0134.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.782] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0134.782] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.783] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.783] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data") returned 0x33 [0134.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.784] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0134.784] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.785] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.785] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x37 [0134.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.786] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0134.786] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.788] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.788] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data") returned 0x37 [0134.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.788] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0134.788] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.790] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.790] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data") returned 0x32 [0134.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.790] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0134.791] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.792] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.792] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data") returned 0x33 [0134.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.793] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0134.793] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.794] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.795] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data") returned 0x32 [0134.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.795] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0134.795] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.797] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.797] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data") returned 0x3c [0134.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.798] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0134.798] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.799] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.799] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x40 [0134.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.800] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0134.800] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.801] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.802] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3a [0134.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.802] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0134.802] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.804] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.804] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x55 [0134.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.804] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0134.804] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.806] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.806] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x40 [0134.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.806] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0134.806] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.808] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.808] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x39 [0134.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.808] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0134.809] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.810] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.810] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data") returned 0x32 [0134.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.810] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0134.811] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.812] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.812] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data") returned 0x34 [0134.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.813] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0134.813] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.815] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.815] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data") returned 0x33 [0134.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.815] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0134.815] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.817] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.817] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x39 [0134.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.817] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0134.818] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.819] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.819] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data") returned 0x36 [0134.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.819] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x35 [0134.820] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.821] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.821] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data") returned 0x31 [0134.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.821] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0134.822] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.823] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.823] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x40 [0134.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.823] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0134.823] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.825] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.825] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data") returned 0x32 [0134.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.825] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x31 [0134.826] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.827] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.827] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x3e [0134.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.827] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x3d [0134.828] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.829] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.829] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data") returned 0x34 [0134.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.830] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x33 [0134.830] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.831] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.831] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data") returned 0x33 [0134.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.831] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x32 [0134.832] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.833] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.833] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3b [0134.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.833] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0134.834] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.835] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.835] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data") returned 0x34 [0134.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.835] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x33 [0134.835] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.837] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.837] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3a [0134.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.837] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0134.837] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.838] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.838] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data") returned 0x30 [0134.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.839] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x2f [0134.839] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.840] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.840] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data") returned 0x34 [0134.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.840] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x33 [0134.841] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.842] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.842] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x38 [0134.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.842] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x37 [0134.842] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.844] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.844] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x47 [0134.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.844] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0134.844] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.846] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.846] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3a [0134.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.846] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0134.846] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.847] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.847] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x4e [0134.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.847] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x4d [0134.848] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.849] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.849] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam") returned 0x27 [0134.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.849] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x26 [0134.849] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.851] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.851] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x3ceab4, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x3d [0134.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb4c) returned 1 [0134.851] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3c [0134.851] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data\\*", lpFindFileData=0x3ce8fc | out: lpFindFileData=0x3ce8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8bc) returned 1 [0134.928] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.928] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Mozilla\\Firefox", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x33 [0134.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.928] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x32 [0134.928] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.930] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.931] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Waterfox", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox") returned 0x2c [0134.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.931] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox", lpFilePart=0x0) returned 0x2b [0134.931] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.933] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.933] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\K-Meleon", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon") returned 0x2c [0134.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon", lpFilePart=0x0) returned 0x2b [0134.934] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.935] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.936] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Thunderbird", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird") returned 0x2f [0134.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.936] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird", lpFilePart=0x0) returned 0x2e [0134.936] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.938] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.938] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Comodo\\IceDragon", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon") returned 0x34 [0134.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon", lpFilePart=0x0) returned 0x33 [0134.939] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.940] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.940] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox") returned 0x39 [0134.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.941] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpFilePart=0x0) returned 0x38 [0134.941] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.943] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.943] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw") returned 0x41 [0134.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.943] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpFilePart=0x0) returned 0x40 [0134.944] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.945] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0134.945] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpDst=0x3ceb2c, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon") returned 0x43 [0134.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebc4) returned 1 [0134.946] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", nBufferLength=0x105, lpBuffer=0x3ce6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpFilePart=0x0) returned 0x42 [0134.946] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\*", lpFindFileData=0x3ce974 | out: lpFindFileData=0x3ce974*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0134.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce934) returned 1 [0134.949] CoCreateGuid (in: pguid=0x3ce978 | out: pguid=0x3ce978*(Data1=0x4a8fc7fb, Data2=0x3c68, Data3=0x4ead, Data4=([0]=0x8e, [1]=0xf1, [2]=0xe9, [3]=0x86, [4]=0xf8, [5]=0xbe, [6]=0xe2, [7]=0x19))) returned 0x0 [0134.949] CoCreateGuid (in: pguid=0x3ce8bc | out: pguid=0x3ce8bc*(Data1=0x2a347910, Data2=0xc5b6, Data3=0x445c, Data4=([0]=0xb2, [1]=0x90, [2]=0xde, [3]=0x56, [4]=0x5e, [5]=0xce, [6]=0x4a, [7]=0xa7))) returned 0x0 [0134.950] send (s=0x238, buf=0x2647e4b*, len=171, flags=0) returned 171 [0134.950] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 132 [0134.997] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\WOW6432Node\\Clients\\StartMenuInternet", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec78 | out: phkResult=0x3cec78*=0x318) returned 0x0 [0134.998] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x3ceca0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x3cec9c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x3ceca0*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x3cec9c*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.998] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x266f9d0, lpcchName=0x3cecbc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEXPLORE.EXE", lpcchName=0x3cecbc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0134.998] CoTaskMemFree (pv=0x0) [0134.998] RegOpenKeyExW (in: hKey=0x318, lpSubKey="IEXPLORE.EXE", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec78 | out: phkResult=0x3cec78*=0x33c) returned 0x0 [0134.998] RegQueryValueExW (in: hKey=0x33c, lpValueName=0x0, lpReserved=0x0, lpType=0x3cec98, lpData=0x0, lpcbData=0x3cec94*=0x0 | out: lpType=0x3cec98*=0x1, lpData=0x0, lpcbData=0x3cec94*=0x24) returned 0x0 [0134.998] RegQueryValueExW (in: hKey=0x33c, lpValueName=0x0, lpReserved=0x0, lpType=0x3cec98, lpData=0x266fcfc, lpcbData=0x3cec94*=0x24 | out: lpType=0x3cec98*=0x1, lpData="Internet Explorer", lpcbData=0x3cec94*=0x24) returned 0x0 [0134.999] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec78 | out: phkResult=0x3cec78*=0x340) returned 0x0 [0134.999] RegQueryValueExW (in: hKey=0x340, lpValueName=0x0, lpReserved=0x0, lpType=0x3cec98, lpData=0x0, lpcbData=0x3cec94*=0x0 | out: lpType=0x3cec98*=0x1, lpData=0x0, lpcbData=0x3cec94*=0x6c) returned 0x0 [0134.999] RegQueryValueExW (in: hKey=0x340, lpValueName=0x0, lpReserved=0x0, lpType=0x3cec98, lpData=0x266fee4, lpcbData=0x3cec94*=0x6c | out: lpType=0x3cec98*=0x1, lpData="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpcbData=0x3cec94*=0x6c) returned 0x0 [0135.000] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", nBufferLength=0x105, lpBuffer=0x3ce74c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpFilePart=0x0) returned 0x35 [0135.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce98c) returned 1 [0135.000] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe"), fInfoLevelId=0x0, lpFileInformation=0x3cec50 | out: lpFileInformation=0x3cec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2e87a7f, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb2e87a7f, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb2eadbdf, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa4510)) returned 1 [0135.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce988) returned 1 [0135.001] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpdwHandle=0x3cecc4 | out: lpdwHandle=0x3cecc4) returned 0xc0c [0135.237] GetFileVersionInfoW (in: lptstrFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", dwHandle=0x0, dwLen=0xc0c, lpData=0x26700bc | out: lpData=0x26700bc) returned 1 [0135.241] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x3cec98, puLen=0x3cec94 | out: lplpBuffer=0x3cec98*=0x26706bc, puLen=0x3cec94) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x2670174, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x26701c8, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x267020c, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x267027c, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x26702b4, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x2670338, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x267037c, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x26703d8, puLen=0x3cec14) returned 1 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x0, puLen=0x3cec14) returned 0 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x0, puLen=0x3cec14) returned 0 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x0, puLen=0x3cec14) returned 0 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x3cec18, puLen=0x3cec14 | out: lplpBuffer=0x3cec18*=0x0, puLen=0x3cec14) returned 0 [0135.243] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x3cec0c, puLen=0x3cec08 | out: lplpBuffer=0x3cec0c*=0x26706bc, puLen=0x3cec08) returned 1 [0135.244] VerLanguageNameW (in: wLang=0x409, szLang=0x3ce99c, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0135.260] VerQueryValueW (in: pBlock=0x26700bc, lpSubBlock="\\", lplpBuffer=0x3cec1c, puLen=0x3cec18 | out: lplpBuffer=0x3cec1c*=0x26700e4, puLen=0x3cec18) returned 1 [0135.262] CoCreateGuid (in: pguid=0x3ce97c | out: pguid=0x3ce97c*(Data1=0x1f3f0686, Data2=0xedbf, Data3=0x4983, Data4=([0]=0xb6, [1]=0xc0, [2]=0x8e, [3]=0xdb, [4]=0xf, [5]=0x55, [6]=0x5b, [7]=0x97))) returned 0x0 [0135.262] CoCreateGuid (in: pguid=0x3ce8c0 | out: pguid=0x3ce8c0*(Data1=0xbc3f9359, Data2=0x801, Data3=0x4422, Data4=([0]=0x8e, [1]=0xb8, [2]=0xad, [3]=0xed, [4]=0x4e, [5]=0x60, [6]=0x9, [7]=0xcb))) returned 0x0 [0135.274] send (s=0x238, buf=0x2647e4b*, len=311, flags=0) returned 311 [0135.274] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 132 [0135.358] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3cea84, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0135.358] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\discord\\Local Storage\\leveldb", lpDst=0x3cea84, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb") returned 0x41 [0135.358] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x3ce6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0135.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebac) returned 1 [0135.358] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x3ce68c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0135.359] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.log", lpFindFileData=0x3ce95c | out: lpFindFileData=0x3ce95c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0135.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce91c) returned 1 [0135.360] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x3ce6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0135.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cebac) returned 1 [0135.360] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x3ce68c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x40 [0135.361] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.ldb", lpFindFileData=0x3ce95c | out: lpFindFileData=0x3ce95c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0135.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce91c) returned 1 [0135.368] CoCreateGuid (in: pguid=0x3ce978 | out: pguid=0x3ce978*(Data1=0x4dd3ebcd, Data2=0x552f, Data3=0x407e, Data4=([0]=0xba, [1]=0xe7, [2]=0x6d, [3]=0xcc, [4]=0xce, [5]=0x4c, [6]=0xa3, [7]=0xa0))) returned 0x0 [0135.368] CoCreateGuid (in: pguid=0x3ce8bc | out: pguid=0x3ce8bc*(Data1=0xe4771d9d, Data2=0x1269, Data3=0x4c05, Data4=([0]=0x8c, [1]=0xad, [2]=0x45, [3]=0x32, [4]=0x7b, [5]=0x1a, [6]=0x38, [7]=0xa7))) returned 0x0 [0135.368] send (s=0x238, buf=0x2647e4b*, len=205, flags=0) returned 205 [0135.369] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 132 [0135.438] GetCurrentProcessId () returned 0xdc4 [0135.440] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x3ce4ec | out: lpLuid=0x3ce4ec*(LowPart=0x14, HighPart=0)) returned 1 [0135.442] GetCurrentProcess () returned 0xffffffff [0135.442] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x3ce4e8 | out: TokenHandle=0x3ce4e8*=0x34c) returned 1 [0135.443] AdjustTokenPrivileges (in: TokenHandle=0x34c, DisableAllPrivileges=0, NewState=0x2677218*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0135.444] CloseHandle (hObject=0x34c) returned 1 [0135.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x34714e0, Length=0x20000, ResultLength=0x3cebd0 | out: SystemInformation=0x34714e0, ResultLength=0x3cebd0*=0xd658) returned 0x0 [0135.534] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebbc | out: puCount=0x3cebbc*=0x2) returned 0x0 [0135.534] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebb8*=0x0, pszText=0x0 | out: puBuffLength=0x3cebb8*=0xf, pszText=0x0) returned 0x0 [0135.534] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebb8*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebb8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0135.534] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb44 | out: ppv=0x3ceb44*=0x56e704) returned 0x0 [0135.534] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb3c | out: pAptType=0x3ceb3c*=1) returned 0x0 [0135.534] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb40 | out: ppvObject=0x3ceb40*=0x0) returned 0x80004002 [0135.534] IUnknown:Release (This=0x56e704) returned 0x1 [0135.535] CoGetClassObject (in: rclsid=0x5e420c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce760 | out: ppv=0x3ce760*=0x60a070) returned 0x0 [0135.535] WbemLocator:IUnknown:QueryInterface (in: This=0x60a070, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce978 | out: ppvObject=0x3ce978*=0x0) returned 0x80004002 [0135.535] WbemLocator:IClassFactory:CreateInstance (in: This=0x60a070, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce984 | out: ppvObject=0x3ce984*=0x60a860) returned 0x0 [0135.535] WbemLocator:IUnknown:Release (This=0x60a070) returned 0x0 [0135.535] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce5a4 | out: ppvObject=0x3ce5a4*=0x60a860) returned 0x0 [0135.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce558 | out: ppvObject=0x3ce558*=0x0) returned 0x80004002 [0135.536] WbemLocator:IUnknown:AddRef (This=0x60a860) returned 0x3 [0135.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdeb4 | out: ppvObject=0x3cdeb4*=0x0) returned 0x80004002 [0135.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cde64 | out: ppvObject=0x3cde64*=0x0) returned 0x80004002 [0135.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cde70 | out: ppvObject=0x3cde70*=0x0) returned 0x80004002 [0135.536] CoGetContextToken (in: pToken=0x3cded0 | out: pToken=0x3cded0) returned 0x0 [0135.536] CoGetContextToken (in: pToken=0x3ce2e4 | out: pToken=0x3ce2e4) returned 0x0 [0135.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce364 | out: ppvObject=0x3ce364*=0x0) returned 0x80004002 [0135.536] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x2 [0135.536] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x1 [0135.536] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0135.536] CoGetContextToken (in: pToken=0x3ce8c4 | out: pToken=0x3ce8c4) returned 0x0 [0135.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60a860, riid=0x3ce994*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce990 | out: ppvObject=0x3ce990*=0x60a860) returned 0x0 [0135.536] WbemLocator:IUnknown:AddRef (This=0x60a860) returned 0x3 [0135.536] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x2 [0135.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb20 | out: puCount=0x3ceb20*=0x2) returned 0x0 [0135.537] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3ceb1c*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb1c*=0xf, pszText=0x0) returned 0x0 [0135.537] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=8, puBuffLength=0x3ceb1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0135.537] CoCreateInstance (in: rclsid=0x6c413734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c413794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x3ce9cc | out: ppv=0x3ce9cc*=0x60a830) returned 0x0 [0135.537] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60a830, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x3cea6c | out: ppNamespace=0x3cea6c*=0x6093a8) returned 0x0 [0135.551] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce8f0 | out: ppvObject=0x3ce8f0*=0x60352c) returned 0x0 [0135.551] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60352c, pProxy=0x6093a8, pAuthnSvc=0x3ce940, pAuthzSvc=0x3ce93c, pServerPrincName=0x3ce934, pAuthnLevel=0x3ce938, pImpLevel=0x3ce928, pAuthInfo=0x3ce92c, pCapabilites=0x3ce930 | out: pAuthnSvc=0x3ce940*=0xa, pAuthzSvc=0x3ce93c*=0x0, pServerPrincName=0x3ce934, pAuthnLevel=0x3ce938*=0x6, pImpLevel=0x3ce928*=0x2, pAuthInfo=0x3ce92c, pCapabilites=0x3ce930*=0x1) returned 0x0 [0135.551] WbemLocator:IUnknown:Release (This=0x60352c) returned 0x1 [0135.551] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce8e4 | out: ppvObject=0x3ce8e4*=0x60354c) returned 0x0 [0135.551] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce8d0 | out: ppvObject=0x3ce8d0*=0x60352c) returned 0x0 [0135.551] WbemLocator:IClientSecurity:SetBlanket (This=0x60352c, pProxy=0x6093a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0135.551] WbemLocator:IUnknown:Release (This=0x60352c) returned 0x2 [0135.551] WbemLocator:IUnknown:Release (This=0x60354c) returned 0x1 [0135.551] CoTaskMemFree (pv=0x60b130) [0135.552] WbemLocator:IUnknown:AddRef (This=0x6093a8) returned 0x2 [0135.552] WbemLocator:IUnknown:Release (This=0x60a830) returned 0x0 [0135.552] CoGetContextToken (in: pToken=0x3cde24 | out: pToken=0x3cde24) returned 0x0 [0135.552] CoGetContextToken (in: pToken=0x3ce234 | out: pToken=0x3ce234) returned 0x0 [0135.552] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1d0 | out: ppvObject=0x3ce1d0*=0x603534) returned 0x0 [0135.552] WbemLocator:IRpcOptions:Query (in: This=0x603534, pPrx=0x60a1a8, dwProperty=2, pdwValue=0x3ce2c4 | out: pdwValue=0x3ce2c4) returned 0x80004002 [0135.552] WbemLocator:IUnknown:Release (This=0x603534) returned 0x2 [0135.552] CoGetContextToken (in: pToken=0x3ce804 | out: pToken=0x3ce804) returned 0x0 [0135.553] CoGetContextToken (in: pToken=0x3ce764 | out: pToken=0x3ce764) returned 0x0 [0135.553] WbemLocator:IUnknown:QueryInterface (in: This=0x6093a8, riid=0x3ce834*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ce700 | out: ppvObject=0x3ce700*=0x6093a8) returned 0x0 [0135.553] WbemLocator:IUnknown:Release (This=0x6093a8) returned 0x2 [0135.553] SysStringLen (param_1=0x0) returned 0x0 [0135.553] CoGetContextToken (in: pToken=0x3ce904 | out: pToken=0x3ce904) returned 0x0 [0135.553] IWbemServices:ExecQuery (in: This=0x6093a8, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Process Where SessionId='1'", lFlags=16, pCtx=0x0, ppEnum=0x3ceb2c | out: ppEnum=0x3ceb2c*=0x584798) returned 0x0 [0135.558] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce964 | out: ppvObject=0x3ce964*=0x58479c) returned 0x0 [0135.558] IClientSecurity:QueryBlanket (in: This=0x58479c, pProxy=0x584798, pAuthnSvc=0x3ce9b4, pAuthzSvc=0x3ce9b0, pServerPrincName=0x3ce9a8, pAuthnLevel=0x3ce9ac, pImpLevel=0x3ce99c, pAuthInfo=0x3ce9a0, pCapabilites=0x3ce9a4 | out: pAuthnSvc=0x3ce9b4*=0xa, pAuthzSvc=0x3ce9b0*=0x0, pServerPrincName=0x3ce9a8, pAuthnLevel=0x3ce9ac*=0x6, pImpLevel=0x3ce99c*=0x2, pAuthInfo=0x3ce9a0, pCapabilites=0x3ce9a4*=0x1) returned 0x0 [0135.558] IUnknown:Release (This=0x58479c) returned 0x1 [0135.559] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce958 | out: ppvObject=0x3ce958*=0x60390c) returned 0x0 [0135.559] IUnknown:QueryInterface (in: This=0x584798, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce944 | out: ppvObject=0x3ce944*=0x58479c) returned 0x0 [0135.559] IClientSecurity:SetBlanket (This=0x58479c, pProxy=0x584798, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0135.560] IUnknown:Release (This=0x58479c) returned 0x2 [0135.560] WbemLocator:IUnknown:Release (This=0x60390c) returned 0x1 [0135.560] CoTaskMemFree (pv=0x60b160) [0135.560] IUnknown:AddRef (This=0x584798) returned 0x2 [0135.561] CoGetContextToken (in: pToken=0x3cde84 | out: pToken=0x3cde84) returned 0x0 [0135.561] CoGetContextToken (in: pToken=0x3ce294 | out: pToken=0x3ce294) returned 0x0 [0135.561] IUnknown:QueryInterface (in: This=0x584798, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce230 | out: ppvObject=0x3ce230*=0x6038f4) returned 0x0 [0135.561] WbemLocator:IRpcOptions:Query (in: This=0x6038f4, pPrx=0x609f08, dwProperty=2, pdwValue=0x3ce324 | out: pdwValue=0x3ce324) returned 0x80004002 [0135.561] WbemLocator:IUnknown:Release (This=0x6038f4) returned 0x2 [0135.561] CoGetContextToken (in: pToken=0x3ce864 | out: pToken=0x3ce864) returned 0x0 [0135.561] CoGetContextToken (in: pToken=0x3ce7c4 | out: pToken=0x3ce7c4) returned 0x0 [0135.561] IUnknown:QueryInterface (in: This=0x584798, riid=0x3ce894*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce760 | out: ppvObject=0x3ce760*=0x584798) returned 0x0 [0135.561] IUnknown:Release (This=0x584798) returned 0x2 [0135.562] SysStringLen (param_1=0x0) returned 0x0 [0135.562] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb78 | out: puCount=0x3ceb78*=0x2) returned 0x0 [0135.562] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb74*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb74*=0xf, pszText=0x0) returned 0x0 [0135.562] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb74*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb74*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0135.562] CoGetContextToken (in: pToken=0x3ce9cc | out: pToken=0x3ce9cc) returned 0x0 [0135.562] IEnumWbemClassObject:Clone (in: This=0x584798, ppEnum=0x3ceb84 | out: ppEnum=0x3ceb84*=0x584860) returned 0x0 [0135.563] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea40 | out: ppvObject=0x3cea40*=0x584864) returned 0x0 [0135.563] IClientSecurity:QueryBlanket (in: This=0x584864, pProxy=0x584860, pAuthnSvc=0x3cea90, pAuthzSvc=0x3cea8c, pServerPrincName=0x3cea84, pAuthnLevel=0x3cea88, pImpLevel=0x3cea78, pAuthInfo=0x3cea7c, pCapabilites=0x3cea80 | out: pAuthnSvc=0x3cea90*=0xa, pAuthzSvc=0x3cea8c*=0x0, pServerPrincName=0x3cea84, pAuthnLevel=0x3cea88*=0x6, pImpLevel=0x3cea78*=0x2, pAuthInfo=0x3cea7c, pCapabilites=0x3cea80*=0x1) returned 0x0 [0135.563] IUnknown:Release (This=0x584864) returned 0x1 [0135.563] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea34 | out: ppvObject=0x3cea34*=0x60363c) returned 0x0 [0135.563] IUnknown:QueryInterface (in: This=0x584860, riid=0x6c4135b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cea20 | out: ppvObject=0x3cea20*=0x584864) returned 0x0 [0135.563] IClientSecurity:SetBlanket (This=0x584864, pProxy=0x584860, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0135.565] IUnknown:Release (This=0x584864) returned 0x2 [0135.565] WbemLocator:IUnknown:Release (This=0x60363c) returned 0x1 [0135.565] CoTaskMemFree (pv=0x60b190) [0135.565] IUnknown:AddRef (This=0x584860) returned 0x2 [0135.565] CoGetContextToken (in: pToken=0x3cdf50 | out: pToken=0x3cdf50) returned 0x0 [0135.565] CoGetContextToken (in: pToken=0x3ce364 | out: pToken=0x3ce364) returned 0x0 [0135.565] IUnknown:QueryInterface (in: This=0x584860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce2fc | out: ppvObject=0x3ce2fc*=0x603624) returned 0x0 [0135.566] WbemLocator:IRpcOptions:Query (in: This=0x603624, pPrx=0x609f20, dwProperty=2, pdwValue=0x3ce3f0 | out: pdwValue=0x3ce3f0) returned 0x80004002 [0135.566] WbemLocator:IUnknown:Release (This=0x603624) returned 0x2 [0135.566] CoGetContextToken (in: pToken=0x3ce934 | out: pToken=0x3ce934) returned 0x0 [0135.566] CoGetContextToken (in: pToken=0x3ce894 | out: pToken=0x3ce894) returned 0x0 [0135.566] IUnknown:QueryInterface (in: This=0x584860, riid=0x3ce964*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ce830 | out: ppvObject=0x3ce830*=0x584860) returned 0x0 [0135.566] IUnknown:Release (This=0x584860) returned 0x2 [0135.566] SysStringLen (param_1=0x0) returned 0x0 [0135.566] IEnumWbemClassObject:Reset (This=0x584860) returned 0x0 [0135.567] CoTaskMemAlloc (cb=0x4) returned 0x60a750 [0135.567] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a750, puReturned=0x25b625c | out: apObjects=0x60a750*=0x5c6840, puReturned=0x25b625c*=0x1) returned 0x0 [0135.981] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5c6840) returned 0x0 [0135.981] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0135.981] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0135.981] IUnknown:AddRef (This=0x5c6840) returned 0x3 [0135.981] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0135.981] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0135.982] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5c6844) returned 0x0 [0135.982] IMarshal:GetUnmarshalClass (in: This=0x5c6844, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0135.982] IUnknown:Release (This=0x5c6844) returned 0x3 [0135.982] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0135.982] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0135.982] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0135.982] IUnknown:Release (This=0x5c6840) returned 0x2 [0135.982] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0135.982] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0135.982] IUnknown:QueryInterface (in: This=0x5c6840, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5c6840) returned 0x0 [0135.982] IUnknown:AddRef (This=0x5c6840) returned 0x4 [0135.982] IUnknown:Release (This=0x5c6840) returned 0x3 [0135.982] IUnknown:Release (This=0x5c6840) returned 0x2 [0135.982] CoTaskMemFree (pv=0x60a750) [0135.982] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0135.982] IUnknown:AddRef (This=0x5c6840) returned 0x3 [0135.982] IWbemClassObject:Get (in: This=0x5c6840, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0135.983] IWbemClassObject:Get (in: This=0x5c6840, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0135.983] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x64 [0135.983] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x64 [0135.983] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0135.983] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0135.983] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0135.983] IUnknown:Release (This=0x56e704) returned 0x1 [0135.985] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x60a750) returned 0x0 [0135.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a750, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0135.985] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a750, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5df820) returned 0x0 [0135.985] WbemDefPath:IUnknown:Release (This=0x60a750) returned 0x0 [0135.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5df820) returned 0x0 [0135.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0135.986] WbemDefPath:IUnknown:AddRef (This=0x5df820) returned 0x3 [0135.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0135.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0135.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x60a740) returned 0x0 [0135.986] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a740, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0135.986] WbemDefPath:IUnknown:Release (This=0x60a740) returned 0x3 [0135.986] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0135.986] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0135.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0135.986] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x2 [0135.986] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x1 [0135.986] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0135.986] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0135.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df820, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5df820) returned 0x0 [0135.986] WbemDefPath:IUnknown:AddRef (This=0x5df820) returned 0x3 [0135.986] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x2 [0135.986] WbemDefPath:IWbemPath:SetText (This=0x5df820, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"380\"") returned 0x0 [0135.986] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0135.986] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0135.987] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0135.987] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0135.987] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0135.987] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0135.987] IWbemClassObject:Get (in: This=0x5c6840, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b6b54*=0, plFlavor=0x25b6b58*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x25b6b54*=8, plFlavor=0x25b6b58*=0) returned 0x0 [0135.987] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0135.987] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0135.987] IWbemClassObject:Get (in: This=0x5c6840, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b6b54*=8, plFlavor=0x25b6b58*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x25b6b54*=8, plFlavor=0x25b6b58*=0) returned 0x0 [0135.987] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0135.987] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0135.988] CoTaskMemAlloc (cb=0x4) returned 0x60a9e0 [0135.988] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60a9e0, puReturned=0x25b625c | out: apObjects=0x60a9e0*=0x609c20, puReturned=0x25b625c*=0x1) returned 0x0 [0136.017] IUnknown:QueryInterface (in: This=0x609c20, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x609c20) returned 0x0 [0136.017] IUnknown:QueryInterface (in: This=0x609c20, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.017] IUnknown:QueryInterface (in: This=0x609c20, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.017] IUnknown:AddRef (This=0x609c20) returned 0x3 [0136.017] IUnknown:QueryInterface (in: This=0x609c20, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.017] IUnknown:QueryInterface (in: This=0x609c20, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.017] IUnknown:QueryInterface (in: This=0x609c20, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x609c24) returned 0x0 [0136.018] IMarshal:GetUnmarshalClass (in: This=0x609c24, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.018] IUnknown:Release (This=0x609c24) returned 0x3 [0136.018] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.018] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.018] IUnknown:QueryInterface (in: This=0x609c20, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.018] IUnknown:Release (This=0x609c20) returned 0x2 [0136.018] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.018] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.018] IUnknown:QueryInterface (in: This=0x609c20, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x609c20) returned 0x0 [0136.018] IUnknown:AddRef (This=0x609c20) returned 0x4 [0136.018] IUnknown:Release (This=0x609c20) returned 0x3 [0136.018] IUnknown:Release (This=0x609c20) returned 0x2 [0136.018] CoTaskMemFree (pv=0x60a9e0) [0136.019] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.019] IUnknown:AddRef (This=0x609c20) returned 0x3 [0136.019] IWbemClassObject:Get (in: This=0x609c20, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.020] IWbemClassObject:Get (in: This=0x609c20, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.020] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x64 [0136.020] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x64 [0136.020] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.020] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.020] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.020] IUnknown:Release (This=0x56e704) returned 0x1 [0136.022] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x60a9e0) returned 0x0 [0136.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x60a9e0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.022] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60a9e0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5df6d0) returned 0x0 [0136.022] WbemDefPath:IUnknown:Release (This=0x60a9e0) returned 0x0 [0136.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5df6d0) returned 0x0 [0136.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.023] WbemDefPath:IUnknown:AddRef (This=0x5df6d0) returned 0x3 [0136.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x60a9f0) returned 0x0 [0136.023] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60a9f0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.023] WbemDefPath:IUnknown:Release (This=0x60a9f0) returned 0x3 [0136.023] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.024] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.024] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x2 [0136.024] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x1 [0136.024] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.024] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df6d0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5df6d0) returned 0x0 [0136.024] WbemDefPath:IUnknown:AddRef (This=0x5df6d0) returned 0x3 [0136.024] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x2 [0136.024] WbemDefPath:IWbemPath:SetText (This=0x5df6d0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"420\"") returned 0x0 [0136.024] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.024] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.024] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.024] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.024] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.024] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.025] IWbemClassObject:Get (in: This=0x609c20, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b73b8*=0, plFlavor=0x25b73bc*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x25b73b8*=8, plFlavor=0x25b73bc*=0) returned 0x0 [0136.025] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0136.025] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0136.025] IWbemClassObject:Get (in: This=0x609c20, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b73b8*=8, plFlavor=0x25b73bc*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x25b73b8*=8, plFlavor=0x25b73bc*=0) returned 0x0 [0136.025] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0136.025] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0136.025] CoTaskMemAlloc (cb=0x4) returned 0x60aa30 [0136.026] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60aa30, puReturned=0x25b625c | out: apObjects=0x60aa30*=0x5326a88, puReturned=0x25b625c*=0x1) returned 0x0 [0136.027] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5326a88) returned 0x0 [0136.027] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.027] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.028] IUnknown:AddRef (This=0x5326a88) returned 0x3 [0136.028] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.028] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.028] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5326a8c) returned 0x0 [0136.028] IMarshal:GetUnmarshalClass (in: This=0x5326a8c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.028] IUnknown:Release (This=0x5326a8c) returned 0x3 [0136.028] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.028] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.028] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.028] IUnknown:Release (This=0x5326a88) returned 0x2 [0136.028] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.028] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.028] IUnknown:QueryInterface (in: This=0x5326a88, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5326a88) returned 0x0 [0136.028] IUnknown:AddRef (This=0x5326a88) returned 0x4 [0136.028] IUnknown:Release (This=0x5326a88) returned 0x3 [0136.028] IUnknown:Release (This=0x5326a88) returned 0x2 [0136.028] CoTaskMemFree (pv=0x60aa30) [0136.029] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.029] IUnknown:AddRef (This=0x5326a88) returned 0x3 [0136.029] IWbemClassObject:Get (in: This=0x5326a88, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.029] IWbemClassObject:Get (in: This=0x5326a88, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.029] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x64 [0136.029] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x64 [0136.030] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.030] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.030] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.030] IUnknown:Release (This=0x56e704) returned 0x1 [0136.032] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x60aa30) returned 0x0 [0136.032] WbemDefPath:IUnknown:QueryInterface (in: This=0x60aa30, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.032] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60aa30, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5df7b0) returned 0x0 [0136.032] WbemDefPath:IUnknown:Release (This=0x60aa30) returned 0x0 [0136.032] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5df7b0) returned 0x0 [0136.032] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.033] WbemDefPath:IUnknown:AddRef (This=0x5df7b0) returned 0x3 [0136.033] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.033] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.033] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x60aa40) returned 0x0 [0136.033] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60aa40, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.033] WbemDefPath:IUnknown:Release (This=0x60aa40) returned 0x3 [0136.033] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.033] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.033] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.033] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x2 [0136.033] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x1 [0136.033] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.034] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.034] WbemDefPath:IUnknown:QueryInterface (in: This=0x5df7b0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5df7b0) returned 0x0 [0136.034] WbemDefPath:IUnknown:AddRef (This=0x5df7b0) returned 0x3 [0136.034] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x2 [0136.034] WbemDefPath:IWbemPath:SetText (This=0x5df7b0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"912\"") returned 0x0 [0136.034] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.034] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.034] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.034] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.034] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.035] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.035] IWbemClassObject:Get (in: This=0x5326a88, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b7c38*=0, plFlavor=0x25b7c3c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x25b7c38*=8, plFlavor=0x25b7c3c*=0) returned 0x0 [0136.035] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0136.035] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0136.035] IWbemClassObject:Get (in: This=0x5326a88, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b7c38*=8, plFlavor=0x25b7c3c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x25b7c38*=8, plFlavor=0x25b7c3c*=0) returned 0x0 [0136.035] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0136.035] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0136.035] CoTaskMemAlloc (cb=0x4) returned 0x60aa80 [0136.035] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60aa80, puReturned=0x25b625c | out: apObjects=0x60aa80*=0x5331510, puReturned=0x25b625c*=0x1) returned 0x0 [0136.036] IUnknown:QueryInterface (in: This=0x5331510, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5331510) returned 0x0 [0136.036] IUnknown:QueryInterface (in: This=0x5331510, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.037] IUnknown:QueryInterface (in: This=0x5331510, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.037] IUnknown:AddRef (This=0x5331510) returned 0x3 [0136.037] IUnknown:QueryInterface (in: This=0x5331510, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.037] IUnknown:QueryInterface (in: This=0x5331510, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.037] IUnknown:QueryInterface (in: This=0x5331510, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5331514) returned 0x0 [0136.037] IMarshal:GetUnmarshalClass (in: This=0x5331514, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.037] IUnknown:Release (This=0x5331514) returned 0x3 [0136.037] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.037] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.037] IUnknown:QueryInterface (in: This=0x5331510, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.037] IUnknown:Release (This=0x5331510) returned 0x2 [0136.037] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.038] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.038] IUnknown:QueryInterface (in: This=0x5331510, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5331510) returned 0x0 [0136.038] IUnknown:AddRef (This=0x5331510) returned 0x4 [0136.038] IUnknown:Release (This=0x5331510) returned 0x3 [0136.038] IUnknown:Release (This=0x5331510) returned 0x2 [0136.038] CoTaskMemFree (pv=0x60aa80) [0136.038] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.038] IUnknown:AddRef (This=0x5331510) returned 0x3 [0136.038] IWbemClassObject:Get (in: This=0x5331510, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.039] IWbemClassObject:Get (in: This=0x5331510, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.039] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x66 [0136.039] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x66 [0136.039] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.039] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.039] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.039] IUnknown:Release (This=0x56e704) returned 0x1 [0136.041] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x60aa80) returned 0x0 [0136.041] WbemDefPath:IUnknown:QueryInterface (in: This=0x60aa80, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.041] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60aa80, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5dfb30) returned 0x0 [0136.041] WbemDefPath:IUnknown:Release (This=0x60aa80) returned 0x0 [0136.041] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfb30, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5dfb30) returned 0x0 [0136.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfb30, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.042] WbemDefPath:IUnknown:AddRef (This=0x5dfb30) returned 0x3 [0136.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfb30, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfb30, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfb30, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x60aa90) returned 0x0 [0136.042] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x60aa90, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.042] WbemDefPath:IUnknown:Release (This=0x60aa90) returned 0x3 [0136.042] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.042] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfb30, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.043] WbemDefPath:IUnknown:Release (This=0x5dfb30) returned 0x2 [0136.043] WbemDefPath:IUnknown:Release (This=0x5dfb30) returned 0x1 [0136.043] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.043] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfb30, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5dfb30) returned 0x0 [0136.043] WbemDefPath:IUnknown:AddRef (This=0x5dfb30) returned 0x3 [0136.043] WbemDefPath:IUnknown:Release (This=0x5dfb30) returned 0x2 [0136.043] WbemDefPath:IWbemPath:SetText (This=0x5dfb30, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1052\"") returned 0x0 [0136.043] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.043] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.043] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.043] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.043] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.043] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.043] IWbemClassObject:Get (in: This=0x5331510, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b84ac*=0, plFlavor=0x25b84b0*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x25b84ac*=8, plFlavor=0x25b84b0*=0) returned 0x0 [0136.043] SysStringByteLen (bstr="dwm.exe") returned 0xe [0136.043] SysStringByteLen (bstr="dwm.exe") returned 0xe [0136.044] IWbemClassObject:Get (in: This=0x5331510, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b84ac*=8, plFlavor=0x25b84b0*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x25b84ac*=8, plFlavor=0x25b84b0*=0) returned 0x0 [0136.044] SysStringByteLen (bstr="dwm.exe") returned 0xe [0136.044] SysStringByteLen (bstr="dwm.exe") returned 0xe [0136.044] CoTaskMemAlloc (cb=0x4) returned 0x60aac0 [0136.044] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x60aac0, puReturned=0x25b625c | out: apObjects=0x60aac0*=0x5329758, puReturned=0x25b625c*=0x1) returned 0x0 [0136.045] IUnknown:QueryInterface (in: This=0x5329758, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5329758) returned 0x0 [0136.045] IUnknown:QueryInterface (in: This=0x5329758, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.045] IUnknown:QueryInterface (in: This=0x5329758, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.046] IUnknown:AddRef (This=0x5329758) returned 0x3 [0136.046] IUnknown:QueryInterface (in: This=0x5329758, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.046] IUnknown:QueryInterface (in: This=0x5329758, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.046] IUnknown:QueryInterface (in: This=0x5329758, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532975c) returned 0x0 [0136.046] IMarshal:GetUnmarshalClass (in: This=0x532975c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.046] IUnknown:Release (This=0x532975c) returned 0x3 [0136.046] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.046] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.046] IUnknown:QueryInterface (in: This=0x5329758, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.046] IUnknown:Release (This=0x5329758) returned 0x2 [0136.046] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.046] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.046] IUnknown:QueryInterface (in: This=0x5329758, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5329758) returned 0x0 [0136.047] IUnknown:AddRef (This=0x5329758) returned 0x4 [0136.047] IUnknown:Release (This=0x5329758) returned 0x3 [0136.047] IUnknown:Release (This=0x5329758) returned 0x2 [0136.047] CoTaskMemFree (pv=0x60aac0) [0136.047] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.047] IUnknown:AddRef (This=0x5329758) returned 0x3 [0136.047] IWbemClassObject:Get (in: This=0x5329758, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.047] IWbemClassObject:Get (in: This=0x5329758, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.047] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x66 [0136.048] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x66 [0136.048] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.048] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.048] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.048] IUnknown:Release (This=0x56e704) returned 0x1 [0136.049] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x60aac0) returned 0x0 [0136.049] WbemDefPath:IUnknown:QueryInterface (in: This=0x60aac0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.049] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60aac0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5dfc10) returned 0x0 [0136.050] WbemDefPath:IUnknown:Release (This=0x60aac0) returned 0x0 [0136.050] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfc10, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5dfc10) returned 0x0 [0136.050] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfc10, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.050] WbemDefPath:IUnknown:AddRef (This=0x5dfc10) returned 0x3 [0136.050] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfc10, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.050] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfc10, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.050] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfc10, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5ea468) returned 0x0 [0136.050] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea468, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.050] WbemDefPath:IUnknown:Release (This=0x5ea468) returned 0x3 [0136.050] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.050] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.050] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfc10, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.050] WbemDefPath:IUnknown:Release (This=0x5dfc10) returned 0x2 [0136.050] WbemDefPath:IUnknown:Release (This=0x5dfc10) returned 0x1 [0136.050] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.051] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfc10, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5dfc10) returned 0x0 [0136.051] WbemDefPath:IUnknown:AddRef (This=0x5dfc10) returned 0x3 [0136.051] WbemDefPath:IUnknown:Release (This=0x5dfc10) returned 0x2 [0136.051] WbemDefPath:IWbemPath:SetText (This=0x5dfc10, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1288\"") returned 0x0 [0136.051] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.051] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.051] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.051] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.051] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.051] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.051] IWbemClassObject:Get (in: This=0x5329758, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b8d08*=0, plFlavor=0x25b8d0c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhost.exe", varVal2=0x0), pType=0x25b8d08*=8, plFlavor=0x25b8d0c*=0) returned 0x0 [0136.051] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0136.051] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0136.051] IWbemClassObject:Get (in: This=0x5329758, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b8d08*=8, plFlavor=0x25b8d0c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhost.exe", varVal2=0x0), pType=0x25b8d08*=8, plFlavor=0x25b8d0c*=0) returned 0x0 [0136.051] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0136.051] SysStringByteLen (bstr="taskhost.exe") returned 0x18 [0136.051] CoTaskMemAlloc (cb=0x4) returned 0x5ea458 [0136.052] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5ea458, puReturned=0x25b625c | out: apObjects=0x5ea458*=0x5329bc0, puReturned=0x25b625c*=0x1) returned 0x0 [0136.092] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5329bc0) returned 0x0 [0136.092] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.092] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.092] IUnknown:AddRef (This=0x5329bc0) returned 0x3 [0136.092] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.092] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.092] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5329bc4) returned 0x0 [0136.092] IMarshal:GetUnmarshalClass (in: This=0x5329bc4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.092] IUnknown:Release (This=0x5329bc4) returned 0x3 [0136.093] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.093] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.093] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.093] IUnknown:Release (This=0x5329bc0) returned 0x2 [0136.093] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.093] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.093] IUnknown:QueryInterface (in: This=0x5329bc0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5329bc0) returned 0x0 [0136.093] IUnknown:AddRef (This=0x5329bc0) returned 0x4 [0136.093] IUnknown:Release (This=0x5329bc0) returned 0x3 [0136.093] IUnknown:Release (This=0x5329bc0) returned 0x2 [0136.093] CoTaskMemFree (pv=0x5ea458) [0136.093] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.093] IUnknown:AddRef (This=0x5329bc0) returned 0x3 [0136.093] IWbemClassObject:Get (in: This=0x5329bc0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.094] IWbemClassObject:Get (in: This=0x5329bc0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2012\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.094] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2012\"") returned 0x66 [0136.094] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2012\"") returned 0x66 [0136.094] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.094] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.094] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.094] IUnknown:Release (This=0x56e704) returned 0x1 [0136.096] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5ea458) returned 0x0 [0136.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea458, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.096] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea458, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5dfcf0) returned 0x0 [0136.096] WbemDefPath:IUnknown:Release (This=0x5ea458) returned 0x0 [0136.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfcf0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5dfcf0) returned 0x0 [0136.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfcf0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.097] WbemDefPath:IUnknown:AddRef (This=0x5dfcf0) returned 0x3 [0136.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfcf0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfcf0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfcf0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5ea268) returned 0x0 [0136.097] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea268, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.097] WbemDefPath:IUnknown:Release (This=0x5ea268) returned 0x3 [0136.097] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.097] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfcf0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.098] WbemDefPath:IUnknown:Release (This=0x5dfcf0) returned 0x2 [0136.098] WbemDefPath:IUnknown:Release (This=0x5dfcf0) returned 0x1 [0136.098] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.098] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfcf0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5dfcf0) returned 0x0 [0136.098] WbemDefPath:IUnknown:AddRef (This=0x5dfcf0) returned 0x3 [0136.098] WbemDefPath:IUnknown:Release (This=0x5dfcf0) returned 0x2 [0136.098] WbemDefPath:IWbemPath:SetText (This=0x5dfcf0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2012\"") returned 0x0 [0136.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.098] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.098] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.098] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.098] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.098] IWbemClassObject:Get (in: This=0x5329bc0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b957c*=0, plFlavor=0x25b9580*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x25b957c*=8, plFlavor=0x25b9580*=0) returned 0x0 [0136.098] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.099] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.099] IWbemClassObject:Get (in: This=0x5329bc0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b957c*=8, plFlavor=0x25b9580*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x25b957c*=8, plFlavor=0x25b9580*=0) returned 0x0 [0136.099] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.099] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.099] CoTaskMemAlloc (cb=0x4) returned 0x5ea418 [0136.099] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5ea418, puReturned=0x25b625c | out: apObjects=0x5ea418*=0x532a028, puReturned=0x25b625c*=0x1) returned 0x0 [0136.140] IUnknown:QueryInterface (in: This=0x532a028, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x532a028) returned 0x0 [0136.141] IUnknown:QueryInterface (in: This=0x532a028, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.141] IUnknown:QueryInterface (in: This=0x532a028, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.141] IUnknown:AddRef (This=0x532a028) returned 0x3 [0136.141] IUnknown:QueryInterface (in: This=0x532a028, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.141] IUnknown:QueryInterface (in: This=0x532a028, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.141] IUnknown:QueryInterface (in: This=0x532a028, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532a02c) returned 0x0 [0136.141] IMarshal:GetUnmarshalClass (in: This=0x532a02c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.141] IUnknown:Release (This=0x532a02c) returned 0x3 [0136.141] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.142] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.142] IUnknown:QueryInterface (in: This=0x532a028, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.142] IUnknown:Release (This=0x532a028) returned 0x2 [0136.142] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.142] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.142] IUnknown:QueryInterface (in: This=0x532a028, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x532a028) returned 0x0 [0136.142] IUnknown:AddRef (This=0x532a028) returned 0x4 [0136.142] IUnknown:Release (This=0x532a028) returned 0x3 [0136.142] IUnknown:Release (This=0x532a028) returned 0x2 [0136.142] CoTaskMemFree (pv=0x5ea418) [0136.142] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.142] IUnknown:AddRef (This=0x532a028) returned 0x3 [0136.142] IWbemClassObject:Get (in: This=0x532a028, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.143] IWbemClassObject:Get (in: This=0x532a028, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1852\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.143] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1852\"") returned 0x66 [0136.143] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1852\"") returned 0x66 [0136.143] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.143] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.143] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.143] IUnknown:Release (This=0x56e704) returned 0x1 [0136.145] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5ea418) returned 0x0 [0136.145] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea418, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.146] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea418, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5dfdd0) returned 0x0 [0136.146] WbemDefPath:IUnknown:Release (This=0x5ea418) returned 0x0 [0136.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfdd0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5dfdd0) returned 0x0 [0136.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfdd0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.146] WbemDefPath:IUnknown:AddRef (This=0x5dfdd0) returned 0x3 [0136.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfdd0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfdd0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfdd0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5ea4a8) returned 0x0 [0136.146] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea4a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.146] WbemDefPath:IUnknown:Release (This=0x5ea4a8) returned 0x3 [0136.147] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.147] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfdd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.147] WbemDefPath:IUnknown:Release (This=0x5dfdd0) returned 0x2 [0136.147] WbemDefPath:IUnknown:Release (This=0x5dfdd0) returned 0x1 [0136.147] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.147] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfdd0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5dfdd0) returned 0x0 [0136.147] WbemDefPath:IUnknown:AddRef (This=0x5dfdd0) returned 0x3 [0136.147] WbemDefPath:IUnknown:Release (This=0x5dfdd0) returned 0x2 [0136.147] WbemDefPath:IWbemPath:SetText (This=0x5dfdd0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1852\"") returned 0x0 [0136.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.147] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.147] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.147] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.147] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.147] IWbemClassObject:Get (in: This=0x532a028, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b9dfc*=0, plFlavor=0x25b9e00*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x25b9dfc*=8, plFlavor=0x25b9e00*=0) returned 0x0 [0136.148] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.148] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.148] IWbemClassObject:Get (in: This=0x532a028, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25b9dfc*=8, plFlavor=0x25b9e00*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x25b9dfc*=8, plFlavor=0x25b9e00*=0) returned 0x0 [0136.148] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.148] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0136.148] CoTaskMemAlloc (cb=0x4) returned 0x5ea438 [0136.148] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5ea438, puReturned=0x25b625c | out: apObjects=0x5ea438*=0x532a490, puReturned=0x25b625c*=0x1) returned 0x0 [0136.440] IUnknown:QueryInterface (in: This=0x532a490, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x532a490) returned 0x0 [0136.440] IUnknown:QueryInterface (in: This=0x532a490, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.440] IUnknown:QueryInterface (in: This=0x532a490, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.441] IUnknown:AddRef (This=0x532a490) returned 0x3 [0136.441] IUnknown:QueryInterface (in: This=0x532a490, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.441] IUnknown:QueryInterface (in: This=0x532a490, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.441] IUnknown:QueryInterface (in: This=0x532a490, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532a494) returned 0x0 [0136.441] IMarshal:GetUnmarshalClass (in: This=0x532a494, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.441] IUnknown:Release (This=0x532a494) returned 0x3 [0136.441] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.441] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.441] IUnknown:QueryInterface (in: This=0x532a490, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.441] IUnknown:Release (This=0x532a490) returned 0x2 [0136.441] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.441] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.441] IUnknown:QueryInterface (in: This=0x532a490, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x532a490) returned 0x0 [0136.441] IUnknown:AddRef (This=0x532a490) returned 0x4 [0136.441] IUnknown:Release (This=0x532a490) returned 0x3 [0136.441] IUnknown:Release (This=0x532a490) returned 0x2 [0136.441] CoTaskMemFree (pv=0x5ea438) [0136.441] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.441] IUnknown:AddRef (This=0x532a490) returned 0x3 [0136.441] IWbemClassObject:Get (in: This=0x532a490, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.442] IWbemClassObject:Get (in: This=0x532a490, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.442] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x66 [0136.442] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x66 [0136.442] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.442] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.442] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.442] IUnknown:Release (This=0x56e704) returned 0x1 [0136.443] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5ea438) returned 0x0 [0136.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea438, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.444] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea438, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5dfeb0) returned 0x0 [0136.444] WbemDefPath:IUnknown:Release (This=0x5ea438) returned 0x0 [0136.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfeb0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5dfeb0) returned 0x0 [0136.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfeb0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.444] WbemDefPath:IUnknown:AddRef (This=0x5dfeb0) returned 0x3 [0136.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfeb0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfeb0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfeb0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5ea508) returned 0x0 [0136.444] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea508, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.444] WbemDefPath:IUnknown:Release (This=0x5ea508) returned 0x3 [0136.444] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.444] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfeb0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.445] WbemDefPath:IUnknown:Release (This=0x5dfeb0) returned 0x2 [0136.445] WbemDefPath:IUnknown:Release (This=0x5dfeb0) returned 0x1 [0136.445] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.445] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dfeb0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5dfeb0) returned 0x0 [0136.445] WbemDefPath:IUnknown:AddRef (This=0x5dfeb0) returned 0x3 [0136.445] WbemDefPath:IUnknown:Release (This=0x5dfeb0) returned 0x2 [0136.445] WbemDefPath:IWbemPath:SetText (This=0x5dfeb0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x0 [0136.445] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.445] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.445] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.445] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.445] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.445] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.445] IWbemClassObject:Get (in: This=0x532a490, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ba670*=0, plFlavor=0x25ba674*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="draw movement expert.exe", varVal2=0x0), pType=0x25ba670*=8, plFlavor=0x25ba674*=0) returned 0x0 [0136.445] SysStringByteLen (bstr="draw movement expert.exe") returned 0x30 [0136.445] SysStringByteLen (bstr="draw movement expert.exe") returned 0x30 [0136.445] IWbemClassObject:Get (in: This=0x532a490, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ba670*=8, plFlavor=0x25ba674*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="draw movement expert.exe", varVal2=0x0), pType=0x25ba670*=8, plFlavor=0x25ba674*=0) returned 0x0 [0136.445] SysStringByteLen (bstr="draw movement expert.exe") returned 0x30 [0136.445] SysStringByteLen (bstr="draw movement expert.exe") returned 0x30 [0136.445] CoTaskMemAlloc (cb=0x4) returned 0x5ea4f8 [0136.446] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5ea4f8, puReturned=0x25b625c | out: apObjects=0x5ea4f8*=0x532a928, puReturned=0x25b625c*=0x1) returned 0x0 [0136.447] IUnknown:QueryInterface (in: This=0x532a928, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x532a928) returned 0x0 [0136.447] IUnknown:QueryInterface (in: This=0x532a928, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.447] IUnknown:QueryInterface (in: This=0x532a928, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.447] IUnknown:AddRef (This=0x532a928) returned 0x3 [0136.447] IUnknown:QueryInterface (in: This=0x532a928, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.447] IUnknown:QueryInterface (in: This=0x532a928, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.447] IUnknown:QueryInterface (in: This=0x532a928, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532a92c) returned 0x0 [0136.447] IMarshal:GetUnmarshalClass (in: This=0x532a92c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.447] IUnknown:Release (This=0x532a92c) returned 0x3 [0136.447] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.448] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.448] IUnknown:QueryInterface (in: This=0x532a928, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.448] IUnknown:Release (This=0x532a928) returned 0x2 [0136.448] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.448] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.448] IUnknown:QueryInterface (in: This=0x532a928, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x532a928) returned 0x0 [0136.448] IUnknown:AddRef (This=0x532a928) returned 0x4 [0136.448] IUnknown:Release (This=0x532a928) returned 0x3 [0136.448] IUnknown:Release (This=0x532a928) returned 0x2 [0136.448] CoTaskMemFree (pv=0x5ea4f8) [0136.448] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.448] IUnknown:AddRef (This=0x532a928) returned 0x3 [0136.448] IWbemClassObject:Get (in: This=0x532a928, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.448] IWbemClassObject:Get (in: This=0x532a928, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.449] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x66 [0136.449] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x66 [0136.449] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.449] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.449] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.449] IUnknown:Release (This=0x56e704) returned 0x1 [0136.450] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5ea4f8) returned 0x0 [0136.450] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea4f8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.450] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea4f8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5dff90) returned 0x0 [0136.450] WbemDefPath:IUnknown:Release (This=0x5ea4f8) returned 0x0 [0136.450] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dff90, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5dff90) returned 0x0 [0136.450] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dff90, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.451] WbemDefPath:IUnknown:AddRef (This=0x5dff90) returned 0x3 [0136.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dff90, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dff90, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dff90, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5ea3a8) returned 0x0 [0136.451] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea3a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.451] WbemDefPath:IUnknown:Release (This=0x5ea3a8) returned 0x3 [0136.451] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.451] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dff90, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.451] WbemDefPath:IUnknown:Release (This=0x5dff90) returned 0x2 [0136.451] WbemDefPath:IUnknown:Release (This=0x5dff90) returned 0x1 [0136.451] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.451] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x5dff90, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5dff90) returned 0x0 [0136.451] WbemDefPath:IUnknown:AddRef (This=0x5dff90) returned 0x3 [0136.451] WbemDefPath:IUnknown:Release (This=0x5dff90) returned 0x2 [0136.451] WbemDefPath:IWbemPath:SetText (This=0x5dff90, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x0 [0136.451] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.451] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.451] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.452] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.452] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.452] IWbemClassObject:Get (in: This=0x532a928, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25baf14*=0, plFlavor=0x25baf18*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="some.exe", varVal2=0x0), pType=0x25baf14*=8, plFlavor=0x25baf18*=0) returned 0x0 [0136.452] SysStringByteLen (bstr="some.exe") returned 0x10 [0136.452] SysStringByteLen (bstr="some.exe") returned 0x10 [0136.452] IWbemClassObject:Get (in: This=0x532a928, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25baf14*=8, plFlavor=0x25baf18*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="some.exe", varVal2=0x0), pType=0x25baf14*=8, plFlavor=0x25baf18*=0) returned 0x0 [0136.452] SysStringByteLen (bstr="some.exe") returned 0x10 [0136.452] SysStringByteLen (bstr="some.exe") returned 0x10 [0136.452] CoTaskMemAlloc (cb=0x4) returned 0x5ea3b8 [0136.452] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5ea3b8, puReturned=0x25b625c | out: apObjects=0x5ea3b8*=0x532ad90, puReturned=0x25b625c*=0x1) returned 0x0 [0136.453] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x532ad90) returned 0x0 [0136.453] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.453] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.453] IUnknown:AddRef (This=0x532ad90) returned 0x3 [0136.453] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.453] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.453] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532ad94) returned 0x0 [0136.453] IMarshal:GetUnmarshalClass (in: This=0x532ad94, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.454] IUnknown:Release (This=0x532ad94) returned 0x3 [0136.454] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.454] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.454] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.454] IUnknown:Release (This=0x532ad90) returned 0x2 [0136.454] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.454] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.454] IUnknown:QueryInterface (in: This=0x532ad90, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x532ad90) returned 0x0 [0136.454] IUnknown:AddRef (This=0x532ad90) returned 0x4 [0136.454] IUnknown:Release (This=0x532ad90) returned 0x3 [0136.454] IUnknown:Release (This=0x532ad90) returned 0x2 [0136.454] CoTaskMemFree (pv=0x5ea3b8) [0136.454] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.454] IUnknown:AddRef (This=0x532ad90) returned 0x3 [0136.454] IWbemClassObject:Get (in: This=0x532ad90, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.455] IWbemClassObject:Get (in: This=0x532ad90, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2304\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.455] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2304\"") returned 0x66 [0136.455] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2304\"") returned 0x66 [0136.455] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.455] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.455] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.455] IUnknown:Release (This=0x56e704) returned 0x1 [0136.456] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5ea3b8) returned 0x0 [0136.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5ea3b8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.456] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5ea3b8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5e0070) returned 0x0 [0136.456] WbemDefPath:IUnknown:Release (This=0x5ea3b8) returned 0x0 [0136.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0070, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5e0070) returned 0x0 [0136.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0070, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.457] WbemDefPath:IUnknown:AddRef (This=0x5e0070) returned 0x3 [0136.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0070, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0070, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0070, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5ea408) returned 0x0 [0136.457] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ea408, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.457] WbemDefPath:IUnknown:Release (This=0x5ea408) returned 0x3 [0136.457] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.457] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0070, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.457] WbemDefPath:IUnknown:Release (This=0x5e0070) returned 0x2 [0136.457] WbemDefPath:IUnknown:Release (This=0x5e0070) returned 0x1 [0136.457] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.457] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0070, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5e0070) returned 0x0 [0136.457] WbemDefPath:IUnknown:AddRef (This=0x5e0070) returned 0x3 [0136.457] WbemDefPath:IUnknown:Release (This=0x5e0070) returned 0x2 [0136.457] WbemDefPath:IWbemPath:SetText (This=0x5e0070, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2304\"") returned 0x0 [0136.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.457] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.457] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.458] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.458] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.458] IWbemClassObject:Get (in: This=0x532ad90, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bb778*=0, plFlavor=0x25bb77c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="final_already_short.exe", varVal2=0x0), pType=0x25bb778*=8, plFlavor=0x25bb77c*=0) returned 0x0 [0136.458] SysStringByteLen (bstr="final_already_short.exe") returned 0x2e [0136.458] SysStringByteLen (bstr="final_already_short.exe") returned 0x2e [0136.458] IWbemClassObject:Get (in: This=0x532ad90, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bb778*=8, plFlavor=0x25bb77c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="final_already_short.exe", varVal2=0x0), pType=0x25bb778*=8, plFlavor=0x25bb77c*=0) returned 0x0 [0136.458] SysStringByteLen (bstr="final_already_short.exe") returned 0x2e [0136.458] SysStringByteLen (bstr="final_already_short.exe") returned 0x2e [0136.458] CoTaskMemAlloc (cb=0x4) returned 0x532ba48 [0136.458] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532ba48, puReturned=0x25b625c | out: apObjects=0x532ba48*=0x532be20, puReturned=0x25b625c*=0x1) returned 0x0 [0136.459] IUnknown:QueryInterface (in: This=0x532be20, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x532be20) returned 0x0 [0136.459] IUnknown:QueryInterface (in: This=0x532be20, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.459] IUnknown:QueryInterface (in: This=0x532be20, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.459] IUnknown:AddRef (This=0x532be20) returned 0x3 [0136.459] IUnknown:QueryInterface (in: This=0x532be20, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.459] IUnknown:QueryInterface (in: This=0x532be20, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.459] IUnknown:QueryInterface (in: This=0x532be20, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532be24) returned 0x0 [0136.459] IMarshal:GetUnmarshalClass (in: This=0x532be24, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.460] IUnknown:Release (This=0x532be24) returned 0x3 [0136.460] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.460] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.460] IUnknown:QueryInterface (in: This=0x532be20, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.460] IUnknown:Release (This=0x532be20) returned 0x2 [0136.460] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.460] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.460] IUnknown:QueryInterface (in: This=0x532be20, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x532be20) returned 0x0 [0136.460] IUnknown:AddRef (This=0x532be20) returned 0x4 [0136.460] IUnknown:Release (This=0x532be20) returned 0x3 [0136.460] IUnknown:Release (This=0x532be20) returned 0x2 [0136.460] CoTaskMemFree (pv=0x532ba48) [0136.460] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.460] IUnknown:AddRef (This=0x532be20) returned 0x3 [0136.460] IWbemClassObject:Get (in: This=0x532be20, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.461] IWbemClassObject:Get (in: This=0x532be20, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2312\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.461] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2312\"") returned 0x66 [0136.461] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2312\"") returned 0x66 [0136.461] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.461] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.461] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.461] IUnknown:Release (This=0x56e704) returned 0x1 [0136.462] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532ba48) returned 0x0 [0136.462] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ba48, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.462] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532ba48, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5e0150) returned 0x0 [0136.463] WbemDefPath:IUnknown:Release (This=0x532ba48) returned 0x0 [0136.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0150, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5e0150) returned 0x0 [0136.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0150, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.463] WbemDefPath:IUnknown:AddRef (This=0x5e0150) returned 0x3 [0136.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0150, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0150, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0150, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532ba58) returned 0x0 [0136.463] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532ba58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.463] WbemDefPath:IUnknown:Release (This=0x532ba58) returned 0x3 [0136.463] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.463] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0150, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.463] WbemDefPath:IUnknown:Release (This=0x5e0150) returned 0x2 [0136.463] WbemDefPath:IUnknown:Release (This=0x5e0150) returned 0x1 [0136.463] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.463] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5e0150, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5e0150) returned 0x0 [0136.464] WbemDefPath:IUnknown:AddRef (This=0x5e0150) returned 0x3 [0136.464] WbemDefPath:IUnknown:Release (This=0x5e0150) returned 0x2 [0136.464] WbemDefPath:IWbemPath:SetText (This=0x5e0150, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2312\"") returned 0x0 [0136.464] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.464] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.464] IWbemClassObject:Get (in: This=0x532be20, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bc020*=0, plFlavor=0x25bc024*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="entirepoor.exe", varVal2=0x0), pType=0x25bc020*=8, plFlavor=0x25bc024*=0) returned 0x0 [0136.464] SysStringByteLen (bstr="entirepoor.exe") returned 0x1c [0136.464] SysStringByteLen (bstr="entirepoor.exe") returned 0x1c [0136.464] IWbemClassObject:Get (in: This=0x532be20, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bc020*=8, plFlavor=0x25bc024*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="entirepoor.exe", varVal2=0x0), pType=0x25bc020*=8, plFlavor=0x25bc024*=0) returned 0x0 [0136.464] SysStringByteLen (bstr="entirepoor.exe") returned 0x1c [0136.464] SysStringByteLen (bstr="entirepoor.exe") returned 0x1c [0136.464] CoTaskMemAlloc (cb=0x4) returned 0x532ba88 [0136.464] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532ba88, puReturned=0x25b625c | out: apObjects=0x532ba88*=0x532c298, puReturned=0x25b625c*=0x1) returned 0x0 [0136.465] IUnknown:QueryInterface (in: This=0x532c298, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x532c298) returned 0x0 [0136.465] IUnknown:QueryInterface (in: This=0x532c298, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.465] IUnknown:QueryInterface (in: This=0x532c298, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.466] IUnknown:AddRef (This=0x532c298) returned 0x3 [0136.466] IUnknown:QueryInterface (in: This=0x532c298, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.466] IUnknown:QueryInterface (in: This=0x532c298, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.466] IUnknown:QueryInterface (in: This=0x532c298, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532c29c) returned 0x0 [0136.466] IMarshal:GetUnmarshalClass (in: This=0x532c29c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.466] IUnknown:Release (This=0x532c29c) returned 0x3 [0136.466] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.466] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.466] IUnknown:QueryInterface (in: This=0x532c298, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.466] IUnknown:Release (This=0x532c298) returned 0x2 [0136.466] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.466] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.466] IUnknown:QueryInterface (in: This=0x532c298, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x532c298) returned 0x0 [0136.466] IUnknown:AddRef (This=0x532c298) returned 0x4 [0136.466] IUnknown:Release (This=0x532c298) returned 0x3 [0136.466] IUnknown:Release (This=0x532c298) returned 0x2 [0136.466] CoTaskMemFree (pv=0x532ba88) [0136.467] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.467] IUnknown:AddRef (This=0x532c298) returned 0x3 [0136.467] IWbemClassObject:Get (in: This=0x532c298, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.467] IWbemClassObject:Get (in: This=0x532c298, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2320\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.467] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2320\"") returned 0x66 [0136.467] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2320\"") returned 0x66 [0136.467] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.467] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.467] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.467] IUnknown:Release (This=0x56e704) returned 0x1 [0136.468] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532ba88) returned 0x0 [0136.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ba88, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.469] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532ba88, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532c738) returned 0x0 [0136.469] WbemDefPath:IUnknown:Release (This=0x532ba88) returned 0x0 [0136.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c738, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532c738) returned 0x0 [0136.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c738, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.469] WbemDefPath:IUnknown:AddRef (This=0x532c738) returned 0x3 [0136.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c738, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c738, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c738, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532ba98) returned 0x0 [0136.469] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532ba98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.469] WbemDefPath:IUnknown:Release (This=0x532ba98) returned 0x3 [0136.469] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.469] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c738, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.470] WbemDefPath:IUnknown:Release (This=0x532c738) returned 0x2 [0136.470] WbemDefPath:IUnknown:Release (This=0x532c738) returned 0x1 [0136.470] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.470] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c738, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532c738) returned 0x0 [0136.470] WbemDefPath:IUnknown:AddRef (This=0x532c738) returned 0x3 [0136.470] WbemDefPath:IUnknown:Release (This=0x532c738) returned 0x2 [0136.470] WbemDefPath:IWbemPath:SetText (This=0x532c738, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2320\"") returned 0x0 [0136.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.470] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.471] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.471] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.471] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.471] IWbemClassObject:Get (in: This=0x532c298, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bc89c*=0, plFlavor=0x25bc8a0*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="economy-main-look.exe", varVal2=0x0), pType=0x25bc89c*=8, plFlavor=0x25bc8a0*=0) returned 0x0 [0136.471] SysStringByteLen (bstr="economy-main-look.exe") returned 0x2a [0136.471] SysStringByteLen (bstr="economy-main-look.exe") returned 0x2a [0136.472] IWbemClassObject:Get (in: This=0x532c298, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bc89c*=8, plFlavor=0x25bc8a0*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="economy-main-look.exe", varVal2=0x0), pType=0x25bc89c*=8, plFlavor=0x25bc8a0*=0) returned 0x0 [0136.472] SysStringByteLen (bstr="economy-main-look.exe") returned 0x2a [0136.472] SysStringByteLen (bstr="economy-main-look.exe") returned 0x2a [0136.472] CoTaskMemAlloc (cb=0x4) returned 0x532bac8 [0136.472] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bac8, puReturned=0x25b625c | out: apObjects=0x532bac8*=0x5324048, puReturned=0x25b625c*=0x1) returned 0x0 [0136.473] IUnknown:QueryInterface (in: This=0x5324048, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5324048) returned 0x0 [0136.473] IUnknown:QueryInterface (in: This=0x5324048, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.473] IUnknown:QueryInterface (in: This=0x5324048, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.473] IUnknown:AddRef (This=0x5324048) returned 0x3 [0136.473] IUnknown:QueryInterface (in: This=0x5324048, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.473] IUnknown:QueryInterface (in: This=0x5324048, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.473] IUnknown:QueryInterface (in: This=0x5324048, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532404c) returned 0x0 [0136.473] IMarshal:GetUnmarshalClass (in: This=0x532404c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.473] IUnknown:Release (This=0x532404c) returned 0x3 [0136.473] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.473] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.473] IUnknown:QueryInterface (in: This=0x5324048, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.473] IUnknown:Release (This=0x5324048) returned 0x2 [0136.473] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.473] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.474] IUnknown:QueryInterface (in: This=0x5324048, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5324048) returned 0x0 [0136.474] IUnknown:AddRef (This=0x5324048) returned 0x4 [0136.474] IUnknown:Release (This=0x5324048) returned 0x3 [0136.474] IUnknown:Release (This=0x5324048) returned 0x2 [0136.474] CoTaskMemFree (pv=0x532bac8) [0136.474] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.474] IUnknown:AddRef (This=0x5324048) returned 0x3 [0136.474] IWbemClassObject:Get (in: This=0x5324048, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.474] IWbemClassObject:Get (in: This=0x5324048, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2328\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.474] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2328\"") returned 0x66 [0136.474] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2328\"") returned 0x66 [0136.474] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.475] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.475] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.475] IUnknown:Release (This=0x56e704) returned 0x1 [0136.476] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bac8) returned 0x0 [0136.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bac8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.476] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bac8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532c818) returned 0x0 [0136.476] WbemDefPath:IUnknown:Release (This=0x532bac8) returned 0x0 [0136.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c818, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532c818) returned 0x0 [0136.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c818, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.476] WbemDefPath:IUnknown:AddRef (This=0x532c818) returned 0x3 [0136.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c818, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c818, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c818, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bad8) returned 0x0 [0136.477] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bad8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.477] WbemDefPath:IUnknown:Release (This=0x532bad8) returned 0x3 [0136.477] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.477] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c818, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.477] WbemDefPath:IUnknown:Release (This=0x532c818) returned 0x2 [0136.477] WbemDefPath:IUnknown:Release (This=0x532c818) returned 0x1 [0136.477] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.477] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c818, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532c818) returned 0x0 [0136.477] WbemDefPath:IUnknown:AddRef (This=0x532c818) returned 0x3 [0136.477] WbemDefPath:IUnknown:Release (This=0x532c818) returned 0x2 [0136.477] WbemDefPath:IWbemPath:SetText (This=0x532c818, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2328\"") returned 0x0 [0136.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.477] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.477] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.477] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.477] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.477] IWbemClassObject:Get (in: This=0x5324048, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bd130*=0, plFlavor=0x25bd134*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="picture-win.exe", varVal2=0x0), pType=0x25bd130*=8, plFlavor=0x25bd134*=0) returned 0x0 [0136.477] SysStringByteLen (bstr="picture-win.exe") returned 0x1e [0136.477] SysStringByteLen (bstr="picture-win.exe") returned 0x1e [0136.478] IWbemClassObject:Get (in: This=0x5324048, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bd130*=8, plFlavor=0x25bd134*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="picture-win.exe", varVal2=0x0), pType=0x25bd130*=8, plFlavor=0x25bd134*=0) returned 0x0 [0136.478] SysStringByteLen (bstr="picture-win.exe") returned 0x1e [0136.478] SysStringByteLen (bstr="picture-win.exe") returned 0x1e [0136.478] CoTaskMemAlloc (cb=0x4) returned 0x532bb08 [0136.478] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bb08, puReturned=0x25b625c | out: apObjects=0x532bb08*=0x53241e0, puReturned=0x25b625c*=0x1) returned 0x0 [0136.524] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53241e0) returned 0x0 [0136.524] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.524] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.525] IUnknown:AddRef (This=0x53241e0) returned 0x3 [0136.525] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.525] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.525] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53241e4) returned 0x0 [0136.525] IMarshal:GetUnmarshalClass (in: This=0x53241e4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.525] IUnknown:Release (This=0x53241e4) returned 0x3 [0136.525] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.525] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.525] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.525] IUnknown:Release (This=0x53241e0) returned 0x2 [0136.525] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.525] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.526] IUnknown:QueryInterface (in: This=0x53241e0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53241e0) returned 0x0 [0136.526] IUnknown:AddRef (This=0x53241e0) returned 0x4 [0136.526] IUnknown:Release (This=0x53241e0) returned 0x3 [0136.526] IUnknown:Release (This=0x53241e0) returned 0x2 [0136.526] CoTaskMemFree (pv=0x532bb08) [0136.526] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.526] IUnknown:AddRef (This=0x53241e0) returned 0x3 [0136.526] IWbemClassObject:Get (in: This=0x53241e0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.527] IWbemClassObject:Get (in: This=0x53241e0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.527] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x66 [0136.527] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x66 [0136.527] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.527] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.527] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.527] IUnknown:Release (This=0x56e704) returned 0x1 [0136.528] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bb08) returned 0x0 [0136.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bb08, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.529] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bb08, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532c8f8) returned 0x0 [0136.529] WbemDefPath:IUnknown:Release (This=0x532bb08) returned 0x0 [0136.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c8f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532c8f8) returned 0x0 [0136.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c8f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.529] WbemDefPath:IUnknown:AddRef (This=0x532c8f8) returned 0x3 [0136.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c8f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c8f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c8f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bb18) returned 0x0 [0136.530] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bb18, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.530] WbemDefPath:IUnknown:Release (This=0x532bb18) returned 0x3 [0136.530] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.530] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.530] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c8f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.530] WbemDefPath:IUnknown:Release (This=0x532c8f8) returned 0x2 [0136.530] WbemDefPath:IUnknown:Release (This=0x532c8f8) returned 0x1 [0136.530] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.530] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.530] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c8f8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532c8f8) returned 0x0 [0136.530] WbemDefPath:IUnknown:AddRef (This=0x532c8f8) returned 0x3 [0136.530] WbemDefPath:IUnknown:Release (This=0x532c8f8) returned 0x2 [0136.530] WbemDefPath:IWbemPath:SetText (This=0x532c8f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2336\"") returned 0x0 [0136.530] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.530] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.530] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.530] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.530] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.530] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.531] IWbemClassObject:Get (in: This=0x53241e0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bd9ac*=0, plFlavor=0x25bd9b0*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="oh_bar.exe", varVal2=0x0), pType=0x25bd9ac*=8, plFlavor=0x25bd9b0*=0) returned 0x0 [0136.531] SysStringByteLen (bstr="oh_bar.exe") returned 0x14 [0136.531] SysStringByteLen (bstr="oh_bar.exe") returned 0x14 [0136.531] IWbemClassObject:Get (in: This=0x53241e0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bd9ac*=8, plFlavor=0x25bd9b0*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="oh_bar.exe", varVal2=0x0), pType=0x25bd9ac*=8, plFlavor=0x25bd9b0*=0) returned 0x0 [0136.531] SysStringByteLen (bstr="oh_bar.exe") returned 0x14 [0136.531] SysStringByteLen (bstr="oh_bar.exe") returned 0x14 [0136.531] CoTaskMemAlloc (cb=0x4) returned 0x532bb48 [0136.531] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bb48, puReturned=0x25b625c | out: apObjects=0x532bb48*=0x532ef20, puReturned=0x25b625c*=0x1) returned 0x0 [0136.579] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x532ef20) returned 0x0 [0136.579] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.579] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.579] IUnknown:AddRef (This=0x532ef20) returned 0x3 [0136.579] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.579] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.580] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x532ef24) returned 0x0 [0136.580] IMarshal:GetUnmarshalClass (in: This=0x532ef24, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.580] IUnknown:Release (This=0x532ef24) returned 0x3 [0136.580] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.580] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.580] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.580] IUnknown:Release (This=0x532ef20) returned 0x2 [0136.580] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.580] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.580] IUnknown:QueryInterface (in: This=0x532ef20, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x532ef20) returned 0x0 [0136.580] IUnknown:AddRef (This=0x532ef20) returned 0x4 [0136.580] IUnknown:Release (This=0x532ef20) returned 0x3 [0136.580] IUnknown:Release (This=0x532ef20) returned 0x2 [0136.580] CoTaskMemFree (pv=0x532bb48) [0136.581] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.581] IUnknown:AddRef (This=0x532ef20) returned 0x3 [0136.581] IWbemClassObject:Get (in: This=0x532ef20, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.581] IWbemClassObject:Get (in: This=0x532ef20, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2344\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.581] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2344\"") returned 0x66 [0136.582] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2344\"") returned 0x66 [0136.582] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.582] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.582] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.582] IUnknown:Release (This=0x56e704) returned 0x1 [0136.583] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bb48) returned 0x0 [0136.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bb48, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.583] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bb48, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532c9d8) returned 0x0 [0136.584] WbemDefPath:IUnknown:Release (This=0x532bb48) returned 0x0 [0136.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c9d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532c9d8) returned 0x0 [0136.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c9d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.584] WbemDefPath:IUnknown:AddRef (This=0x532c9d8) returned 0x3 [0136.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c9d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c9d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c9d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bb58) returned 0x0 [0136.584] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bb58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.584] WbemDefPath:IUnknown:Release (This=0x532bb58) returned 0x3 [0136.585] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.585] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c9d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.585] WbemDefPath:IUnknown:Release (This=0x532c9d8) returned 0x2 [0136.585] WbemDefPath:IUnknown:Release (This=0x532c9d8) returned 0x1 [0136.585] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.585] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x532c9d8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532c9d8) returned 0x0 [0136.585] WbemDefPath:IUnknown:AddRef (This=0x532c9d8) returned 0x3 [0136.585] WbemDefPath:IUnknown:Release (This=0x532c9d8) returned 0x2 [0136.585] WbemDefPath:IWbemPath:SetText (This=0x532c9d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2344\"") returned 0x0 [0136.585] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.585] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.585] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.585] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.585] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.586] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.586] IWbemClassObject:Get (in: This=0x532ef20, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25be224*=0, plFlavor=0x25be228*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="property_dog_method.exe", varVal2=0x0), pType=0x25be224*=8, plFlavor=0x25be228*=0) returned 0x0 [0136.586] SysStringByteLen (bstr="property_dog_method.exe") returned 0x2e [0136.586] SysStringByteLen (bstr="property_dog_method.exe") returned 0x2e [0136.586] IWbemClassObject:Get (in: This=0x532ef20, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25be224*=8, plFlavor=0x25be228*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="property_dog_method.exe", varVal2=0x0), pType=0x25be224*=8, plFlavor=0x25be228*=0) returned 0x0 [0136.586] SysStringByteLen (bstr="property_dog_method.exe") returned 0x2e [0136.586] SysStringByteLen (bstr="property_dog_method.exe") returned 0x2e [0136.586] CoTaskMemAlloc (cb=0x4) returned 0x532bb88 [0136.586] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bb88, puReturned=0x25b625c | out: apObjects=0x532bb88*=0x533f670, puReturned=0x25b625c*=0x1) returned 0x0 [0136.587] IUnknown:QueryInterface (in: This=0x533f670, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x533f670) returned 0x0 [0136.587] IUnknown:QueryInterface (in: This=0x533f670, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.587] IUnknown:QueryInterface (in: This=0x533f670, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.588] IUnknown:AddRef (This=0x533f670) returned 0x3 [0136.588] IUnknown:QueryInterface (in: This=0x533f670, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.588] IUnknown:QueryInterface (in: This=0x533f670, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.588] IUnknown:QueryInterface (in: This=0x533f670, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x533f674) returned 0x0 [0136.588] IMarshal:GetUnmarshalClass (in: This=0x533f674, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.588] IUnknown:Release (This=0x533f674) returned 0x3 [0136.588] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.588] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.588] IUnknown:QueryInterface (in: This=0x533f670, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.588] IUnknown:Release (This=0x533f670) returned 0x2 [0136.588] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.588] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.588] IUnknown:QueryInterface (in: This=0x533f670, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x533f670) returned 0x0 [0136.588] IUnknown:AddRef (This=0x533f670) returned 0x4 [0136.588] IUnknown:Release (This=0x533f670) returned 0x3 [0136.588] IUnknown:Release (This=0x533f670) returned 0x2 [0136.588] CoTaskMemFree (pv=0x532bb88) [0136.589] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.589] IUnknown:AddRef (This=0x533f670) returned 0x3 [0136.589] IWbemClassObject:Get (in: This=0x533f670, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.589] IWbemClassObject:Get (in: This=0x533f670, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2376\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.589] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2376\"") returned 0x66 [0136.589] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2376\"") returned 0x66 [0136.589] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.589] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.589] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.589] IUnknown:Release (This=0x56e704) returned 0x1 [0136.591] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bb88) returned 0x0 [0136.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bb88, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.591] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bb88, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532cab8) returned 0x0 [0136.591] WbemDefPath:IUnknown:Release (This=0x532bb88) returned 0x0 [0136.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cab8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532cab8) returned 0x0 [0136.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cab8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.592] WbemDefPath:IUnknown:AddRef (This=0x532cab8) returned 0x3 [0136.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cab8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cab8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cab8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bb98) returned 0x0 [0136.592] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bb98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.592] WbemDefPath:IUnknown:Release (This=0x532bb98) returned 0x3 [0136.592] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.592] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cab8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.592] WbemDefPath:IUnknown:Release (This=0x532cab8) returned 0x2 [0136.592] WbemDefPath:IUnknown:Release (This=0x532cab8) returned 0x1 [0136.592] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.592] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cab8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532cab8) returned 0x0 [0136.593] WbemDefPath:IUnknown:AddRef (This=0x532cab8) returned 0x3 [0136.593] WbemDefPath:IUnknown:Release (This=0x532cab8) returned 0x2 [0136.593] WbemDefPath:IWbemPath:SetText (This=0x532cab8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2376\"") returned 0x0 [0136.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.593] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.593] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.593] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.593] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.593] IWbemClassObject:Get (in: This=0x533f670, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25beac0*=0, plFlavor=0x25beac4*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fast_memory.exe", varVal2=0x0), pType=0x25beac0*=8, plFlavor=0x25beac4*=0) returned 0x0 [0136.593] SysStringByteLen (bstr="fast_memory.exe") returned 0x1e [0136.593] SysStringByteLen (bstr="fast_memory.exe") returned 0x1e [0136.593] IWbemClassObject:Get (in: This=0x533f670, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25beac0*=8, plFlavor=0x25beac4*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fast_memory.exe", varVal2=0x0), pType=0x25beac0*=8, plFlavor=0x25beac4*=0) returned 0x0 [0136.593] SysStringByteLen (bstr="fast_memory.exe") returned 0x1e [0136.593] SysStringByteLen (bstr="fast_memory.exe") returned 0x1e [0136.594] CoTaskMemAlloc (cb=0x4) returned 0x532bbc8 [0136.594] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bbc8, puReturned=0x25b625c | out: apObjects=0x532bbc8*=0x533f808, puReturned=0x25b625c*=0x1) returned 0x0 [0136.595] IUnknown:QueryInterface (in: This=0x533f808, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x533f808) returned 0x0 [0136.595] IUnknown:QueryInterface (in: This=0x533f808, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.595] IUnknown:QueryInterface (in: This=0x533f808, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.595] IUnknown:AddRef (This=0x533f808) returned 0x3 [0136.595] IUnknown:QueryInterface (in: This=0x533f808, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.595] IUnknown:QueryInterface (in: This=0x533f808, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.595] IUnknown:QueryInterface (in: This=0x533f808, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x533f80c) returned 0x0 [0136.595] IMarshal:GetUnmarshalClass (in: This=0x533f80c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.595] IUnknown:Release (This=0x533f80c) returned 0x3 [0136.595] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.596] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.596] IUnknown:QueryInterface (in: This=0x533f808, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.596] IUnknown:Release (This=0x533f808) returned 0x2 [0136.596] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.596] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.596] IUnknown:QueryInterface (in: This=0x533f808, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x533f808) returned 0x0 [0136.596] IUnknown:AddRef (This=0x533f808) returned 0x4 [0136.596] IUnknown:Release (This=0x533f808) returned 0x3 [0136.596] IUnknown:Release (This=0x533f808) returned 0x2 [0136.596] CoTaskMemFree (pv=0x532bbc8) [0136.596] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.597] IUnknown:AddRef (This=0x533f808) returned 0x3 [0136.597] IWbemClassObject:Get (in: This=0x533f808, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.598] IWbemClassObject:Get (in: This=0x533f808, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2388\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.598] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2388\"") returned 0x66 [0136.598] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2388\"") returned 0x66 [0136.598] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.598] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.598] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.598] IUnknown:Release (This=0x56e704) returned 0x1 [0136.600] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bbc8) returned 0x0 [0136.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bbc8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.600] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bbc8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532cb98) returned 0x0 [0136.600] WbemDefPath:IUnknown:Release (This=0x532bbc8) returned 0x0 [0136.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cb98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532cb98) returned 0x0 [0136.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cb98, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.601] WbemDefPath:IUnknown:AddRef (This=0x532cb98) returned 0x3 [0136.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cb98, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cb98, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cb98, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bbd8) returned 0x0 [0136.601] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bbd8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.601] WbemDefPath:IUnknown:Release (This=0x532bbd8) returned 0x3 [0136.601] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.601] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cb98, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.601] WbemDefPath:IUnknown:Release (This=0x532cb98) returned 0x2 [0136.601] WbemDefPath:IUnknown:Release (This=0x532cb98) returned 0x1 [0136.602] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.602] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cb98, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532cb98) returned 0x0 [0136.602] WbemDefPath:IUnknown:AddRef (This=0x532cb98) returned 0x3 [0136.602] WbemDefPath:IUnknown:Release (This=0x532cb98) returned 0x2 [0136.602] WbemDefPath:IWbemPath:SetText (This=0x532cb98, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2388\"") returned 0x0 [0136.602] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.602] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.602] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.602] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.602] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.602] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.602] IWbemClassObject:Get (in: This=0x533f808, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bf33c*=0, plFlavor=0x25bf340*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="but_meet_pay.exe", varVal2=0x0), pType=0x25bf33c*=8, plFlavor=0x25bf340*=0) returned 0x0 [0136.602] SysStringByteLen (bstr="but_meet_pay.exe") returned 0x20 [0136.602] SysStringByteLen (bstr="but_meet_pay.exe") returned 0x20 [0136.602] IWbemClassObject:Get (in: This=0x533f808, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bf33c*=8, plFlavor=0x25bf340*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="but_meet_pay.exe", varVal2=0x0), pType=0x25bf33c*=8, plFlavor=0x25bf340*=0) returned 0x0 [0136.603] SysStringByteLen (bstr="but_meet_pay.exe") returned 0x20 [0136.603] SysStringByteLen (bstr="but_meet_pay.exe") returned 0x20 [0136.603] CoTaskMemAlloc (cb=0x4) returned 0x532bc08 [0136.603] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bc08, puReturned=0x25b625c | out: apObjects=0x532bc08*=0x533f9a0, puReturned=0x25b625c*=0x1) returned 0x0 [0136.604] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x533f9a0) returned 0x0 [0136.604] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.604] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.604] IUnknown:AddRef (This=0x533f9a0) returned 0x3 [0136.604] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.605] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.605] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x533f9a4) returned 0x0 [0136.605] IMarshal:GetUnmarshalClass (in: This=0x533f9a4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.605] IUnknown:Release (This=0x533f9a4) returned 0x3 [0136.605] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.605] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.605] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.605] IUnknown:Release (This=0x533f9a0) returned 0x2 [0136.605] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.605] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.605] IUnknown:QueryInterface (in: This=0x533f9a0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x533f9a0) returned 0x0 [0136.605] IUnknown:AddRef (This=0x533f9a0) returned 0x4 [0136.605] IUnknown:Release (This=0x533f9a0) returned 0x3 [0136.605] IUnknown:Release (This=0x533f9a0) returned 0x2 [0136.605] CoTaskMemFree (pv=0x532bc08) [0136.606] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.606] IUnknown:AddRef (This=0x533f9a0) returned 0x3 [0136.606] IWbemClassObject:Get (in: This=0x533f9a0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.606] IWbemClassObject:Get (in: This=0x533f9a0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2400\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.606] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2400\"") returned 0x66 [0136.606] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2400\"") returned 0x66 [0136.606] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.606] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.606] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.607] IUnknown:Release (This=0x56e704) returned 0x1 [0136.608] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bc08) returned 0x0 [0136.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bc08, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.608] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bc08, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532cc78) returned 0x0 [0136.608] WbemDefPath:IUnknown:Release (This=0x532bc08) returned 0x0 [0136.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cc78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532cc78) returned 0x0 [0136.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cc78, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.608] WbemDefPath:IUnknown:AddRef (This=0x532cc78) returned 0x3 [0136.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cc78, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cc78, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cc78, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bc18) returned 0x0 [0136.609] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bc18, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.609] WbemDefPath:IUnknown:Release (This=0x532bc18) returned 0x3 [0136.609] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.609] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cc78, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.609] WbemDefPath:IUnknown:Release (This=0x532cc78) returned 0x2 [0136.609] WbemDefPath:IUnknown:Release (This=0x532cc78) returned 0x1 [0136.609] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.609] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cc78, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532cc78) returned 0x0 [0136.609] WbemDefPath:IUnknown:AddRef (This=0x532cc78) returned 0x3 [0136.609] WbemDefPath:IUnknown:Release (This=0x532cc78) returned 0x2 [0136.609] WbemDefPath:IWbemPath:SetText (This=0x532cc78, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2400\"") returned 0x0 [0136.609] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.609] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.609] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.610] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.610] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.610] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.610] IWbemClassObject:Get (in: This=0x533f9a0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bfbcc*=0, plFlavor=0x25bfbd0*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="main_energy.exe", varVal2=0x0), pType=0x25bfbcc*=8, plFlavor=0x25bfbd0*=0) returned 0x0 [0136.610] SysStringByteLen (bstr="main_energy.exe") returned 0x1e [0136.610] SysStringByteLen (bstr="main_energy.exe") returned 0x1e [0136.610] IWbemClassObject:Get (in: This=0x533f9a0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25bfbcc*=8, plFlavor=0x25bfbd0*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="main_energy.exe", varVal2=0x0), pType=0x25bfbcc*=8, plFlavor=0x25bfbd0*=0) returned 0x0 [0136.610] SysStringByteLen (bstr="main_energy.exe") returned 0x1e [0136.610] SysStringByteLen (bstr="main_energy.exe") returned 0x1e [0136.610] CoTaskMemAlloc (cb=0x4) returned 0x532bc48 [0136.610] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bc48, puReturned=0x25b625c | out: apObjects=0x532bc48*=0x533fb38, puReturned=0x25b625c*=0x1) returned 0x0 [0136.611] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x533fb38) returned 0x0 [0136.611] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.611] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.612] IUnknown:AddRef (This=0x533fb38) returned 0x3 [0136.612] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.612] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.612] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x533fb3c) returned 0x0 [0136.612] IMarshal:GetUnmarshalClass (in: This=0x533fb3c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.612] IUnknown:Release (This=0x533fb3c) returned 0x3 [0136.612] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.612] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.612] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.612] IUnknown:Release (This=0x533fb38) returned 0x2 [0136.612] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.612] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.612] IUnknown:QueryInterface (in: This=0x533fb38, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x533fb38) returned 0x0 [0136.612] IUnknown:AddRef (This=0x533fb38) returned 0x4 [0136.612] IUnknown:Release (This=0x533fb38) returned 0x3 [0136.612] IUnknown:Release (This=0x533fb38) returned 0x2 [0136.612] CoTaskMemFree (pv=0x532bc48) [0136.612] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.612] IUnknown:AddRef (This=0x533fb38) returned 0x3 [0136.613] IWbemClassObject:Get (in: This=0x533fb38, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.613] IWbemClassObject:Get (in: This=0x533fb38, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2412\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.613] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2412\"") returned 0x66 [0136.613] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2412\"") returned 0x66 [0136.613] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.613] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.613] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.613] IUnknown:Release (This=0x56e704) returned 0x1 [0136.614] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bc48) returned 0x0 [0136.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bc48, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.615] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bc48, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532cd58) returned 0x0 [0136.615] WbemDefPath:IUnknown:Release (This=0x532bc48) returned 0x0 [0136.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cd58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532cd58) returned 0x0 [0136.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cd58, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.615] WbemDefPath:IUnknown:AddRef (This=0x532cd58) returned 0x3 [0136.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cd58, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cd58, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cd58, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bc58) returned 0x0 [0136.615] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bc58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.616] WbemDefPath:IUnknown:Release (This=0x532bc58) returned 0x3 [0136.616] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.616] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cd58, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.616] WbemDefPath:IUnknown:Release (This=0x532cd58) returned 0x2 [0136.616] WbemDefPath:IUnknown:Release (This=0x532cd58) returned 0x1 [0136.616] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.616] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cd58, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532cd58) returned 0x0 [0136.616] WbemDefPath:IUnknown:AddRef (This=0x532cd58) returned 0x3 [0136.616] WbemDefPath:IUnknown:Release (This=0x532cd58) returned 0x2 [0136.616] WbemDefPath:IWbemPath:SetText (This=0x532cd58, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2412\"") returned 0x0 [0136.616] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.616] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.616] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.616] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.616] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.616] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.616] IWbemClassObject:Get (in: This=0x533fb38, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c0448*=0, plFlavor=0x25c044c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="standard.exe", varVal2=0x0), pType=0x25c0448*=8, plFlavor=0x25c044c*=0) returned 0x0 [0136.617] SysStringByteLen (bstr="standard.exe") returned 0x18 [0136.617] SysStringByteLen (bstr="standard.exe") returned 0x18 [0136.617] IWbemClassObject:Get (in: This=0x533fb38, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c0448*=8, plFlavor=0x25c044c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="standard.exe", varVal2=0x0), pType=0x25c0448*=8, plFlavor=0x25c044c*=0) returned 0x0 [0136.617] SysStringByteLen (bstr="standard.exe") returned 0x18 [0136.617] SysStringByteLen (bstr="standard.exe") returned 0x18 [0136.617] CoTaskMemAlloc (cb=0x4) returned 0x532bc88 [0136.617] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bc88, puReturned=0x25b625c | out: apObjects=0x532bc88*=0x533fcd0, puReturned=0x25b625c*=0x1) returned 0x0 [0136.654] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x533fcd0) returned 0x0 [0136.655] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.655] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.655] IUnknown:AddRef (This=0x533fcd0) returned 0x3 [0136.655] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.655] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.655] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x533fcd4) returned 0x0 [0136.655] IMarshal:GetUnmarshalClass (in: This=0x533fcd4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.655] IUnknown:Release (This=0x533fcd4) returned 0x3 [0136.655] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.655] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.655] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.655] IUnknown:Release (This=0x533fcd0) returned 0x2 [0136.656] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.656] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.656] IUnknown:QueryInterface (in: This=0x533fcd0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x533fcd0) returned 0x0 [0136.656] IUnknown:AddRef (This=0x533fcd0) returned 0x4 [0136.656] IUnknown:Release (This=0x533fcd0) returned 0x3 [0136.656] IUnknown:Release (This=0x533fcd0) returned 0x2 [0136.656] CoTaskMemFree (pv=0x532bc88) [0136.656] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.656] IUnknown:AddRef (This=0x533fcd0) returned 0x3 [0136.656] IWbemClassObject:Get (in: This=0x533fcd0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.657] IWbemClassObject:Get (in: This=0x533fcd0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2424\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.657] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2424\"") returned 0x66 [0136.657] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2424\"") returned 0x66 [0136.657] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.657] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.657] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.657] IUnknown:Release (This=0x56e704) returned 0x1 [0136.658] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bc88) returned 0x0 [0136.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bc88, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.658] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bc88, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532ce38) returned 0x0 [0136.659] WbemDefPath:IUnknown:Release (This=0x532bc88) returned 0x0 [0136.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ce38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532ce38) returned 0x0 [0136.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ce38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.659] WbemDefPath:IUnknown:AddRef (This=0x532ce38) returned 0x3 [0136.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ce38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ce38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ce38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bc98) returned 0x0 [0136.659] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bc98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.659] WbemDefPath:IUnknown:Release (This=0x532bc98) returned 0x3 [0136.659] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.659] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ce38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.660] WbemDefPath:IUnknown:Release (This=0x532ce38) returned 0x2 [0136.660] WbemDefPath:IUnknown:Release (This=0x532ce38) returned 0x1 [0136.660] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.660] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x532ce38, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532ce38) returned 0x0 [0136.660] WbemDefPath:IUnknown:AddRef (This=0x532ce38) returned 0x3 [0136.660] WbemDefPath:IUnknown:Release (This=0x532ce38) returned 0x2 [0136.660] WbemDefPath:IWbemPath:SetText (This=0x532ce38, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2424\"") returned 0x0 [0136.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.660] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.660] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.660] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.660] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.660] IWbemClassObject:Get (in: This=0x533fcd0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c0cbc*=0, plFlavor=0x25c0cc0*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="several-instead-movement.exe", varVal2=0x0), pType=0x25c0cbc*=8, plFlavor=0x25c0cc0*=0) returned 0x0 [0136.660] SysStringByteLen (bstr="several-instead-movement.exe") returned 0x38 [0136.660] SysStringByteLen (bstr="several-instead-movement.exe") returned 0x38 [0136.660] IWbemClassObject:Get (in: This=0x533fcd0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c0cbc*=8, plFlavor=0x25c0cc0*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="several-instead-movement.exe", varVal2=0x0), pType=0x25c0cbc*=8, plFlavor=0x25c0cc0*=0) returned 0x0 [0136.660] SysStringByteLen (bstr="several-instead-movement.exe") returned 0x38 [0136.660] SysStringByteLen (bstr="several-instead-movement.exe") returned 0x38 [0136.661] CoTaskMemAlloc (cb=0x4) returned 0x532bcc8 [0136.661] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bcc8, puReturned=0x25b625c | out: apObjects=0x532bcc8*=0x533fe68, puReturned=0x25b625c*=0x1) returned 0x0 [0136.662] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x533fe68) returned 0x0 [0136.662] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.662] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.662] IUnknown:AddRef (This=0x533fe68) returned 0x3 [0136.662] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.662] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.662] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x533fe6c) returned 0x0 [0136.662] IMarshal:GetUnmarshalClass (in: This=0x533fe6c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.662] IUnknown:Release (This=0x533fe6c) returned 0x3 [0136.662] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.663] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.663] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.663] IUnknown:Release (This=0x533fe68) returned 0x2 [0136.663] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.663] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.663] IUnknown:QueryInterface (in: This=0x533fe68, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x533fe68) returned 0x0 [0136.663] IUnknown:AddRef (This=0x533fe68) returned 0x4 [0136.663] IUnknown:Release (This=0x533fe68) returned 0x3 [0136.663] IUnknown:Release (This=0x533fe68) returned 0x2 [0136.663] CoTaskMemFree (pv=0x532bcc8) [0136.663] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.663] IUnknown:AddRef (This=0x533fe68) returned 0x3 [0136.663] IWbemClassObject:Get (in: This=0x533fe68, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.664] IWbemClassObject:Get (in: This=0x533fe68, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2436\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.664] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2436\"") returned 0x66 [0136.664] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2436\"") returned 0x66 [0136.664] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.664] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.664] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.664] IUnknown:Release (This=0x56e704) returned 0x1 [0136.665] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bcc8) returned 0x0 [0136.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bcc8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.665] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bcc8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532cf18) returned 0x0 [0136.665] WbemDefPath:IUnknown:Release (This=0x532bcc8) returned 0x0 [0136.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cf18, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532cf18) returned 0x0 [0136.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cf18, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.666] WbemDefPath:IUnknown:AddRef (This=0x532cf18) returned 0x3 [0136.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cf18, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cf18, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cf18, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bcd8) returned 0x0 [0136.666] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bcd8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.666] WbemDefPath:IUnknown:Release (This=0x532bcd8) returned 0x3 [0136.666] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.666] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cf18, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.666] WbemDefPath:IUnknown:Release (This=0x532cf18) returned 0x2 [0136.666] WbemDefPath:IUnknown:Release (This=0x532cf18) returned 0x1 [0136.666] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.666] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cf18, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532cf18) returned 0x0 [0136.666] WbemDefPath:IUnknown:AddRef (This=0x532cf18) returned 0x3 [0136.667] WbemDefPath:IUnknown:Release (This=0x532cf18) returned 0x2 [0136.667] WbemDefPath:IWbemPath:SetText (This=0x532cf18, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2436\"") returned 0x0 [0136.667] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.667] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.667] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.667] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.667] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.667] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.667] IWbemClassObject:Get (in: This=0x533fe68, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c1570*=0, plFlavor=0x25c1574*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="six_recently_another.exe", varVal2=0x0), pType=0x25c1570*=8, plFlavor=0x25c1574*=0) returned 0x0 [0136.667] SysStringByteLen (bstr="six_recently_another.exe") returned 0x30 [0136.667] SysStringByteLen (bstr="six_recently_another.exe") returned 0x30 [0136.667] IWbemClassObject:Get (in: This=0x533fe68, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c1570*=8, plFlavor=0x25c1574*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="six_recently_another.exe", varVal2=0x0), pType=0x25c1570*=8, plFlavor=0x25c1574*=0) returned 0x0 [0136.667] SysStringByteLen (bstr="six_recently_another.exe") returned 0x30 [0136.667] SysStringByteLen (bstr="six_recently_another.exe") returned 0x30 [0136.667] CoTaskMemAlloc (cb=0x4) returned 0x532bd08 [0136.667] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bd08, puReturned=0x25b625c | out: apObjects=0x532bd08*=0x5340000, puReturned=0x25b625c*=0x1) returned 0x0 [0136.668] IUnknown:QueryInterface (in: This=0x5340000, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340000) returned 0x0 [0136.668] IUnknown:QueryInterface (in: This=0x5340000, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.668] IUnknown:QueryInterface (in: This=0x5340000, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.669] IUnknown:AddRef (This=0x5340000) returned 0x3 [0136.669] IUnknown:QueryInterface (in: This=0x5340000, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.669] IUnknown:QueryInterface (in: This=0x5340000, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.669] IUnknown:QueryInterface (in: This=0x5340000, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340004) returned 0x0 [0136.669] IMarshal:GetUnmarshalClass (in: This=0x5340004, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.669] IUnknown:Release (This=0x5340004) returned 0x3 [0136.669] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.669] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.669] IUnknown:QueryInterface (in: This=0x5340000, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.669] IUnknown:Release (This=0x5340000) returned 0x2 [0136.669] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.669] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.669] IUnknown:QueryInterface (in: This=0x5340000, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340000) returned 0x0 [0136.669] IUnknown:AddRef (This=0x5340000) returned 0x4 [0136.669] IUnknown:Release (This=0x5340000) returned 0x3 [0136.669] IUnknown:Release (This=0x5340000) returned 0x2 [0136.669] CoTaskMemFree (pv=0x532bd08) [0136.670] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.670] IUnknown:AddRef (This=0x5340000) returned 0x3 [0136.670] IWbemClassObject:Get (in: This=0x5340000, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.670] IWbemClassObject:Get (in: This=0x5340000, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2448\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.670] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2448\"") returned 0x66 [0136.670] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2448\"") returned 0x66 [0136.670] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.670] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.670] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.670] IUnknown:Release (This=0x56e704) returned 0x1 [0136.672] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bd08) returned 0x0 [0136.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bd08, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.672] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bd08, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532cff8) returned 0x0 [0136.672] WbemDefPath:IUnknown:Release (This=0x532bd08) returned 0x0 [0136.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cff8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532cff8) returned 0x0 [0136.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cff8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.673] WbemDefPath:IUnknown:AddRef (This=0x532cff8) returned 0x3 [0136.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cff8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cff8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cff8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bd18) returned 0x0 [0136.673] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bd18, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.673] WbemDefPath:IUnknown:Release (This=0x532bd18) returned 0x3 [0136.673] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.673] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cff8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.673] WbemDefPath:IUnknown:Release (This=0x532cff8) returned 0x2 [0136.673] WbemDefPath:IUnknown:Release (This=0x532cff8) returned 0x1 [0136.673] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.673] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x532cff8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532cff8) returned 0x0 [0136.673] WbemDefPath:IUnknown:AddRef (This=0x532cff8) returned 0x3 [0136.673] WbemDefPath:IUnknown:Release (This=0x532cff8) returned 0x2 [0136.673] WbemDefPath:IWbemPath:SetText (This=0x532cff8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2448\"") returned 0x0 [0136.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.673] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.673] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.674] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.674] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.674] IWbemClassObject:Get (in: This=0x5340000, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c1e20*=0, plFlavor=0x25c1e24*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="into very.exe", varVal2=0x0), pType=0x25c1e20*=8, plFlavor=0x25c1e24*=0) returned 0x0 [0136.674] SysStringByteLen (bstr="into very.exe") returned 0x1a [0136.674] SysStringByteLen (bstr="into very.exe") returned 0x1a [0136.674] IWbemClassObject:Get (in: This=0x5340000, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c1e20*=8, plFlavor=0x25c1e24*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="into very.exe", varVal2=0x0), pType=0x25c1e20*=8, plFlavor=0x25c1e24*=0) returned 0x0 [0136.674] SysStringByteLen (bstr="into very.exe") returned 0x1a [0136.674] SysStringByteLen (bstr="into very.exe") returned 0x1a [0136.674] CoTaskMemAlloc (cb=0x4) returned 0x532bd48 [0136.674] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bd48, puReturned=0x25b625c | out: apObjects=0x532bd48*=0x5340198, puReturned=0x25b625c*=0x1) returned 0x0 [0136.675] IUnknown:QueryInterface (in: This=0x5340198, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340198) returned 0x0 [0136.675] IUnknown:QueryInterface (in: This=0x5340198, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.675] IUnknown:QueryInterface (in: This=0x5340198, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.675] IUnknown:AddRef (This=0x5340198) returned 0x3 [0136.675] IUnknown:QueryInterface (in: This=0x5340198, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.675] IUnknown:QueryInterface (in: This=0x5340198, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.675] IUnknown:QueryInterface (in: This=0x5340198, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534019c) returned 0x0 [0136.675] IMarshal:GetUnmarshalClass (in: This=0x534019c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.675] IUnknown:Release (This=0x534019c) returned 0x3 [0136.676] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.676] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.676] IUnknown:QueryInterface (in: This=0x5340198, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.676] IUnknown:Release (This=0x5340198) returned 0x2 [0136.676] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.676] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.676] IUnknown:QueryInterface (in: This=0x5340198, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340198) returned 0x0 [0136.676] IUnknown:AddRef (This=0x5340198) returned 0x4 [0136.676] IUnknown:Release (This=0x5340198) returned 0x3 [0136.676] IUnknown:Release (This=0x5340198) returned 0x2 [0136.676] CoTaskMemFree (pv=0x532bd48) [0136.676] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.676] IUnknown:AddRef (This=0x5340198) returned 0x3 [0136.676] IWbemClassObject:Get (in: This=0x5340198, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.677] IWbemClassObject:Get (in: This=0x5340198, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2460\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.677] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2460\"") returned 0x66 [0136.677] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2460\"") returned 0x66 [0136.677] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.677] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.677] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.677] IUnknown:Release (This=0x56e704) returned 0x1 [0136.678] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bd48) returned 0x0 [0136.678] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bd48, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.679] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bd48, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532d0d8) returned 0x0 [0136.679] WbemDefPath:IUnknown:Release (This=0x532bd48) returned 0x0 [0136.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d0d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532d0d8) returned 0x0 [0136.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d0d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.679] WbemDefPath:IUnknown:AddRef (This=0x532d0d8) returned 0x3 [0136.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d0d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d0d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d0d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bd58) returned 0x0 [0136.679] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bd58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.679] WbemDefPath:IUnknown:Release (This=0x532bd58) returned 0x3 [0136.679] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.679] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d0d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.680] WbemDefPath:IUnknown:Release (This=0x532d0d8) returned 0x2 [0136.680] WbemDefPath:IUnknown:Release (This=0x532d0d8) returned 0x1 [0136.680] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.680] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.680] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d0d8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532d0d8) returned 0x0 [0136.680] WbemDefPath:IUnknown:AddRef (This=0x532d0d8) returned 0x3 [0136.680] WbemDefPath:IUnknown:Release (This=0x532d0d8) returned 0x2 [0136.680] WbemDefPath:IWbemPath:SetText (This=0x532d0d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2460\"") returned 0x0 [0136.680] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.680] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.680] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.680] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.680] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.680] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.680] IWbemClassObject:Get (in: This=0x5340198, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c2694*=0, plFlavor=0x25c2698*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="studyand.exe", varVal2=0x0), pType=0x25c2694*=8, plFlavor=0x25c2698*=0) returned 0x0 [0136.680] SysStringByteLen (bstr="studyand.exe") returned 0x18 [0136.680] SysStringByteLen (bstr="studyand.exe") returned 0x18 [0136.680] IWbemClassObject:Get (in: This=0x5340198, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c2694*=8, plFlavor=0x25c2698*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="studyand.exe", varVal2=0x0), pType=0x25c2694*=8, plFlavor=0x25c2698*=0) returned 0x0 [0136.680] SysStringByteLen (bstr="studyand.exe") returned 0x18 [0136.680] SysStringByteLen (bstr="studyand.exe") returned 0x18 [0136.680] CoTaskMemAlloc (cb=0x4) returned 0x532bd88 [0136.681] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bd88, puReturned=0x25b625c | out: apObjects=0x532bd88*=0x5340330, puReturned=0x25b625c*=0x1) returned 0x0 [0136.682] IUnknown:QueryInterface (in: This=0x5340330, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340330) returned 0x0 [0136.682] IUnknown:QueryInterface (in: This=0x5340330, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.682] IUnknown:QueryInterface (in: This=0x5340330, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.682] IUnknown:AddRef (This=0x5340330) returned 0x3 [0136.683] IUnknown:QueryInterface (in: This=0x5340330, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.683] IUnknown:QueryInterface (in: This=0x5340330, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.683] IUnknown:QueryInterface (in: This=0x5340330, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340334) returned 0x0 [0136.683] IMarshal:GetUnmarshalClass (in: This=0x5340334, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.683] IUnknown:Release (This=0x5340334) returned 0x3 [0136.683] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.683] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.683] IUnknown:QueryInterface (in: This=0x5340330, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.683] IUnknown:Release (This=0x5340330) returned 0x2 [0136.683] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.683] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.683] IUnknown:QueryInterface (in: This=0x5340330, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340330) returned 0x0 [0136.683] IUnknown:AddRef (This=0x5340330) returned 0x4 [0136.683] IUnknown:Release (This=0x5340330) returned 0x3 [0136.683] IUnknown:Release (This=0x5340330) returned 0x2 [0136.683] CoTaskMemFree (pv=0x532bd88) [0136.683] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.683] IUnknown:AddRef (This=0x5340330) returned 0x3 [0136.683] IWbemClassObject:Get (in: This=0x5340330, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.684] IWbemClassObject:Get (in: This=0x5340330, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2468\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.684] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2468\"") returned 0x66 [0136.684] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2468\"") returned 0x66 [0136.684] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.684] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.684] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.684] IUnknown:Release (This=0x56e704) returned 0x1 [0136.685] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bd88) returned 0x0 [0136.686] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bd88, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.686] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bd88, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532d1b8) returned 0x0 [0136.686] WbemDefPath:IUnknown:Release (This=0x532bd88) returned 0x0 [0136.686] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d1b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532d1b8) returned 0x0 [0136.686] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d1b8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.686] WbemDefPath:IUnknown:AddRef (This=0x532d1b8) returned 0x3 [0136.686] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d1b8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.686] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d1b8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d1b8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bd98) returned 0x0 [0136.687] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bd98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.687] WbemDefPath:IUnknown:Release (This=0x532bd98) returned 0x3 [0136.687] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.687] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d1b8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.687] WbemDefPath:IUnknown:Release (This=0x532d1b8) returned 0x2 [0136.687] WbemDefPath:IUnknown:Release (This=0x532d1b8) returned 0x1 [0136.687] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.687] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d1b8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532d1b8) returned 0x0 [0136.687] WbemDefPath:IUnknown:AddRef (This=0x532d1b8) returned 0x3 [0136.687] WbemDefPath:IUnknown:Release (This=0x532d1b8) returned 0x2 [0136.687] WbemDefPath:IWbemPath:SetText (This=0x532d1b8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2468\"") returned 0x0 [0136.687] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.687] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.687] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.687] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.687] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.687] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.688] IWbemClassObject:Get (in: This=0x5340330, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c2f08*=0, plFlavor=0x25c2f0c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="assumesmiledie.exe", varVal2=0x0), pType=0x25c2f08*=8, plFlavor=0x25c2f0c*=0) returned 0x0 [0136.688] SysStringByteLen (bstr="assumesmiledie.exe") returned 0x24 [0136.688] SysStringByteLen (bstr="assumesmiledie.exe") returned 0x24 [0136.688] IWbemClassObject:Get (in: This=0x5340330, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c2f08*=8, plFlavor=0x25c2f0c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="assumesmiledie.exe", varVal2=0x0), pType=0x25c2f08*=8, plFlavor=0x25c2f0c*=0) returned 0x0 [0136.688] SysStringByteLen (bstr="assumesmiledie.exe") returned 0x24 [0136.688] SysStringByteLen (bstr="assumesmiledie.exe") returned 0x24 [0136.688] CoTaskMemAlloc (cb=0x4) returned 0x532bdc8 [0136.688] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532bdc8, puReturned=0x25b625c | out: apObjects=0x532bdc8*=0x53404c8, puReturned=0x25b625c*=0x1) returned 0x0 [0136.689] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53404c8) returned 0x0 [0136.690] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.690] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.690] IUnknown:AddRef (This=0x53404c8) returned 0x3 [0136.690] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.690] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.690] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53404cc) returned 0x0 [0136.690] IMarshal:GetUnmarshalClass (in: This=0x53404cc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.690] IUnknown:Release (This=0x53404cc) returned 0x3 [0136.690] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.690] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.690] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.691] IUnknown:Release (This=0x53404c8) returned 0x2 [0136.691] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.691] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.691] IUnknown:QueryInterface (in: This=0x53404c8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53404c8) returned 0x0 [0136.691] IUnknown:AddRef (This=0x53404c8) returned 0x4 [0136.691] IUnknown:Release (This=0x53404c8) returned 0x3 [0136.691] IUnknown:Release (This=0x53404c8) returned 0x2 [0136.691] CoTaskMemFree (pv=0x532bdc8) [0136.691] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.691] IUnknown:AddRef (This=0x53404c8) returned 0x3 [0136.691] IWbemClassObject:Get (in: This=0x53404c8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.692] IWbemClassObject:Get (in: This=0x53404c8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2476\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.692] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2476\"") returned 0x66 [0136.692] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2476\"") returned 0x66 [0136.692] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.692] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.692] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.692] IUnknown:Release (This=0x56e704) returned 0x1 [0136.693] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532bdc8) returned 0x0 [0136.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x532bdc8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.694] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532bdc8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532d298) returned 0x0 [0136.694] WbemDefPath:IUnknown:Release (This=0x532bdc8) returned 0x0 [0136.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d298, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532d298) returned 0x0 [0136.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d298, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.694] WbemDefPath:IUnknown:AddRef (This=0x532d298) returned 0x3 [0136.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d298, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.695] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d298, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.695] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d298, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x532bdd8) returned 0x0 [0136.695] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x532bdd8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.695] WbemDefPath:IUnknown:Release (This=0x532bdd8) returned 0x3 [0136.695] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.695] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.695] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d298, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.695] WbemDefPath:IUnknown:Release (This=0x532d298) returned 0x2 [0136.695] WbemDefPath:IUnknown:Release (This=0x532d298) returned 0x1 [0136.695] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.695] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.695] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d298, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532d298) returned 0x0 [0136.695] WbemDefPath:IUnknown:AddRef (This=0x532d298) returned 0x3 [0136.695] WbemDefPath:IUnknown:Release (This=0x532d298) returned 0x2 [0136.695] WbemDefPath:IWbemPath:SetText (This=0x532d298, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2476\"") returned 0x0 [0136.695] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.695] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.695] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.695] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.696] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.696] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.696] IWbemClassObject:Get (in: This=0x53404c8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c3794*=0, plFlavor=0x25c3798*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cause_condition.exe", varVal2=0x0), pType=0x25c3794*=8, plFlavor=0x25c3798*=0) returned 0x0 [0136.696] SysStringByteLen (bstr="cause_condition.exe") returned 0x26 [0136.696] SysStringByteLen (bstr="cause_condition.exe") returned 0x26 [0136.696] IWbemClassObject:Get (in: This=0x53404c8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c3794*=8, plFlavor=0x25c3798*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cause_condition.exe", varVal2=0x0), pType=0x25c3794*=8, plFlavor=0x25c3798*=0) returned 0x0 [0136.696] SysStringByteLen (bstr="cause_condition.exe") returned 0x26 [0136.696] SysStringByteLen (bstr="cause_condition.exe") returned 0x26 [0136.696] CoTaskMemAlloc (cb=0x4) returned 0x532be08 [0136.696] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x532be08, puReturned=0x25b625c | out: apObjects=0x532be08*=0x5340660, puReturned=0x25b625c*=0x1) returned 0x0 [0136.734] IUnknown:QueryInterface (in: This=0x5340660, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340660) returned 0x0 [0136.734] IUnknown:QueryInterface (in: This=0x5340660, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.735] IUnknown:QueryInterface (in: This=0x5340660, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.735] IUnknown:AddRef (This=0x5340660) returned 0x3 [0136.735] IUnknown:QueryInterface (in: This=0x5340660, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.735] IUnknown:QueryInterface (in: This=0x5340660, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.735] IUnknown:QueryInterface (in: This=0x5340660, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340664) returned 0x0 [0136.735] IMarshal:GetUnmarshalClass (in: This=0x5340664, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.735] IUnknown:Release (This=0x5340664) returned 0x3 [0136.735] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.735] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.735] IUnknown:QueryInterface (in: This=0x5340660, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.735] IUnknown:Release (This=0x5340660) returned 0x2 [0136.735] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.735] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.735] IUnknown:QueryInterface (in: This=0x5340660, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340660) returned 0x0 [0136.736] IUnknown:AddRef (This=0x5340660) returned 0x4 [0136.736] IUnknown:Release (This=0x5340660) returned 0x3 [0136.736] IUnknown:Release (This=0x5340660) returned 0x2 [0136.736] CoTaskMemFree (pv=0x532be08) [0136.736] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.736] IUnknown:AddRef (This=0x5340660) returned 0x3 [0136.736] IWbemClassObject:Get (in: This=0x5340660, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.736] IWbemClassObject:Get (in: This=0x5340660, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.736] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x66 [0136.736] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x66 [0136.737] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.737] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.737] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.737] IUnknown:Release (This=0x56e704) returned 0x1 [0136.738] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x532be08) returned 0x0 [0136.739] WbemDefPath:IUnknown:QueryInterface (in: This=0x532be08, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.739] WbemDefPath:IClassFactory:CreateInstance (in: This=0x532be08, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532d378) returned 0x0 [0136.739] WbemDefPath:IUnknown:Release (This=0x532be08) returned 0x0 [0136.739] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d378, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532d378) returned 0x0 [0136.739] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d378, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.739] WbemDefPath:IUnknown:AddRef (This=0x532d378) returned 0x3 [0136.739] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d378, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.739] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d378, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.739] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d378, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344358) returned 0x0 [0136.739] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344358, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.739] WbemDefPath:IUnknown:Release (This=0x5344358) returned 0x3 [0136.739] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.740] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d378, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.740] WbemDefPath:IUnknown:Release (This=0x532d378) returned 0x2 [0136.740] WbemDefPath:IUnknown:Release (This=0x532d378) returned 0x1 [0136.740] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.740] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d378, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532d378) returned 0x0 [0136.740] WbemDefPath:IUnknown:AddRef (This=0x532d378) returned 0x3 [0136.740] WbemDefPath:IUnknown:Release (This=0x532d378) returned 0x2 [0136.740] WbemDefPath:IWbemPath:SetText (This=0x532d378, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2912\"") returned 0x0 [0136.740] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.740] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.740] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.740] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.740] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.741] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.741] IWbemClassObject:Get (in: This=0x5340660, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c402c*=0, plFlavor=0x25c4030*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x25c402c*=8, plFlavor=0x25c4030*=0) returned 0x0 [0136.741] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0136.741] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0136.741] IWbemClassObject:Get (in: This=0x5340660, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c402c*=8, plFlavor=0x25c4030*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x25c402c*=8, plFlavor=0x25c4030*=0) returned 0x0 [0136.741] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0136.741] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0136.741] CoTaskMemAlloc (cb=0x4) returned 0x5344388 [0136.741] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344388, puReturned=0x25b625c | out: apObjects=0x5344388*=0x53407f8, puReturned=0x25b625c*=0x1) returned 0x0 [0136.778] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53407f8) returned 0x0 [0136.779] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.779] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.779] IUnknown:AddRef (This=0x53407f8) returned 0x3 [0136.779] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.779] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.779] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53407fc) returned 0x0 [0136.779] IMarshal:GetUnmarshalClass (in: This=0x53407fc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.779] IUnknown:Release (This=0x53407fc) returned 0x3 [0136.779] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.779] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.779] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.779] IUnknown:Release (This=0x53407f8) returned 0x2 [0136.780] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.780] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.780] IUnknown:QueryInterface (in: This=0x53407f8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53407f8) returned 0x0 [0136.780] IUnknown:AddRef (This=0x53407f8) returned 0x4 [0136.780] IUnknown:Release (This=0x53407f8) returned 0x3 [0136.780] IUnknown:Release (This=0x53407f8) returned 0x2 [0136.780] CoTaskMemFree (pv=0x5344388) [0136.780] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.780] IUnknown:AddRef (This=0x53407f8) returned 0x3 [0136.780] IWbemClassObject:Get (in: This=0x53407f8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.780] IWbemClassObject:Get (in: This=0x53407f8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2920\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.781] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2920\"") returned 0x66 [0136.781] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2920\"") returned 0x66 [0136.781] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.781] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.781] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.781] IUnknown:Release (This=0x56e704) returned 0x1 [0136.782] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344388) returned 0x0 [0136.782] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344388, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.782] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344388, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532d458) returned 0x0 [0136.783] WbemDefPath:IUnknown:Release (This=0x5344388) returned 0x0 [0136.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d458, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532d458) returned 0x0 [0136.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d458, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.783] WbemDefPath:IUnknown:AddRef (This=0x532d458) returned 0x3 [0136.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d458, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d458, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d458, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344398) returned 0x0 [0136.783] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344398, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.783] WbemDefPath:IUnknown:Release (This=0x5344398) returned 0x3 [0136.783] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.783] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d458, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.783] WbemDefPath:IUnknown:Release (This=0x532d458) returned 0x2 [0136.783] WbemDefPath:IUnknown:Release (This=0x532d458) returned 0x1 [0136.784] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.784] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.784] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d458, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532d458) returned 0x0 [0136.784] WbemDefPath:IUnknown:AddRef (This=0x532d458) returned 0x3 [0136.784] WbemDefPath:IUnknown:Release (This=0x532d458) returned 0x2 [0136.784] WbemDefPath:IWbemPath:SetText (This=0x532d458, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2920\"") returned 0x0 [0136.784] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.784] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.784] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.784] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.784] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.784] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.784] IWbemClassObject:Get (in: This=0x53407f8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c4890*=0, plFlavor=0x25c4894*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x25c4890*=8, plFlavor=0x25c4894*=0) returned 0x0 [0136.784] SysStringByteLen (bstr="barca.exe") returned 0x12 [0136.784] SysStringByteLen (bstr="barca.exe") returned 0x12 [0136.784] IWbemClassObject:Get (in: This=0x53407f8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c4890*=8, plFlavor=0x25c4894*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x25c4890*=8, plFlavor=0x25c4894*=0) returned 0x0 [0136.784] SysStringByteLen (bstr="barca.exe") returned 0x12 [0136.784] SysStringByteLen (bstr="barca.exe") returned 0x12 [0136.785] CoTaskMemAlloc (cb=0x4) returned 0x53443c8 [0136.785] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x53443c8, puReturned=0x25b625c | out: apObjects=0x53443c8*=0x5340990, puReturned=0x25b625c*=0x1) returned 0x0 [0136.786] IUnknown:QueryInterface (in: This=0x5340990, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340990) returned 0x0 [0136.786] IUnknown:QueryInterface (in: This=0x5340990, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.786] IUnknown:QueryInterface (in: This=0x5340990, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.787] IUnknown:AddRef (This=0x5340990) returned 0x3 [0136.787] IUnknown:QueryInterface (in: This=0x5340990, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.787] IUnknown:QueryInterface (in: This=0x5340990, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.787] IUnknown:QueryInterface (in: This=0x5340990, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340994) returned 0x0 [0136.787] IMarshal:GetUnmarshalClass (in: This=0x5340994, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.787] IUnknown:Release (This=0x5340994) returned 0x3 [0136.787] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.787] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.787] IUnknown:QueryInterface (in: This=0x5340990, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.787] IUnknown:Release (This=0x5340990) returned 0x2 [0136.787] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.787] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.787] IUnknown:QueryInterface (in: This=0x5340990, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340990) returned 0x0 [0136.787] IUnknown:AddRef (This=0x5340990) returned 0x4 [0136.787] IUnknown:Release (This=0x5340990) returned 0x3 [0136.787] IUnknown:Release (This=0x5340990) returned 0x2 [0136.787] CoTaskMemFree (pv=0x53443c8) [0136.788] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.788] IUnknown:AddRef (This=0x5340990) returned 0x3 [0136.788] IWbemClassObject:Get (in: This=0x5340990, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.788] IWbemClassObject:Get (in: This=0x5340990, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.788] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"") returned 0x66 [0136.788] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"") returned 0x66 [0136.788] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.788] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.788] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.788] IUnknown:Release (This=0x56e704) returned 0x1 [0136.789] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x53443c8) returned 0x0 [0136.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x53443c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.790] WbemDefPath:IClassFactory:CreateInstance (in: This=0x53443c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532d538) returned 0x0 [0136.790] WbemDefPath:IUnknown:Release (This=0x53443c8) returned 0x0 [0136.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d538, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532d538) returned 0x0 [0136.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d538, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.790] WbemDefPath:IUnknown:AddRef (This=0x532d538) returned 0x3 [0136.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d538, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d538, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d538, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x53443d8) returned 0x0 [0136.790] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x53443d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.790] WbemDefPath:IUnknown:Release (This=0x53443d8) returned 0x3 [0136.791] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.791] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d538, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.791] WbemDefPath:IUnknown:Release (This=0x532d538) returned 0x2 [0136.791] WbemDefPath:IUnknown:Release (This=0x532d538) returned 0x1 [0136.791] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.791] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d538, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532d538) returned 0x0 [0136.791] WbemDefPath:IUnknown:AddRef (This=0x532d538) returned 0x3 [0136.791] WbemDefPath:IUnknown:Release (This=0x532d538) returned 0x2 [0136.791] WbemDefPath:IWbemPath:SetText (This=0x532d538, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2928\"") returned 0x0 [0136.791] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.791] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.791] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.791] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.791] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.791] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.791] IWbemClassObject:Get (in: This=0x5340990, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c50f4*=0, plFlavor=0x25c50f8*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x25c50f4*=8, plFlavor=0x25c50f8*=0) returned 0x0 [0136.791] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0136.791] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0136.792] IWbemClassObject:Get (in: This=0x5340990, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c50f4*=8, plFlavor=0x25c50f8*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x25c50f4*=8, plFlavor=0x25c50f8*=0) returned 0x0 [0136.792] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0136.792] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0136.792] CoTaskMemAlloc (cb=0x4) returned 0x5344408 [0136.792] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344408, puReturned=0x25b625c | out: apObjects=0x5344408*=0x5340b28, puReturned=0x25b625c*=0x1) returned 0x0 [0136.793] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340b28) returned 0x0 [0136.793] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.793] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.793] IUnknown:AddRef (This=0x5340b28) returned 0x3 [0136.793] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.793] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.793] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340b2c) returned 0x0 [0136.793] IMarshal:GetUnmarshalClass (in: This=0x5340b2c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.793] IUnknown:Release (This=0x5340b2c) returned 0x3 [0136.793] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.793] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.793] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.793] IUnknown:Release (This=0x5340b28) returned 0x2 [0136.793] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.794] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.794] IUnknown:QueryInterface (in: This=0x5340b28, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340b28) returned 0x0 [0136.794] IUnknown:AddRef (This=0x5340b28) returned 0x4 [0136.794] IUnknown:Release (This=0x5340b28) returned 0x3 [0136.794] IUnknown:Release (This=0x5340b28) returned 0x2 [0136.794] CoTaskMemFree (pv=0x5344408) [0136.794] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.794] IUnknown:AddRef (This=0x5340b28) returned 0x3 [0136.794] IWbemClassObject:Get (in: This=0x5340b28, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.794] IWbemClassObject:Get (in: This=0x5340b28, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2936\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.794] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2936\"") returned 0x66 [0136.794] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2936\"") returned 0x66 [0136.795] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.795] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.795] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.795] IUnknown:Release (This=0x56e704) returned 0x1 [0136.796] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344408) returned 0x0 [0136.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344408, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.796] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344408, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x532d618) returned 0x0 [0136.796] WbemDefPath:IUnknown:Release (This=0x5344408) returned 0x0 [0136.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d618, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x532d618) returned 0x0 [0136.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d618, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.796] WbemDefPath:IUnknown:AddRef (This=0x532d618) returned 0x3 [0136.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d618, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d618, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d618, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344418) returned 0x0 [0136.797] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344418, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.797] WbemDefPath:IUnknown:Release (This=0x5344418) returned 0x3 [0136.797] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.797] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d618, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.797] WbemDefPath:IUnknown:Release (This=0x532d618) returned 0x2 [0136.797] WbemDefPath:IUnknown:Release (This=0x532d618) returned 0x1 [0136.797] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.797] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x532d618, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x532d618) returned 0x0 [0136.797] WbemDefPath:IUnknown:AddRef (This=0x532d618) returned 0x3 [0136.797] WbemDefPath:IUnknown:Release (This=0x532d618) returned 0x2 [0136.797] WbemDefPath:IWbemPath:SetText (This=0x532d618, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2936\"") returned 0x0 [0136.797] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.797] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.797] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.797] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.797] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.797] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.798] IWbemClassObject:Get (in: This=0x5340b28, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c5968*=0, plFlavor=0x25c596c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x25c5968*=8, plFlavor=0x25c596c*=0) returned 0x0 [0136.798] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0136.798] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0136.798] IWbemClassObject:Get (in: This=0x5340b28, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c5968*=8, plFlavor=0x25c596c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x25c5968*=8, plFlavor=0x25c596c*=0) returned 0x0 [0136.798] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0136.798] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0136.798] CoTaskMemAlloc (cb=0x4) returned 0x5344448 [0136.798] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344448, puReturned=0x25b625c | out: apObjects=0x5344448*=0x5340cc0, puReturned=0x25b625c*=0x1) returned 0x0 [0136.799] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340cc0) returned 0x0 [0136.799] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.799] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.799] IUnknown:AddRef (This=0x5340cc0) returned 0x3 [0136.799] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.799] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.799] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340cc4) returned 0x0 [0136.799] IMarshal:GetUnmarshalClass (in: This=0x5340cc4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.800] IUnknown:Release (This=0x5340cc4) returned 0x3 [0136.800] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.800] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.800] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.800] IUnknown:Release (This=0x5340cc0) returned 0x2 [0136.800] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.800] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.800] IUnknown:QueryInterface (in: This=0x5340cc0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340cc0) returned 0x0 [0136.800] IUnknown:AddRef (This=0x5340cc0) returned 0x4 [0136.800] IUnknown:Release (This=0x5340cc0) returned 0x3 [0136.800] IUnknown:Release (This=0x5340cc0) returned 0x2 [0136.800] CoTaskMemFree (pv=0x5344448) [0136.800] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.800] IUnknown:AddRef (This=0x5340cc0) returned 0x3 [0136.800] IWbemClassObject:Get (in: This=0x5340cc0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.801] IWbemClassObject:Get (in: This=0x5340cc0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.801] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"") returned 0x66 [0136.801] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"") returned 0x66 [0136.801] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.801] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.801] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.801] IUnknown:Release (This=0x56e704) returned 0x1 [0136.803] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344448) returned 0x0 [0136.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344448, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.803] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344448, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348038) returned 0x0 [0136.803] WbemDefPath:IUnknown:Release (This=0x5344448) returned 0x0 [0136.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348038, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348038) returned 0x0 [0136.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348038, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.803] WbemDefPath:IUnknown:AddRef (This=0x5348038) returned 0x3 [0136.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348038, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348038, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348038, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344458) returned 0x0 [0136.804] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344458, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.804] WbemDefPath:IUnknown:Release (This=0x5344458) returned 0x3 [0136.804] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.804] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348038, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.804] WbemDefPath:IUnknown:Release (This=0x5348038) returned 0x2 [0136.804] WbemDefPath:IUnknown:Release (This=0x5348038) returned 0x1 [0136.804] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.804] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348038, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348038) returned 0x0 [0136.804] WbemDefPath:IUnknown:AddRef (This=0x5348038) returned 0x3 [0136.804] WbemDefPath:IUnknown:Release (This=0x5348038) returned 0x2 [0136.804] WbemDefPath:IWbemPath:SetText (This=0x5348038, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2944\"") returned 0x0 [0136.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.804] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.804] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.804] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.804] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.805] IWbemClassObject:Get (in: This=0x5340cc0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c61e0*=0, plFlavor=0x25c61e4*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x25c61e0*=8, plFlavor=0x25c61e4*=0) returned 0x0 [0136.805] SysStringByteLen (bstr="far.exe") returned 0xe [0136.805] SysStringByteLen (bstr="far.exe") returned 0xe [0136.805] IWbemClassObject:Get (in: This=0x5340cc0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c61e0*=8, plFlavor=0x25c61e4*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x25c61e0*=8, plFlavor=0x25c61e4*=0) returned 0x0 [0136.805] SysStringByteLen (bstr="far.exe") returned 0xe [0136.805] SysStringByteLen (bstr="far.exe") returned 0xe [0136.805] CoTaskMemAlloc (cb=0x4) returned 0x5344488 [0136.805] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344488, puReturned=0x25b625c | out: apObjects=0x5344488*=0x5340e58, puReturned=0x25b625c*=0x1) returned 0x0 [0136.806] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340e58) returned 0x0 [0136.806] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.806] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.806] IUnknown:AddRef (This=0x5340e58) returned 0x3 [0136.806] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.806] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.806] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340e5c) returned 0x0 [0136.807] IMarshal:GetUnmarshalClass (in: This=0x5340e5c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.807] IUnknown:Release (This=0x5340e5c) returned 0x3 [0136.807] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.807] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.807] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.807] IUnknown:Release (This=0x5340e58) returned 0x2 [0136.807] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.807] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.807] IUnknown:QueryInterface (in: This=0x5340e58, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340e58) returned 0x0 [0136.807] IUnknown:AddRef (This=0x5340e58) returned 0x4 [0136.807] IUnknown:Release (This=0x5340e58) returned 0x3 [0136.807] IUnknown:Release (This=0x5340e58) returned 0x2 [0136.807] CoTaskMemFree (pv=0x5344488) [0136.807] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.807] IUnknown:AddRef (This=0x5340e58) returned 0x3 [0136.807] IWbemClassObject:Get (in: This=0x5340e58, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.808] IWbemClassObject:Get (in: This=0x5340e58, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.808] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x66 [0136.808] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x66 [0136.808] CoGetObjectContext (in: riid=0x2552014*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ceb84 | out: ppv=0x3ceb84*=0x56e704) returned 0x0 [0136.808] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.808] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.808] IUnknown:Release (This=0x56e704) returned 0x1 [0136.809] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344488) returned 0x0 [0136.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344488, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.809] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344488, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348118) returned 0x0 [0136.809] WbemDefPath:IUnknown:Release (This=0x5344488) returned 0x0 [0136.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348118, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348118) returned 0x0 [0136.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348118, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.810] WbemDefPath:IUnknown:AddRef (This=0x5348118) returned 0x3 [0136.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348118, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348118, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348118, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344498) returned 0x0 [0136.810] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344498, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.810] WbemDefPath:IUnknown:Release (This=0x5344498) returned 0x3 [0136.810] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.810] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348118, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.810] WbemDefPath:IUnknown:Release (This=0x5348118) returned 0x2 [0136.810] WbemDefPath:IUnknown:Release (This=0x5348118) returned 0x1 [0136.810] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.810] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.810] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348118, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348118) returned 0x0 [0136.811] WbemDefPath:IUnknown:AddRef (This=0x5348118) returned 0x3 [0136.811] WbemDefPath:IUnknown:Release (This=0x5348118) returned 0x2 [0136.811] WbemDefPath:IWbemPath:SetText (This=0x5348118, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2952\"") returned 0x0 [0136.811] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.811] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.811] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.811] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.811] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.811] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.811] IWbemClassObject:Get (in: This=0x5340e58, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c6a3c*=0, plFlavor=0x25c6a40*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x25c6a3c*=8, plFlavor=0x25c6a40*=0) returned 0x0 [0136.811] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0136.811] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0136.811] IWbemClassObject:Get (in: This=0x5340e58, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c6a3c*=8, plFlavor=0x25c6a40*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x25c6a3c*=8, plFlavor=0x25c6a40*=0) returned 0x0 [0136.811] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0136.811] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0136.811] CoTaskMemAlloc (cb=0x4) returned 0x53444c8 [0136.811] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x53444c8, puReturned=0x25b625c | out: apObjects=0x53444c8*=0x5340ff0, puReturned=0x25b625c*=0x1) returned 0x0 [0136.812] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5340ff0) returned 0x0 [0136.812] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.812] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.813] IUnknown:AddRef (This=0x5340ff0) returned 0x3 [0136.813] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.813] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.813] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5340ff4) returned 0x0 [0136.813] IMarshal:GetUnmarshalClass (in: This=0x5340ff4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.813] IUnknown:Release (This=0x5340ff4) returned 0x3 [0136.813] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.813] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.813] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.813] IUnknown:Release (This=0x5340ff0) returned 0x2 [0136.813] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.813] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.813] IUnknown:QueryInterface (in: This=0x5340ff0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5340ff0) returned 0x0 [0136.813] IUnknown:AddRef (This=0x5340ff0) returned 0x4 [0136.813] IUnknown:Release (This=0x5340ff0) returned 0x3 [0136.813] IUnknown:Release (This=0x5340ff0) returned 0x2 [0136.813] CoTaskMemFree (pv=0x53444c8) [0136.814] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.814] IUnknown:AddRef (This=0x5340ff0) returned 0x3 [0136.814] IWbemClassObject:Get (in: This=0x5340ff0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.814] IWbemClassObject:Get (in: This=0x5340ff0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.814] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x66 [0136.814] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x66 [0136.815] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.815] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.815] IUnknown:Release (This=0x56e704) returned 0x1 [0136.816] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x53444c8) returned 0x0 [0136.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x53444c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.816] WbemDefPath:IClassFactory:CreateInstance (in: This=0x53444c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53481f8) returned 0x0 [0136.816] WbemDefPath:IUnknown:Release (This=0x53444c8) returned 0x0 [0136.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x53481f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53481f8) returned 0x0 [0136.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x53481f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.817] WbemDefPath:IUnknown:AddRef (This=0x53481f8) returned 0x3 [0136.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x53481f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x53481f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x53481f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x53444d8) returned 0x0 [0136.817] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x53444d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.817] WbemDefPath:IUnknown:Release (This=0x53444d8) returned 0x3 [0136.817] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.817] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x53481f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.817] WbemDefPath:IUnknown:Release (This=0x53481f8) returned 0x2 [0136.817] WbemDefPath:IUnknown:Release (This=0x53481f8) returned 0x1 [0136.817] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.817] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x53481f8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53481f8) returned 0x0 [0136.817] WbemDefPath:IUnknown:AddRef (This=0x53481f8) returned 0x3 [0136.818] WbemDefPath:IUnknown:Release (This=0x53481f8) returned 0x2 [0136.818] WbemDefPath:IWbemPath:SetText (This=0x53481f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2960\"") returned 0x0 [0136.818] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.818] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.818] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.818] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.818] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.818] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.818] IWbemClassObject:Get (in: This=0x5340ff0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c72b0*=0, plFlavor=0x25c72b4*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x25c72b0*=8, plFlavor=0x25c72b4*=0) returned 0x0 [0136.818] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0136.818] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0136.818] IWbemClassObject:Get (in: This=0x5340ff0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c72b0*=8, plFlavor=0x25c72b4*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x25c72b0*=8, plFlavor=0x25c72b4*=0) returned 0x0 [0136.818] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0136.818] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0136.818] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344508, puReturned=0x25b625c | out: apObjects=0x5344508*=0x5341188, puReturned=0x25b625c*=0x1) returned 0x0 [0136.888] IUnknown:QueryInterface (in: This=0x5341188, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5341188) returned 0x0 [0136.888] IUnknown:QueryInterface (in: This=0x5341188, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.889] IUnknown:QueryInterface (in: This=0x5341188, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.889] IUnknown:AddRef (This=0x5341188) returned 0x3 [0136.889] IUnknown:QueryInterface (in: This=0x5341188, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.889] IUnknown:QueryInterface (in: This=0x5341188, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.889] IUnknown:QueryInterface (in: This=0x5341188, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534118c) returned 0x0 [0136.889] IMarshal:GetUnmarshalClass (in: This=0x534118c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.889] IUnknown:Release (This=0x534118c) returned 0x3 [0136.889] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.890] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.890] IUnknown:QueryInterface (in: This=0x5341188, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.890] IUnknown:Release (This=0x5341188) returned 0x2 [0136.890] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.890] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.890] IUnknown:QueryInterface (in: This=0x5341188, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5341188) returned 0x0 [0136.890] IUnknown:AddRef (This=0x5341188) returned 0x4 [0136.890] IUnknown:Release (This=0x5341188) returned 0x3 [0136.890] IUnknown:Release (This=0x5341188) returned 0x2 [0136.890] CoTaskMemFree (pv=0x5344508) [0136.890] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.890] IUnknown:AddRef (This=0x5341188) returned 0x3 [0136.891] IWbemClassObject:Get (in: This=0x5341188, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.891] IWbemClassObject:Get (in: This=0x5341188, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.891] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x66 [0136.891] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x66 [0136.891] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.891] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.891] IUnknown:Release (This=0x56e704) returned 0x1 [0136.893] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344508) returned 0x0 [0136.893] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344508, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.893] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344508, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53482d8) returned 0x0 [0136.893] WbemDefPath:IUnknown:Release (This=0x5344508) returned 0x0 [0136.893] WbemDefPath:IUnknown:QueryInterface (in: This=0x53482d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53482d8) returned 0x0 [0136.893] WbemDefPath:IUnknown:QueryInterface (in: This=0x53482d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.894] WbemDefPath:IUnknown:AddRef (This=0x53482d8) returned 0x3 [0136.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x53482d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x53482d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x53482d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344518) returned 0x0 [0136.894] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344518, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.894] WbemDefPath:IUnknown:Release (This=0x5344518) returned 0x3 [0136.894] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.894] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x53482d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.894] WbemDefPath:IUnknown:Release (This=0x53482d8) returned 0x2 [0136.894] WbemDefPath:IUnknown:Release (This=0x53482d8) returned 0x1 [0136.894] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.894] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x53482d8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53482d8) returned 0x0 [0136.894] WbemDefPath:IUnknown:AddRef (This=0x53482d8) returned 0x3 [0136.894] WbemDefPath:IUnknown:Release (This=0x53482d8) returned 0x2 [0136.895] WbemDefPath:IWbemPath:SetText (This=0x53482d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2968\"") returned 0x0 [0136.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.895] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.895] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.895] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.895] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.895] IWbemClassObject:Get (in: This=0x5341188, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c7b30*=0, plFlavor=0x25c7b34*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x25c7b30*=8, plFlavor=0x25c7b34*=0) returned 0x0 [0136.895] SysStringByteLen (bstr="fling.exe") returned 0x12 [0136.895] SysStringByteLen (bstr="fling.exe") returned 0x12 [0136.895] IWbemClassObject:Get (in: This=0x5341188, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c7b30*=8, plFlavor=0x25c7b34*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x25c7b30*=8, plFlavor=0x25c7b34*=0) returned 0x0 [0136.895] SysStringByteLen (bstr="fling.exe") returned 0x12 [0136.896] SysStringByteLen (bstr="fling.exe") returned 0x12 [0136.896] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344548, puReturned=0x25b625c | out: apObjects=0x5344548*=0x5341320, puReturned=0x25b625c*=0x1) returned 0x0 [0136.982] IUnknown:QueryInterface (in: This=0x5341320, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5341320) returned 0x0 [0136.982] IUnknown:QueryInterface (in: This=0x5341320, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.982] IUnknown:QueryInterface (in: This=0x5341320, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.983] IUnknown:AddRef (This=0x5341320) returned 0x3 [0136.983] IUnknown:QueryInterface (in: This=0x5341320, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.983] IUnknown:QueryInterface (in: This=0x5341320, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.983] IUnknown:QueryInterface (in: This=0x5341320, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5341324) returned 0x0 [0136.983] IMarshal:GetUnmarshalClass (in: This=0x5341324, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.983] IUnknown:Release (This=0x5341324) returned 0x3 [0136.983] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.983] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.983] IUnknown:QueryInterface (in: This=0x5341320, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.983] IUnknown:Release (This=0x5341320) returned 0x2 [0136.983] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.983] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.983] IUnknown:QueryInterface (in: This=0x5341320, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5341320) returned 0x0 [0136.983] IUnknown:AddRef (This=0x5341320) returned 0x4 [0136.983] IUnknown:Release (This=0x5341320) returned 0x3 [0136.983] IUnknown:Release (This=0x5341320) returned 0x2 [0136.983] CoTaskMemFree (pv=0x5344548) [0136.984] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.984] IUnknown:AddRef (This=0x5341320) returned 0x3 [0136.984] IWbemClassObject:Get (in: This=0x5341320, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.984] IWbemClassObject:Get (in: This=0x5341320, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.984] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x66 [0136.984] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x66 [0136.984] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.984] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.984] IUnknown:Release (This=0x56e704) returned 0x1 [0136.985] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344548) returned 0x0 [0136.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344548, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.986] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344548, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53483b8) returned 0x0 [0136.986] WbemDefPath:IUnknown:Release (This=0x5344548) returned 0x0 [0136.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x53483b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53483b8) returned 0x0 [0136.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x53483b8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.986] WbemDefPath:IUnknown:AddRef (This=0x53483b8) returned 0x3 [0136.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x53483b8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x53483b8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x53483b8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344558) returned 0x0 [0136.986] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344558, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.986] WbemDefPath:IUnknown:Release (This=0x5344558) returned 0x3 [0136.986] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.987] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.987] WbemDefPath:IUnknown:QueryInterface (in: This=0x53483b8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.987] WbemDefPath:IUnknown:Release (This=0x53483b8) returned 0x2 [0136.987] WbemDefPath:IUnknown:Release (This=0x53483b8) returned 0x1 [0136.987] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.987] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.987] WbemDefPath:IUnknown:QueryInterface (in: This=0x53483b8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53483b8) returned 0x0 [0136.987] WbemDefPath:IUnknown:AddRef (This=0x53483b8) returned 0x3 [0136.987] WbemDefPath:IUnknown:Release (This=0x53483b8) returned 0x2 [0136.987] WbemDefPath:IWbemPath:SetText (This=0x53483b8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2976\"") returned 0x0 [0136.987] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.987] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.987] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.987] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.987] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.987] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.987] IWbemClassObject:Get (in: This=0x5341320, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c8394*=0, plFlavor=0x25c8398*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x25c8394*=8, plFlavor=0x25c8398*=0) returned 0x0 [0136.987] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0136.987] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0136.987] IWbemClassObject:Get (in: This=0x5341320, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c8394*=8, plFlavor=0x25c8398*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x25c8394*=8, plFlavor=0x25c8398*=0) returned 0x0 [0136.987] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0136.988] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0136.988] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344588, puReturned=0x25b625c | out: apObjects=0x5344588*=0x53414b8, puReturned=0x25b625c*=0x1) returned 0x0 [0136.989] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53414b8) returned 0x0 [0136.989] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.989] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.990] IUnknown:AddRef (This=0x53414b8) returned 0x3 [0136.990] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.990] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.990] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53414bc) returned 0x0 [0136.990] IMarshal:GetUnmarshalClass (in: This=0x53414bc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.990] IUnknown:Release (This=0x53414bc) returned 0x3 [0136.990] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.990] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.990] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.990] IUnknown:Release (This=0x53414b8) returned 0x2 [0136.990] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.990] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.990] IUnknown:QueryInterface (in: This=0x53414b8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53414b8) returned 0x0 [0136.990] IUnknown:AddRef (This=0x53414b8) returned 0x4 [0136.990] IUnknown:Release (This=0x53414b8) returned 0x3 [0136.990] IUnknown:Release (This=0x53414b8) returned 0x2 [0136.990] CoTaskMemFree (pv=0x5344588) [0136.990] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.991] IUnknown:AddRef (This=0x53414b8) returned 0x3 [0136.991] IWbemClassObject:Get (in: This=0x53414b8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.991] IWbemClassObject:Get (in: This=0x53414b8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.991] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x66 [0136.991] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x66 [0136.991] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.991] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.991] IUnknown:Release (This=0x56e704) returned 0x1 [0136.992] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344588) returned 0x0 [0136.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344588, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.993] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344588, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348498) returned 0x0 [0136.993] WbemDefPath:IUnknown:Release (This=0x5344588) returned 0x0 [0136.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348498, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348498) returned 0x0 [0136.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348498, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.993] WbemDefPath:IUnknown:AddRef (This=0x5348498) returned 0x3 [0136.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348498, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348498, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348498, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344598) returned 0x0 [0136.993] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344598, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.993] WbemDefPath:IUnknown:Release (This=0x5344598) returned 0x3 [0136.993] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.993] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348498, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.993] WbemDefPath:IUnknown:Release (This=0x5348498) returned 0x2 [0136.993] WbemDefPath:IUnknown:Release (This=0x5348498) returned 0x1 [0136.993] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.994] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0136.994] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348498, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348498) returned 0x0 [0136.994] WbemDefPath:IUnknown:AddRef (This=0x5348498) returned 0x3 [0136.994] WbemDefPath:IUnknown:Release (This=0x5348498) returned 0x2 [0136.994] WbemDefPath:IWbemPath:SetText (This=0x5348498, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x0 [0136.994] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0136.994] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0136.994] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.994] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0136.994] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0136.994] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.994] IWbemClassObject:Get (in: This=0x53414b8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c8c20*=0, plFlavor=0x25c8c24*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x25c8c20*=8, plFlavor=0x25c8c24*=0) returned 0x0 [0136.994] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0136.994] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0136.994] IWbemClassObject:Get (in: This=0x53414b8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c8c20*=8, plFlavor=0x25c8c24*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x25c8c20*=8, plFlavor=0x25c8c24*=0) returned 0x0 [0136.994] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0136.994] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0136.994] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x53445c8, puReturned=0x25b625c | out: apObjects=0x53445c8*=0x534a718, puReturned=0x25b625c*=0x1) returned 0x0 [0136.995] IUnknown:QueryInterface (in: This=0x534a718, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534a718) returned 0x0 [0136.995] IUnknown:QueryInterface (in: This=0x534a718, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0136.995] IUnknown:QueryInterface (in: This=0x534a718, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0136.996] IUnknown:AddRef (This=0x534a718) returned 0x3 [0136.996] IUnknown:QueryInterface (in: This=0x534a718, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0136.996] IUnknown:QueryInterface (in: This=0x534a718, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0136.996] IUnknown:QueryInterface (in: This=0x534a718, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534a71c) returned 0x0 [0136.996] IMarshal:GetUnmarshalClass (in: This=0x534a71c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0136.996] IUnknown:Release (This=0x534a71c) returned 0x3 [0136.996] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0136.996] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0136.996] IUnknown:QueryInterface (in: This=0x534a718, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0136.996] IUnknown:Release (This=0x534a718) returned 0x2 [0136.996] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0136.996] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0136.996] IUnknown:QueryInterface (in: This=0x534a718, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534a718) returned 0x0 [0136.996] IUnknown:AddRef (This=0x534a718) returned 0x4 [0136.996] IUnknown:Release (This=0x534a718) returned 0x3 [0136.996] IUnknown:Release (This=0x534a718) returned 0x2 [0136.996] CoTaskMemFree (pv=0x53445c8) [0136.997] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0136.997] IUnknown:AddRef (This=0x534a718) returned 0x3 [0136.997] IWbemClassObject:Get (in: This=0x534a718, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0136.997] IWbemClassObject:Get (in: This=0x534a718, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0136.997] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x66 [0136.997] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x66 [0136.997] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0136.997] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0136.997] IUnknown:Release (This=0x56e704) returned 0x1 [0136.998] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x53445c8) returned 0x0 [0136.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x53445c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0136.999] WbemDefPath:IClassFactory:CreateInstance (in: This=0x53445c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348578) returned 0x0 [0136.999] WbemDefPath:IUnknown:Release (This=0x53445c8) returned 0x0 [0136.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348578, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348578) returned 0x0 [0136.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348578, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0136.999] WbemDefPath:IUnknown:AddRef (This=0x5348578) returned 0x3 [0136.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348578, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0136.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348578, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0136.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348578, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x53445d8) returned 0x0 [0136.999] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x53445d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.999] WbemDefPath:IUnknown:Release (This=0x53445d8) returned 0x3 [0136.999] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0136.999] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0136.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348578, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0136.999] WbemDefPath:IUnknown:Release (This=0x5348578) returned 0x2 [0136.999] WbemDefPath:IUnknown:Release (This=0x5348578) returned 0x1 [0136.999] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0136.999] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0137.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348578, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348578) returned 0x0 [0137.000] WbemDefPath:IUnknown:AddRef (This=0x5348578) returned 0x3 [0137.000] WbemDefPath:IUnknown:Release (This=0x5348578) returned 0x2 [0137.000] WbemDefPath:IWbemPath:SetText (This=0x5348578, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2992\"") returned 0x0 [0137.000] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.000] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.000] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.000] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.000] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.000] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.000] IWbemClassObject:Get (in: This=0x534a718, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c94b4*=0, plFlavor=0x25c94b8*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x25c94b4*=8, plFlavor=0x25c94b8*=0) returned 0x0 [0137.000] SysStringByteLen (bstr="icq.exe") returned 0xe [0137.000] SysStringByteLen (bstr="icq.exe") returned 0xe [0137.000] IWbemClassObject:Get (in: This=0x534a718, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c94b4*=8, plFlavor=0x25c94b8*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x25c94b4*=8, plFlavor=0x25c94b8*=0) returned 0x0 [0137.000] SysStringByteLen (bstr="icq.exe") returned 0xe [0137.000] SysStringByteLen (bstr="icq.exe") returned 0xe [0137.000] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344608, puReturned=0x25b625c | out: apObjects=0x5344608*=0x534a8b0, puReturned=0x25b625c*=0x1) returned 0x0 [0137.001] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534a8b0) returned 0x0 [0137.001] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.001] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.002] IUnknown:AddRef (This=0x534a8b0) returned 0x3 [0137.002] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.002] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.002] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534a8b4) returned 0x0 [0137.002] IMarshal:GetUnmarshalClass (in: This=0x534a8b4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.002] IUnknown:Release (This=0x534a8b4) returned 0x3 [0137.002] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0137.002] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0137.002] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.002] IUnknown:Release (This=0x534a8b0) returned 0x2 [0137.002] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0137.002] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0137.002] IUnknown:QueryInterface (in: This=0x534a8b0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534a8b0) returned 0x0 [0137.002] IUnknown:AddRef (This=0x534a8b0) returned 0x4 [0137.002] IUnknown:Release (This=0x534a8b0) returned 0x3 [0137.002] IUnknown:Release (This=0x534a8b0) returned 0x2 [0137.002] CoTaskMemFree (pv=0x5344608) [0137.003] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0137.003] IUnknown:AddRef (This=0x534a8b0) returned 0x3 [0137.003] IWbemClassObject:Get (in: This=0x534a8b0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.003] IWbemClassObject:Get (in: This=0x534a8b0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3000\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.003] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3000\"") returned 0x66 [0137.003] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3000\"") returned 0x66 [0137.003] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.003] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.003] IUnknown:Release (This=0x56e704) returned 0x1 [0137.004] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344608) returned 0x0 [0137.005] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344608, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.005] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344608, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348658) returned 0x0 [0137.005] WbemDefPath:IUnknown:Release (This=0x5344608) returned 0x0 [0137.005] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348658, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348658) returned 0x0 [0137.005] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348658, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.005] WbemDefPath:IUnknown:AddRef (This=0x5348658) returned 0x3 [0137.005] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348658, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.005] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348658, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.005] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348658, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344618) returned 0x0 [0137.005] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344618, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.005] WbemDefPath:IUnknown:Release (This=0x5344618) returned 0x3 [0137.005] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0137.005] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0137.005] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348658, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.005] WbemDefPath:IUnknown:Release (This=0x5348658) returned 0x2 [0137.005] WbemDefPath:IUnknown:Release (This=0x5348658) returned 0x1 [0137.005] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0137.006] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0137.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348658, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348658) returned 0x0 [0137.006] WbemDefPath:IUnknown:AddRef (This=0x5348658) returned 0x3 [0137.006] WbemDefPath:IUnknown:Release (This=0x5348658) returned 0x2 [0137.006] WbemDefPath:IWbemPath:SetText (This=0x5348658, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3000\"") returned 0x0 [0137.006] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.006] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.006] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.006] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.006] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.006] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.006] IWbemClassObject:Get (in: This=0x534a8b0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c9d1c*=0, plFlavor=0x25c9d20*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x25c9d1c*=8, plFlavor=0x25c9d20*=0) returned 0x0 [0137.006] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0137.006] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0137.006] IWbemClassObject:Get (in: This=0x534a8b0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25c9d1c*=8, plFlavor=0x25c9d20*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x25c9d1c*=8, plFlavor=0x25c9d20*=0) returned 0x0 [0137.006] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0137.006] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0137.007] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344648, puReturned=0x25b625c | out: apObjects=0x5344648*=0x534aa48, puReturned=0x25b625c*=0x1) returned 0x0 [0137.209] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534aa48) returned 0x0 [0137.209] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.209] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.209] IUnknown:AddRef (This=0x534aa48) returned 0x3 [0137.209] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.209] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.209] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534aa4c) returned 0x0 [0137.209] IMarshal:GetUnmarshalClass (in: This=0x534aa4c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.209] IUnknown:Release (This=0x534aa4c) returned 0x3 [0137.209] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0137.210] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0137.210] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.210] IUnknown:Release (This=0x534aa48) returned 0x2 [0137.210] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0137.210] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0137.210] IUnknown:QueryInterface (in: This=0x534aa48, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534aa48) returned 0x0 [0137.210] IUnknown:AddRef (This=0x534aa48) returned 0x4 [0137.210] IUnknown:Release (This=0x534aa48) returned 0x3 [0137.210] IUnknown:Release (This=0x534aa48) returned 0x2 [0137.210] CoTaskMemFree (pv=0x5344648) [0137.211] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0137.211] IUnknown:AddRef (This=0x534aa48) returned 0x3 [0137.211] IWbemClassObject:Get (in: This=0x534aa48, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.211] IWbemClassObject:Get (in: This=0x534aa48, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3008\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.211] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3008\"") returned 0x66 [0137.211] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3008\"") returned 0x66 [0137.212] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.212] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.212] IUnknown:Release (This=0x56e704) returned 0x1 [0137.213] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344648) returned 0x0 [0137.214] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344648, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.214] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344648, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348738) returned 0x0 [0137.214] WbemDefPath:IUnknown:Release (This=0x5344648) returned 0x0 [0137.214] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348738, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348738) returned 0x0 [0137.214] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348738, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.215] WbemDefPath:IUnknown:AddRef (This=0x5348738) returned 0x3 [0137.215] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348738, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.215] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348738, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.215] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348738, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344658) returned 0x0 [0137.215] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344658, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.215] WbemDefPath:IUnknown:Release (This=0x5344658) returned 0x3 [0137.215] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0137.215] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0137.215] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348738, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.215] WbemDefPath:IUnknown:Release (This=0x5348738) returned 0x2 [0137.215] WbemDefPath:IUnknown:Release (This=0x5348738) returned 0x1 [0137.215] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0137.215] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0137.215] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348738, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348738) returned 0x0 [0137.216] WbemDefPath:IUnknown:AddRef (This=0x5348738) returned 0x3 [0137.216] WbemDefPath:IUnknown:Release (This=0x5348738) returned 0x2 [0137.216] WbemDefPath:IWbemPath:SetText (This=0x5348738, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3008\"") returned 0x0 [0137.216] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.216] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.216] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.216] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.216] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.216] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.216] IWbemClassObject:Get (in: This=0x534aa48, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ca590*=0, plFlavor=0x25ca594*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x25ca590*=8, plFlavor=0x25ca594*=0) returned 0x0 [0137.216] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0137.216] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0137.216] IWbemClassObject:Get (in: This=0x534aa48, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ca590*=8, plFlavor=0x25ca594*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x25ca590*=8, plFlavor=0x25ca594*=0) returned 0x0 [0137.216] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0137.216] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0137.216] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344688, puReturned=0x25b625c | out: apObjects=0x5344688*=0x534abe0, puReturned=0x25b625c*=0x1) returned 0x0 [0137.218] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534abe0) returned 0x0 [0137.218] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.218] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.218] IUnknown:AddRef (This=0x534abe0) returned 0x3 [0137.218] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.218] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.219] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534abe4) returned 0x0 [0137.219] IMarshal:GetUnmarshalClass (in: This=0x534abe4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.219] IUnknown:Release (This=0x534abe4) returned 0x3 [0137.219] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0137.219] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0137.219] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.219] IUnknown:Release (This=0x534abe0) returned 0x2 [0137.219] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0137.219] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0137.219] IUnknown:QueryInterface (in: This=0x534abe0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534abe0) returned 0x0 [0137.219] IUnknown:AddRef (This=0x534abe0) returned 0x4 [0137.219] IUnknown:Release (This=0x534abe0) returned 0x3 [0137.219] IUnknown:Release (This=0x534abe0) returned 0x2 [0137.219] CoTaskMemFree (pv=0x5344688) [0137.220] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0137.220] IUnknown:AddRef (This=0x534abe0) returned 0x3 [0137.220] IWbemClassObject:Get (in: This=0x534abe0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.220] IWbemClassObject:Get (in: This=0x534abe0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3016\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.220] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3016\"") returned 0x66 [0137.220] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3016\"") returned 0x66 [0137.220] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.220] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.220] IUnknown:Release (This=0x56e704) returned 0x1 [0137.222] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344688) returned 0x0 [0137.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344688, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.222] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344688, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348818) returned 0x0 [0137.222] WbemDefPath:IUnknown:Release (This=0x5344688) returned 0x0 [0137.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348818, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348818) returned 0x0 [0137.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348818, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.223] WbemDefPath:IUnknown:AddRef (This=0x5348818) returned 0x3 [0137.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348818, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348818, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348818, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344698) returned 0x0 [0137.223] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344698, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.223] WbemDefPath:IUnknown:Release (This=0x5344698) returned 0x3 [0137.223] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0137.223] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0137.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348818, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.223] WbemDefPath:IUnknown:Release (This=0x5348818) returned 0x2 [0137.223] WbemDefPath:IUnknown:Release (This=0x5348818) returned 0x1 [0137.223] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0137.223] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0137.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348818, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348818) returned 0x0 [0137.223] WbemDefPath:IUnknown:AddRef (This=0x5348818) returned 0x3 [0137.223] WbemDefPath:IUnknown:Release (This=0x5348818) returned 0x2 [0137.223] WbemDefPath:IWbemPath:SetText (This=0x5348818, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3016\"") returned 0x0 [0137.223] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.224] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.224] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.224] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.224] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.224] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.224] IWbemClassObject:Get (in: This=0x534abe0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cadf4*=0, plFlavor=0x25cadf8*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x25cadf4*=8, plFlavor=0x25cadf8*=0) returned 0x0 [0137.224] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0137.224] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0137.224] IWbemClassObject:Get (in: This=0x534abe0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cadf4*=8, plFlavor=0x25cadf8*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x25cadf4*=8, plFlavor=0x25cadf8*=0) returned 0x0 [0137.224] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0137.224] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0137.224] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x53446c8, puReturned=0x25b625c | out: apObjects=0x53446c8*=0x534ad78, puReturned=0x25b625c*=0x1) returned 0x0 [0137.225] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534ad78) returned 0x0 [0137.225] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.225] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.226] IUnknown:AddRef (This=0x534ad78) returned 0x3 [0137.226] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.226] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.226] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534ad7c) returned 0x0 [0137.226] IMarshal:GetUnmarshalClass (in: This=0x534ad7c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.226] IUnknown:Release (This=0x534ad7c) returned 0x3 [0137.226] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0137.226] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0137.226] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.226] IUnknown:Release (This=0x534ad78) returned 0x2 [0137.226] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0137.226] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0137.226] IUnknown:QueryInterface (in: This=0x534ad78, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534ad78) returned 0x0 [0137.226] IUnknown:AddRef (This=0x534ad78) returned 0x4 [0137.226] IUnknown:Release (This=0x534ad78) returned 0x3 [0137.227] IUnknown:Release (This=0x534ad78) returned 0x2 [0137.227] CoTaskMemFree (pv=0x53446c8) [0137.227] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0137.227] IUnknown:AddRef (This=0x534ad78) returned 0x3 [0137.227] IWbemClassObject:Get (in: This=0x534ad78, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.227] IWbemClassObject:Get (in: This=0x534ad78, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3024\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.227] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3024\"") returned 0x66 [0137.227] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3024\"") returned 0x66 [0137.227] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.228] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.228] IUnknown:Release (This=0x56e704) returned 0x1 [0137.229] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x53446c8) returned 0x0 [0137.229] WbemDefPath:IUnknown:QueryInterface (in: This=0x53446c8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.229] WbemDefPath:IClassFactory:CreateInstance (in: This=0x53446c8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53488f8) returned 0x0 [0137.229] WbemDefPath:IUnknown:Release (This=0x53446c8) returned 0x0 [0137.229] WbemDefPath:IUnknown:QueryInterface (in: This=0x53488f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53488f8) returned 0x0 [0137.229] WbemDefPath:IUnknown:QueryInterface (in: This=0x53488f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.230] WbemDefPath:IUnknown:AddRef (This=0x53488f8) returned 0x3 [0137.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x53488f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x53488f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x53488f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x53446d8) returned 0x0 [0137.230] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x53446d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.230] WbemDefPath:IUnknown:Release (This=0x53446d8) returned 0x3 [0137.230] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0137.230] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0137.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x53488f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.230] WbemDefPath:IUnknown:Release (This=0x53488f8) returned 0x2 [0137.230] WbemDefPath:IUnknown:Release (This=0x53488f8) returned 0x1 [0137.230] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0137.230] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0137.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x53488f8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53488f8) returned 0x0 [0137.231] WbemDefPath:IUnknown:AddRef (This=0x53488f8) returned 0x3 [0137.231] WbemDefPath:IUnknown:Release (This=0x53488f8) returned 0x2 [0137.231] WbemDefPath:IWbemPath:SetText (This=0x53488f8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3024\"") returned 0x0 [0137.231] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.231] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.231] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.231] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.231] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.231] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.231] IWbemClassObject:Get (in: This=0x534ad78, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cb660*=0, plFlavor=0x25cb664*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x25cb660*=8, plFlavor=0x25cb664*=0) returned 0x0 [0137.231] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0137.231] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0137.231] IWbemClassObject:Get (in: This=0x534ad78, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cb660*=8, plFlavor=0x25cb664*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x25cb660*=8, plFlavor=0x25cb664*=0) returned 0x0 [0137.231] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0137.231] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0137.231] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5344708, puReturned=0x25b625c | out: apObjects=0x5344708*=0x534af10, puReturned=0x25b625c*=0x1) returned 0x0 [0137.232] IUnknown:QueryInterface (in: This=0x534af10, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534af10) returned 0x0 [0137.233] IUnknown:QueryInterface (in: This=0x534af10, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.233] IUnknown:QueryInterface (in: This=0x534af10, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.233] IUnknown:AddRef (This=0x534af10) returned 0x3 [0137.233] IUnknown:QueryInterface (in: This=0x534af10, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.233] IUnknown:QueryInterface (in: This=0x534af10, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.233] IUnknown:QueryInterface (in: This=0x534af10, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534af14) returned 0x0 [0137.233] IMarshal:GetUnmarshalClass (in: This=0x534af14, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.233] IUnknown:Release (This=0x534af14) returned 0x3 [0137.233] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0137.233] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0137.233] IUnknown:QueryInterface (in: This=0x534af10, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.234] IUnknown:Release (This=0x534af10) returned 0x2 [0137.234] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0137.234] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0137.234] IUnknown:QueryInterface (in: This=0x534af10, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534af10) returned 0x0 [0137.234] IUnknown:AddRef (This=0x534af10) returned 0x4 [0137.234] IUnknown:Release (This=0x534af10) returned 0x3 [0137.234] IUnknown:Release (This=0x534af10) returned 0x2 [0137.234] CoTaskMemFree (pv=0x5344708) [0137.234] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0137.234] IUnknown:AddRef (This=0x534af10) returned 0x3 [0137.234] IWbemClassObject:Get (in: This=0x534af10, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.235] IWbemClassObject:Get (in: This=0x534af10, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3032\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.235] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3032\"") returned 0x66 [0137.235] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3032\"") returned 0x66 [0137.235] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.235] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.235] IUnknown:Release (This=0x56e704) returned 0x1 [0137.236] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5344708) returned 0x0 [0137.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x5344708, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.237] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5344708, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53489d8) returned 0x0 [0137.237] WbemDefPath:IUnknown:Release (This=0x5344708) returned 0x0 [0137.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x53489d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53489d8) returned 0x0 [0137.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x53489d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.237] WbemDefPath:IUnknown:AddRef (This=0x53489d8) returned 0x3 [0137.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x53489d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x53489d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x53489d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5344718) returned 0x0 [0137.238] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5344718, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.238] WbemDefPath:IUnknown:Release (This=0x5344718) returned 0x3 [0137.238] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0137.238] CoGetContextToken (in: pToken=0x3ce074 | out: pToken=0x3ce074) returned 0x0 [0137.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x53489d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.238] WbemDefPath:IUnknown:Release (This=0x53489d8) returned 0x2 [0137.238] WbemDefPath:IUnknown:Release (This=0x53489d8) returned 0x1 [0137.238] CoGetContextToken (in: pToken=0x3cea04 | out: pToken=0x3cea04) returned 0x0 [0137.238] CoGetContextToken (in: pToken=0x3ce964 | out: pToken=0x3ce964) returned 0x0 [0137.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x53489d8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53489d8) returned 0x0 [0137.238] WbemDefPath:IUnknown:AddRef (This=0x53489d8) returned 0x3 [0137.238] WbemDefPath:IUnknown:Release (This=0x53489d8) returned 0x2 [0137.238] WbemDefPath:IWbemPath:SetText (This=0x53489d8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3032\"") returned 0x0 [0137.238] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.238] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.238] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.238] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.238] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.238] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.239] IWbemClassObject:Get (in: This=0x534af10, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cbee0*=0, plFlavor=0x25cbee4*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x25cbee0*=8, plFlavor=0x25cbee4*=0) returned 0x0 [0137.239] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0137.239] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0137.239] IWbemClassObject:Get (in: This=0x534af10, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cbee0*=8, plFlavor=0x25cbee4*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x25cbee0*=8, plFlavor=0x25cbee4*=0) returned 0x0 [0137.239] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0137.239] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0137.239] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f7e0, puReturned=0x25b625c | out: apObjects=0x534f7e0*=0x534b0a8, puReturned=0x25b625c*=0x1) returned 0x0 [0137.240] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534b0a8) returned 0x0 [0137.240] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.240] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.240] IUnknown:AddRef (This=0x534b0a8) returned 0x3 [0137.240] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.241] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.241] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534b0ac) returned 0x0 [0137.241] IMarshal:GetUnmarshalClass (in: This=0x534b0ac, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.241] IUnknown:Release (This=0x534b0ac) returned 0x3 [0137.241] CoGetContextToken (in: pToken=0x3cdb08 | out: pToken=0x3cdb08) returned 0x0 [0137.241] CoGetContextToken (in: pToken=0x3cdf1c | out: pToken=0x3cdf1c) returned 0x0 [0137.241] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.241] IUnknown:Release (This=0x534b0a8) returned 0x2 [0137.241] CoGetContextToken (in: pToken=0x3ce504 | out: pToken=0x3ce504) returned 0x0 [0137.241] CoGetContextToken (in: pToken=0x3ce464 | out: pToken=0x3ce464) returned 0x0 [0137.241] IUnknown:QueryInterface (in: This=0x534b0a8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534b0a8) returned 0x0 [0137.241] IUnknown:AddRef (This=0x534b0a8) returned 0x4 [0137.241] IUnknown:Release (This=0x534b0a8) returned 0x3 [0137.241] IUnknown:Release (This=0x534b0a8) returned 0x2 [0137.241] CoTaskMemFree (pv=0x534f7e0) [0137.241] CoGetContextToken (in: pToken=0x3ce874 | out: pToken=0x3ce874) returned 0x0 [0137.241] IUnknown:AddRef (This=0x534b0a8) returned 0x3 [0137.242] IWbemClassObject:Get (in: This=0x534b0a8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.242] IWbemClassObject:Get (in: This=0x534b0a8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3040\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.242] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3040\"") returned 0x66 [0137.242] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3040\"") returned 0x66 [0137.242] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.242] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.242] IUnknown:Release (This=0x56e704) returned 0x1 [0137.243] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f7e0) returned 0x0 [0137.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f7e0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.244] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f7e0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348ab8) returned 0x0 [0137.244] WbemDefPath:IUnknown:Release (This=0x534f7e0) returned 0x0 [0137.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348ab8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348ab8) returned 0x0 [0137.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348ab8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.244] WbemDefPath:IUnknown:AddRef (This=0x5348ab8) returned 0x3 [0137.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348ab8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348ab8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348ab8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f7f0) returned 0x0 [0137.245] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f7f0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.245] WbemDefPath:IUnknown:Release (This=0x534f7f0) returned 0x3 [0137.245] CoGetContextToken (in: pToken=0x3cdc60 | out: pToken=0x3cdc60) returned 0x0 [0137.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348ab8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.245] WbemDefPath:IUnknown:Release (This=0x5348ab8) returned 0x2 [0137.245] WbemDefPath:IUnknown:Release (This=0x5348ab8) returned 0x1 [0137.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348ab8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348ab8) returned 0x0 [0137.245] WbemDefPath:IUnknown:AddRef (This=0x5348ab8) returned 0x3 [0137.245] WbemDefPath:IUnknown:Release (This=0x5348ab8) returned 0x2 [0137.245] WbemDefPath:IWbemPath:SetText (This=0x5348ab8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3040\"") returned 0x0 [0137.245] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.245] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.245] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.245] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.245] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.245] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.245] IWbemClassObject:Get (in: This=0x534b0a8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cc74c*=0, plFlavor=0x25cc750*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x25cc74c*=8, plFlavor=0x25cc750*=0) returned 0x0 [0137.293] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0137.293] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0137.293] IWbemClassObject:Get (in: This=0x534b0a8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cc74c*=8, plFlavor=0x25cc750*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x25cc74c*=8, plFlavor=0x25cc750*=0) returned 0x0 [0137.293] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0137.293] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0137.293] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f820, puReturned=0x25b625c | out: apObjects=0x534f820*=0x534b240, puReturned=0x25b625c*=0x1) returned 0x0 [0137.340] IUnknown:QueryInterface (in: This=0x534b240, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534b240) returned 0x0 [0137.340] IUnknown:QueryInterface (in: This=0x534b240, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.341] IUnknown:QueryInterface (in: This=0x534b240, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.341] IUnknown:AddRef (This=0x534b240) returned 0x3 [0137.341] IUnknown:QueryInterface (in: This=0x534b240, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.341] IUnknown:QueryInterface (in: This=0x534b240, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.341] IUnknown:QueryInterface (in: This=0x534b240, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534b244) returned 0x0 [0137.341] IMarshal:GetUnmarshalClass (in: This=0x534b244, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.341] IUnknown:Release (This=0x534b244) returned 0x3 [0137.341] IUnknown:QueryInterface (in: This=0x534b240, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.341] IUnknown:Release (This=0x534b240) returned 0x2 [0137.341] IUnknown:QueryInterface (in: This=0x534b240, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534b240) returned 0x0 [0137.342] IUnknown:AddRef (This=0x534b240) returned 0x4 [0137.342] IUnknown:Release (This=0x534b240) returned 0x3 [0137.342] IUnknown:Release (This=0x534b240) returned 0x2 [0137.342] CoTaskMemFree (pv=0x534f820) [0137.342] IUnknown:AddRef (This=0x534b240) returned 0x3 [0137.342] IWbemClassObject:Get (in: This=0x534b240, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.342] IWbemClassObject:Get (in: This=0x534b240, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3048\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.342] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3048\"") returned 0x66 [0137.342] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3048\"") returned 0x66 [0137.343] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.343] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.343] IUnknown:Release (This=0x56e704) returned 0x1 [0137.344] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f820) returned 0x0 [0137.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f820, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.344] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f820, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348b98) returned 0x0 [0137.344] WbemDefPath:IUnknown:Release (This=0x534f820) returned 0x0 [0137.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348b98, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348b98) returned 0x0 [0137.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348b98, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.345] WbemDefPath:IUnknown:AddRef (This=0x5348b98) returned 0x3 [0137.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348b98, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348b98, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348b98, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f830) returned 0x0 [0137.345] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f830, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.345] WbemDefPath:IUnknown:Release (This=0x534f830) returned 0x3 [0137.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348b98, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.345] WbemDefPath:IUnknown:Release (This=0x5348b98) returned 0x2 [0137.345] WbemDefPath:IUnknown:Release (This=0x5348b98) returned 0x1 [0137.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348b98, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348b98) returned 0x0 [0137.345] WbemDefPath:IUnknown:AddRef (This=0x5348b98) returned 0x3 [0137.345] WbemDefPath:IUnknown:Release (This=0x5348b98) returned 0x2 [0137.345] WbemDefPath:IWbemPath:SetText (This=0x5348b98, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3048\"") returned 0x0 [0137.345] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.345] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.346] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.346] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.346] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.346] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.346] IWbemClassObject:Get (in: This=0x534b240, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ccfb8*=0, plFlavor=0x25ccfbc*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x25ccfb8*=8, plFlavor=0x25ccfbc*=0) returned 0x0 [0137.346] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0137.346] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0137.346] IWbemClassObject:Get (in: This=0x534b240, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ccfb8*=8, plFlavor=0x25ccfbc*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x25ccfb8*=8, plFlavor=0x25ccfbc*=0) returned 0x0 [0137.346] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0137.346] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0137.346] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f860, puReturned=0x25b625c | out: apObjects=0x534f860*=0x534b3d8, puReturned=0x25b625c*=0x1) returned 0x0 [0137.347] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534b3d8) returned 0x0 [0137.347] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.347] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.347] IUnknown:AddRef (This=0x534b3d8) returned 0x3 [0137.348] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.348] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.348] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534b3dc) returned 0x0 [0137.348] IMarshal:GetUnmarshalClass (in: This=0x534b3dc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.348] IUnknown:Release (This=0x534b3dc) returned 0x3 [0137.348] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.348] IUnknown:Release (This=0x534b3d8) returned 0x2 [0137.348] IUnknown:QueryInterface (in: This=0x534b3d8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534b3d8) returned 0x0 [0137.348] IUnknown:AddRef (This=0x534b3d8) returned 0x4 [0137.348] IUnknown:Release (This=0x534b3d8) returned 0x3 [0137.348] IUnknown:Release (This=0x534b3d8) returned 0x2 [0137.348] CoTaskMemFree (pv=0x534f860) [0137.348] IUnknown:AddRef (This=0x534b3d8) returned 0x3 [0137.348] IWbemClassObject:Get (in: This=0x534b3d8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.349] IWbemClassObject:Get (in: This=0x534b3d8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3056\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.349] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3056\"") returned 0x66 [0137.349] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3056\"") returned 0x66 [0137.349] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.349] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.349] IUnknown:Release (This=0x56e704) returned 0x1 [0137.350] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f860) returned 0x0 [0137.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f860, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.350] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f860, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348c78) returned 0x0 [0137.350] WbemDefPath:IUnknown:Release (This=0x534f860) returned 0x0 [0137.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348c78, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348c78) returned 0x0 [0137.351] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348c78, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.351] WbemDefPath:IUnknown:AddRef (This=0x5348c78) returned 0x3 [0137.351] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348c78, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.351] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348c78, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.351] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348c78, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f870) returned 0x0 [0137.351] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f870, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.351] WbemDefPath:IUnknown:Release (This=0x534f870) returned 0x3 [0137.351] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348c78, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.351] WbemDefPath:IUnknown:Release (This=0x5348c78) returned 0x2 [0137.351] WbemDefPath:IUnknown:Release (This=0x5348c78) returned 0x1 [0137.351] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348c78, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348c78) returned 0x0 [0137.351] WbemDefPath:IUnknown:AddRef (This=0x5348c78) returned 0x3 [0137.351] WbemDefPath:IUnknown:Release (This=0x5348c78) returned 0x2 [0137.352] WbemDefPath:IWbemPath:SetText (This=0x5348c78, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3056\"") returned 0x0 [0137.352] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.352] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.352] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.352] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.352] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.352] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.352] IWbemClassObject:Get (in: This=0x534b3d8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cd82c*=0, plFlavor=0x25cd830*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x25cd82c*=8, plFlavor=0x25cd830*=0) returned 0x0 [0137.352] SysStringByteLen (bstr="skype.exe") returned 0x12 [0137.352] SysStringByteLen (bstr="skype.exe") returned 0x12 [0137.352] IWbemClassObject:Get (in: This=0x534b3d8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cd82c*=8, plFlavor=0x25cd830*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x25cd82c*=8, plFlavor=0x25cd830*=0) returned 0x0 [0137.352] SysStringByteLen (bstr="skype.exe") returned 0x12 [0137.352] SysStringByteLen (bstr="skype.exe") returned 0x12 [0137.352] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f8a0, puReturned=0x25b625c | out: apObjects=0x534f8a0*=0x534b570, puReturned=0x25b625c*=0x1) returned 0x0 [0137.353] IUnknown:QueryInterface (in: This=0x534b570, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534b570) returned 0x0 [0137.353] IUnknown:QueryInterface (in: This=0x534b570, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.353] IUnknown:QueryInterface (in: This=0x534b570, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.353] IUnknown:AddRef (This=0x534b570) returned 0x3 [0137.354] IUnknown:QueryInterface (in: This=0x534b570, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.354] IUnknown:QueryInterface (in: This=0x534b570, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.354] IUnknown:QueryInterface (in: This=0x534b570, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534b574) returned 0x0 [0137.354] IMarshal:GetUnmarshalClass (in: This=0x534b574, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.354] IUnknown:Release (This=0x534b574) returned 0x3 [0137.354] IUnknown:QueryInterface (in: This=0x534b570, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.354] IUnknown:Release (This=0x534b570) returned 0x2 [0137.354] IUnknown:QueryInterface (in: This=0x534b570, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534b570) returned 0x0 [0137.354] IUnknown:AddRef (This=0x534b570) returned 0x4 [0137.354] IUnknown:Release (This=0x534b570) returned 0x3 [0137.354] IUnknown:Release (This=0x534b570) returned 0x2 [0137.354] CoTaskMemFree (pv=0x534f8a0) [0137.354] IUnknown:AddRef (This=0x534b570) returned 0x3 [0137.354] IWbemClassObject:Get (in: This=0x534b570, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.355] IWbemClassObject:Get (in: This=0x534b570, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3064\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.355] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3064\"") returned 0x66 [0137.355] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3064\"") returned 0x66 [0137.355] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.355] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.355] IUnknown:Release (This=0x56e704) returned 0x1 [0137.356] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f8a0) returned 0x0 [0137.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f8a0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.357] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f8a0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348d58) returned 0x0 [0137.357] WbemDefPath:IUnknown:Release (This=0x534f8a0) returned 0x0 [0137.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348d58, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348d58) returned 0x0 [0137.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348d58, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.357] WbemDefPath:IUnknown:AddRef (This=0x5348d58) returned 0x3 [0137.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348d58, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348d58, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348d58, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f8b0) returned 0x0 [0137.357] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f8b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.357] WbemDefPath:IUnknown:Release (This=0x534f8b0) returned 0x3 [0137.357] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348d58, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.358] WbemDefPath:IUnknown:Release (This=0x5348d58) returned 0x2 [0137.358] WbemDefPath:IUnknown:Release (This=0x5348d58) returned 0x1 [0137.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348d58, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348d58) returned 0x0 [0137.358] WbemDefPath:IUnknown:AddRef (This=0x5348d58) returned 0x3 [0137.358] WbemDefPath:IUnknown:Release (This=0x5348d58) returned 0x2 [0137.358] WbemDefPath:IWbemPath:SetText (This=0x5348d58, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3064\"") returned 0x0 [0137.358] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.358] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.358] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.358] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.358] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.358] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.358] IWbemClassObject:Get (in: This=0x534b570, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ce09c*=0, plFlavor=0x25ce0a0*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x25ce09c*=8, plFlavor=0x25ce0a0*=0) returned 0x0 [0137.358] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0137.358] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0137.358] IWbemClassObject:Get (in: This=0x534b570, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ce09c*=8, plFlavor=0x25ce0a0*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x25ce09c*=8, plFlavor=0x25ce0a0*=0) returned 0x0 [0137.358] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0137.358] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0137.358] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f8e0, puReturned=0x25b625c | out: apObjects=0x534f8e0*=0x534b708, puReturned=0x25b625c*=0x1) returned 0x0 [0137.360] IUnknown:QueryInterface (in: This=0x534b708, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534b708) returned 0x0 [0137.360] IUnknown:QueryInterface (in: This=0x534b708, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.360] IUnknown:QueryInterface (in: This=0x534b708, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.360] IUnknown:AddRef (This=0x534b708) returned 0x3 [0137.360] IUnknown:QueryInterface (in: This=0x534b708, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.360] IUnknown:QueryInterface (in: This=0x534b708, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.360] IUnknown:QueryInterface (in: This=0x534b708, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534b70c) returned 0x0 [0137.360] IMarshal:GetUnmarshalClass (in: This=0x534b70c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.360] IUnknown:Release (This=0x534b70c) returned 0x3 [0137.361] IUnknown:QueryInterface (in: This=0x534b708, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.361] IUnknown:Release (This=0x534b708) returned 0x2 [0137.361] IUnknown:QueryInterface (in: This=0x534b708, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534b708) returned 0x0 [0137.361] IUnknown:AddRef (This=0x534b708) returned 0x4 [0137.361] IUnknown:Release (This=0x534b708) returned 0x3 [0137.361] IUnknown:Release (This=0x534b708) returned 0x2 [0137.361] CoTaskMemFree (pv=0x534f8e0) [0137.361] IUnknown:AddRef (This=0x534b708) returned 0x3 [0137.361] IWbemClassObject:Get (in: This=0x534b708, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.362] IWbemClassObject:Get (in: This=0x534b708, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2064\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.362] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2064\"") returned 0x66 [0137.362] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2064\"") returned 0x66 [0137.362] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.362] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.362] IUnknown:Release (This=0x56e704) returned 0x1 [0137.363] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f8e0) returned 0x0 [0137.363] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f8e0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.363] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f8e0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348e38) returned 0x0 [0137.363] WbemDefPath:IUnknown:Release (This=0x534f8e0) returned 0x0 [0137.363] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348e38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348e38) returned 0x0 [0137.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348e38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.364] WbemDefPath:IUnknown:AddRef (This=0x5348e38) returned 0x3 [0137.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348e38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348e38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348e38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f8f0) returned 0x0 [0137.364] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f8f0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.364] WbemDefPath:IUnknown:Release (This=0x534f8f0) returned 0x3 [0137.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348e38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.364] WbemDefPath:IUnknown:Release (This=0x5348e38) returned 0x2 [0137.364] WbemDefPath:IUnknown:Release (This=0x5348e38) returned 0x1 [0137.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348e38, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348e38) returned 0x0 [0137.364] WbemDefPath:IUnknown:AddRef (This=0x5348e38) returned 0x3 [0137.364] WbemDefPath:IUnknown:Release (This=0x5348e38) returned 0x2 [0137.364] WbemDefPath:IWbemPath:SetText (This=0x5348e38, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2064\"") returned 0x0 [0137.364] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.365] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.365] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.365] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.365] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.365] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.365] IWbemClassObject:Get (in: This=0x534b708, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ce910*=0, plFlavor=0x25ce914*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x25ce910*=8, plFlavor=0x25ce914*=0) returned 0x0 [0137.365] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0137.365] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0137.365] IWbemClassObject:Get (in: This=0x534b708, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25ce910*=8, plFlavor=0x25ce914*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x25ce910*=8, plFlavor=0x25ce914*=0) returned 0x0 [0137.365] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0137.365] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0137.365] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f920, puReturned=0x25b625c | out: apObjects=0x534f920*=0x534b8a0, puReturned=0x25b625c*=0x1) returned 0x0 [0137.366] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534b8a0) returned 0x0 [0137.366] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.366] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.367] IUnknown:AddRef (This=0x534b8a0) returned 0x3 [0137.367] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.367] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.367] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534b8a4) returned 0x0 [0137.367] IMarshal:GetUnmarshalClass (in: This=0x534b8a4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.367] IUnknown:Release (This=0x534b8a4) returned 0x3 [0137.367] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.367] IUnknown:Release (This=0x534b8a0) returned 0x2 [0137.367] IUnknown:QueryInterface (in: This=0x534b8a0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534b8a0) returned 0x0 [0137.367] IUnknown:AddRef (This=0x534b8a0) returned 0x4 [0137.367] IUnknown:Release (This=0x534b8a0) returned 0x3 [0137.367] IUnknown:Release (This=0x534b8a0) returned 0x2 [0137.367] CoTaskMemFree (pv=0x534f920) [0137.367] IUnknown:AddRef (This=0x534b8a0) returned 0x3 [0137.367] IWbemClassObject:Get (in: This=0x534b8a0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.368] IWbemClassObject:Get (in: This=0x534b8a0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1724\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.368] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1724\"") returned 0x66 [0137.368] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1724\"") returned 0x66 [0137.368] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.368] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.368] IUnknown:Release (This=0x56e704) returned 0x1 [0137.369] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f920) returned 0x0 [0137.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f920, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.369] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f920, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5348f18) returned 0x0 [0137.369] WbemDefPath:IUnknown:Release (This=0x534f920) returned 0x0 [0137.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348f18, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5348f18) returned 0x0 [0137.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348f18, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.370] WbemDefPath:IUnknown:AddRef (This=0x5348f18) returned 0x3 [0137.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348f18, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348f18, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348f18, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f930) returned 0x0 [0137.370] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f930, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.370] WbemDefPath:IUnknown:Release (This=0x534f930) returned 0x3 [0137.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348f18, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.370] WbemDefPath:IUnknown:Release (This=0x5348f18) returned 0x2 [0137.370] WbemDefPath:IUnknown:Release (This=0x5348f18) returned 0x1 [0137.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x5348f18, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5348f18) returned 0x0 [0137.370] WbemDefPath:IUnknown:AddRef (This=0x5348f18) returned 0x3 [0137.370] WbemDefPath:IUnknown:Release (This=0x5348f18) returned 0x2 [0137.371] WbemDefPath:IWbemPath:SetText (This=0x5348f18, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"1724\"") returned 0x0 [0137.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.371] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.371] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.371] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.371] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.371] IWbemClassObject:Get (in: This=0x534b8a0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cf18c*=0, plFlavor=0x25cf190*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x25cf18c*=8, plFlavor=0x25cf190*=0) returned 0x0 [0137.371] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0137.371] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0137.371] IWbemClassObject:Get (in: This=0x534b8a0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cf18c*=8, plFlavor=0x25cf190*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x25cf18c*=8, plFlavor=0x25cf190*=0) returned 0x0 [0137.371] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0137.371] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0137.371] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f960, puReturned=0x25b625c | out: apObjects=0x534f960*=0x534ba38, puReturned=0x25b625c*=0x1) returned 0x0 [0137.372] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534ba38) returned 0x0 [0137.372] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.372] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.372] IUnknown:AddRef (This=0x534ba38) returned 0x3 [0137.372] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.372] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.372] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534ba3c) returned 0x0 [0137.372] IMarshal:GetUnmarshalClass (in: This=0x534ba3c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.372] IUnknown:Release (This=0x534ba3c) returned 0x3 [0137.373] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.373] IUnknown:Release (This=0x534ba38) returned 0x2 [0137.373] IUnknown:QueryInterface (in: This=0x534ba38, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534ba38) returned 0x0 [0137.373] IUnknown:AddRef (This=0x534ba38) returned 0x4 [0137.373] IUnknown:Release (This=0x534ba38) returned 0x3 [0137.373] IUnknown:Release (This=0x534ba38) returned 0x2 [0137.373] CoTaskMemFree (pv=0x534f960) [0137.373] IUnknown:AddRef (This=0x534ba38) returned 0x3 [0137.373] IWbemClassObject:Get (in: This=0x534ba38, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.373] IWbemClassObject:Get (in: This=0x534ba38, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2120\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.374] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2120\"") returned 0x66 [0137.374] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2120\"") returned 0x66 [0137.374] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.374] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.374] IUnknown:Release (This=0x56e704) returned 0x1 [0137.375] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f960) returned 0x0 [0137.375] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f960, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.375] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f960, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53529c8) returned 0x0 [0137.375] WbemDefPath:IUnknown:Release (This=0x534f960) returned 0x0 [0137.375] WbemDefPath:IUnknown:QueryInterface (in: This=0x53529c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53529c8) returned 0x0 [0137.375] WbemDefPath:IUnknown:QueryInterface (in: This=0x53529c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.376] WbemDefPath:IUnknown:AddRef (This=0x53529c8) returned 0x3 [0137.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x53529c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x53529c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x53529c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f970) returned 0x0 [0137.376] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f970, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.376] WbemDefPath:IUnknown:Release (This=0x534f970) returned 0x3 [0137.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x53529c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.376] WbemDefPath:IUnknown:Release (This=0x53529c8) returned 0x2 [0137.376] WbemDefPath:IUnknown:Release (This=0x53529c8) returned 0x1 [0137.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x53529c8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53529c8) returned 0x0 [0137.376] WbemDefPath:IUnknown:AddRef (This=0x53529c8) returned 0x3 [0137.376] WbemDefPath:IUnknown:Release (This=0x53529c8) returned 0x2 [0137.376] WbemDefPath:IWbemPath:SetText (This=0x53529c8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2120\"") returned 0x0 [0137.376] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.376] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.376] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.376] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.376] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.376] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.377] IWbemClassObject:Get (in: This=0x534ba38, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cfa00*=0, plFlavor=0x25cfa04*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x25cfa00*=8, plFlavor=0x25cfa04*=0) returned 0x0 [0137.377] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0137.377] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0137.377] IWbemClassObject:Get (in: This=0x534ba38, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25cfa00*=8, plFlavor=0x25cfa04*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x25cfa00*=8, plFlavor=0x25cfa04*=0) returned 0x0 [0137.377] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0137.377] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0137.377] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f9a0, puReturned=0x25b625c | out: apObjects=0x534f9a0*=0x534bbd0, puReturned=0x25b625c*=0x1) returned 0x0 [0137.412] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534bbd0) returned 0x0 [0137.412] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.412] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.412] IUnknown:AddRef (This=0x534bbd0) returned 0x3 [0137.412] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.412] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.412] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534bbd4) returned 0x0 [0137.413] IMarshal:GetUnmarshalClass (in: This=0x534bbd4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.413] IUnknown:Release (This=0x534bbd4) returned 0x3 [0137.413] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.413] IUnknown:Release (This=0x534bbd0) returned 0x2 [0137.413] IUnknown:QueryInterface (in: This=0x534bbd0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534bbd0) returned 0x0 [0137.413] IUnknown:AddRef (This=0x534bbd0) returned 0x4 [0137.413] IUnknown:Release (This=0x534bbd0) returned 0x3 [0137.413] IUnknown:Release (This=0x534bbd0) returned 0x2 [0137.413] CoTaskMemFree (pv=0x534f9a0) [0137.413] IUnknown:AddRef (This=0x534bbd0) returned 0x3 [0137.413] IWbemClassObject:Get (in: This=0x534bbd0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.414] IWbemClassObject:Get (in: This=0x534bbd0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2260\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.414] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x66 [0137.414] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x66 [0137.414] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.414] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.414] IUnknown:Release (This=0x56e704) returned 0x1 [0137.416] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f9a0) returned 0x0 [0137.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f9a0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.416] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f9a0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5352aa8) returned 0x0 [0137.416] WbemDefPath:IUnknown:Release (This=0x534f9a0) returned 0x0 [0137.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352aa8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5352aa8) returned 0x0 [0137.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352aa8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.417] WbemDefPath:IUnknown:AddRef (This=0x5352aa8) returned 0x3 [0137.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352aa8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352aa8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352aa8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f9b0) returned 0x0 [0137.417] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f9b0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.417] WbemDefPath:IUnknown:Release (This=0x534f9b0) returned 0x3 [0137.418] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352aa8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.418] WbemDefPath:IUnknown:Release (This=0x5352aa8) returned 0x2 [0137.418] WbemDefPath:IUnknown:Release (This=0x5352aa8) returned 0x1 [0137.418] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352aa8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5352aa8) returned 0x0 [0137.418] WbemDefPath:IUnknown:AddRef (This=0x5352aa8) returned 0x3 [0137.418] WbemDefPath:IUnknown:Release (This=0x5352aa8) returned 0x2 [0137.418] WbemDefPath:IWbemPath:SetText (This=0x5352aa8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x0 [0137.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.418] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.418] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.418] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.418] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.419] IWbemClassObject:Get (in: This=0x534bbd0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d0280*=0, plFlavor=0x25d0284*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x25d0280*=8, plFlavor=0x25d0284*=0) returned 0x0 [0137.419] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0137.419] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0137.419] IWbemClassObject:Get (in: This=0x534bbd0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d0280*=8, plFlavor=0x25d0284*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x25d0280*=8, plFlavor=0x25d0284*=0) returned 0x0 [0137.419] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0137.419] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0137.419] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534f9e0, puReturned=0x25b625c | out: apObjects=0x534f9e0*=0x534bd68, puReturned=0x25b625c*=0x1) returned 0x0 [0137.423] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534bd68) returned 0x0 [0137.423] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.423] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.424] IUnknown:AddRef (This=0x534bd68) returned 0x3 [0137.424] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.424] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.424] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534bd6c) returned 0x0 [0137.424] IMarshal:GetUnmarshalClass (in: This=0x534bd6c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.424] IUnknown:Release (This=0x534bd6c) returned 0x3 [0137.424] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.424] IUnknown:Release (This=0x534bd68) returned 0x2 [0137.424] IUnknown:QueryInterface (in: This=0x534bd68, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534bd68) returned 0x0 [0137.424] IUnknown:AddRef (This=0x534bd68) returned 0x4 [0137.425] IUnknown:Release (This=0x534bd68) returned 0x3 [0137.425] IUnknown:Release (This=0x534bd68) returned 0x2 [0137.425] CoTaskMemFree (pv=0x534f9e0) [0137.425] IUnknown:AddRef (This=0x534bd68) returned 0x3 [0137.425] IWbemClassObject:Get (in: This=0x534bd68, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.425] IWbemClassObject:Get (in: This=0x534bd68, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.426] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"") returned 0x66 [0137.426] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"") returned 0x66 [0137.426] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.426] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.426] IUnknown:Release (This=0x56e704) returned 0x1 [0137.427] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534f9e0) returned 0x0 [0137.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x534f9e0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.428] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534f9e0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5352b88) returned 0x0 [0137.428] WbemDefPath:IUnknown:Release (This=0x534f9e0) returned 0x0 [0137.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352b88, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5352b88) returned 0x0 [0137.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352b88, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.428] WbemDefPath:IUnknown:AddRef (This=0x5352b88) returned 0x3 [0137.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352b88, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352b88, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352b88, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534f9f0) returned 0x0 [0137.428] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534f9f0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.428] WbemDefPath:IUnknown:Release (This=0x534f9f0) returned 0x3 [0137.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352b88, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.429] WbemDefPath:IUnknown:Release (This=0x5352b88) returned 0x2 [0137.429] WbemDefPath:IUnknown:Release (This=0x5352b88) returned 0x1 [0137.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352b88, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5352b88) returned 0x0 [0137.429] WbemDefPath:IUnknown:AddRef (This=0x5352b88) returned 0x3 [0137.429] WbemDefPath:IUnknown:Release (This=0x5352b88) returned 0x2 [0137.429] WbemDefPath:IWbemPath:SetText (This=0x5352b88, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2268\"") returned 0x0 [0137.429] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.429] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.429] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.429] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.429] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.429] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.429] IWbemClassObject:Get (in: This=0x534bd68, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d0af4*=0, plFlavor=0x25d0af8*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x25d0af4*=8, plFlavor=0x25d0af8*=0) returned 0x0 [0137.429] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0137.429] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0137.430] IWbemClassObject:Get (in: This=0x534bd68, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d0af4*=8, plFlavor=0x25d0af8*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x25d0af4*=8, plFlavor=0x25d0af8*=0) returned 0x0 [0137.430] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0137.430] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0137.430] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534fa20, puReturned=0x25b625c | out: apObjects=0x534fa20*=0x534bf00, puReturned=0x25b625c*=0x1) returned 0x0 [0137.433] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534bf00) returned 0x0 [0137.433] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.433] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.433] IUnknown:AddRef (This=0x534bf00) returned 0x3 [0137.433] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.433] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.433] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534bf04) returned 0x0 [0137.433] IMarshal:GetUnmarshalClass (in: This=0x534bf04, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.433] IUnknown:Release (This=0x534bf04) returned 0x3 [0137.434] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.434] IUnknown:Release (This=0x534bf00) returned 0x2 [0137.434] IUnknown:QueryInterface (in: This=0x534bf00, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534bf00) returned 0x0 [0137.434] IUnknown:AddRef (This=0x534bf00) returned 0x4 [0137.434] IUnknown:Release (This=0x534bf00) returned 0x3 [0137.434] IUnknown:Release (This=0x534bf00) returned 0x2 [0137.434] CoTaskMemFree (pv=0x534fa20) [0137.434] IUnknown:AddRef (This=0x534bf00) returned 0x3 [0137.434] IWbemClassObject:Get (in: This=0x534bf00, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.435] IWbemClassObject:Get (in: This=0x534bf00, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.435] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"") returned 0x66 [0137.435] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"") returned 0x66 [0137.435] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.435] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.435] IUnknown:Release (This=0x56e704) returned 0x1 [0137.436] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534fa20) returned 0x0 [0137.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x534fa20, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.437] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534fa20, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5352c68) returned 0x0 [0137.437] WbemDefPath:IUnknown:Release (This=0x534fa20) returned 0x0 [0137.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352c68, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5352c68) returned 0x0 [0137.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352c68, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.437] WbemDefPath:IUnknown:AddRef (This=0x5352c68) returned 0x3 [0137.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352c68, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352c68, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352c68, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534fa30) returned 0x0 [0137.438] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534fa30, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.438] WbemDefPath:IUnknown:Release (This=0x534fa30) returned 0x3 [0137.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352c68, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.438] WbemDefPath:IUnknown:Release (This=0x5352c68) returned 0x2 [0137.438] WbemDefPath:IUnknown:Release (This=0x5352c68) returned 0x1 [0137.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352c68, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5352c68) returned 0x0 [0137.438] WbemDefPath:IUnknown:AddRef (This=0x5352c68) returned 0x3 [0137.439] WbemDefPath:IUnknown:Release (This=0x5352c68) returned 0x2 [0137.439] WbemDefPath:IWbemPath:SetText (This=0x5352c68, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2276\"") returned 0x0 [0137.439] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.439] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.439] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.439] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.439] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.439] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.439] IWbemClassObject:Get (in: This=0x534bf00, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d1360*=0, plFlavor=0x25d1364*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x25d1360*=8, plFlavor=0x25d1364*=0) returned 0x0 [0137.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0137.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0137.439] IWbemClassObject:Get (in: This=0x534bf00, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d1360*=8, plFlavor=0x25d1364*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x25d1360*=8, plFlavor=0x25d1364*=0) returned 0x0 [0137.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0137.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0137.440] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534fa60, puReturned=0x25b625c | out: apObjects=0x534fa60*=0x534c098, puReturned=0x25b625c*=0x1) returned 0x0 [0137.442] IUnknown:QueryInterface (in: This=0x534c098, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534c098) returned 0x0 [0137.442] IUnknown:QueryInterface (in: This=0x534c098, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.442] IUnknown:QueryInterface (in: This=0x534c098, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.442] IUnknown:AddRef (This=0x534c098) returned 0x3 [0137.442] IUnknown:QueryInterface (in: This=0x534c098, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.442] IUnknown:QueryInterface (in: This=0x534c098, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.442] IUnknown:QueryInterface (in: This=0x534c098, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534c09c) returned 0x0 [0137.442] IMarshal:GetUnmarshalClass (in: This=0x534c09c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.442] IUnknown:Release (This=0x534c09c) returned 0x3 [0137.443] IUnknown:QueryInterface (in: This=0x534c098, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.443] IUnknown:Release (This=0x534c098) returned 0x2 [0137.443] IUnknown:QueryInterface (in: This=0x534c098, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534c098) returned 0x0 [0137.443] IUnknown:AddRef (This=0x534c098) returned 0x4 [0137.443] IUnknown:Release (This=0x534c098) returned 0x3 [0137.443] IUnknown:Release (This=0x534c098) returned 0x2 [0137.443] CoTaskMemFree (pv=0x534fa60) [0137.443] IUnknown:AddRef (This=0x534c098) returned 0x3 [0137.444] IWbemClassObject:Get (in: This=0x534c098, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.444] IWbemClassObject:Get (in: This=0x534c098, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.444] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"") returned 0x66 [0137.444] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"") returned 0x66 [0137.444] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.444] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.444] IUnknown:Release (This=0x56e704) returned 0x1 [0137.446] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534fa60) returned 0x0 [0137.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x534fa60, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.446] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534fa60, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5352d48) returned 0x0 [0137.446] WbemDefPath:IUnknown:Release (This=0x534fa60) returned 0x0 [0137.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352d48, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5352d48) returned 0x0 [0137.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352d48, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.447] WbemDefPath:IUnknown:AddRef (This=0x5352d48) returned 0x3 [0137.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352d48, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352d48, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352d48, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534fa70) returned 0x0 [0137.447] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534fa70, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.447] WbemDefPath:IUnknown:Release (This=0x534fa70) returned 0x3 [0137.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352d48, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.447] WbemDefPath:IUnknown:Release (This=0x5352d48) returned 0x2 [0137.447] WbemDefPath:IUnknown:Release (This=0x5352d48) returned 0x1 [0137.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352d48, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5352d48) returned 0x0 [0137.448] WbemDefPath:IUnknown:AddRef (This=0x5352d48) returned 0x3 [0137.448] WbemDefPath:IUnknown:Release (This=0x5352d48) returned 0x2 [0137.448] WbemDefPath:IWbemPath:SetText (This=0x5352d48, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2284\"") returned 0x0 [0137.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.448] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.448] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.448] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.448] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.449] IWbemClassObject:Get (in: This=0x534c098, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d1bf8*=0, plFlavor=0x25d1bfc*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x25d1bf8*=8, plFlavor=0x25d1bfc*=0) returned 0x0 [0137.449] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0137.449] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0137.449] IWbemClassObject:Get (in: This=0x534c098, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d1bf8*=8, plFlavor=0x25d1bfc*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x25d1bf8*=8, plFlavor=0x25d1bfc*=0) returned 0x0 [0137.449] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0137.449] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0137.449] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534faa0, puReturned=0x25b625c | out: apObjects=0x534faa0*=0x534c230, puReturned=0x25b625c*=0x1) returned 0x0 [0137.451] IUnknown:QueryInterface (in: This=0x534c230, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534c230) returned 0x0 [0137.452] IUnknown:QueryInterface (in: This=0x534c230, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.452] IUnknown:QueryInterface (in: This=0x534c230, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.452] IUnknown:AddRef (This=0x534c230) returned 0x3 [0137.452] IUnknown:QueryInterface (in: This=0x534c230, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.452] IUnknown:QueryInterface (in: This=0x534c230, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.452] IUnknown:QueryInterface (in: This=0x534c230, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534c234) returned 0x0 [0137.452] IMarshal:GetUnmarshalClass (in: This=0x534c234, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.452] IUnknown:Release (This=0x534c234) returned 0x3 [0137.452] IUnknown:QueryInterface (in: This=0x534c230, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.452] IUnknown:Release (This=0x534c230) returned 0x2 [0137.452] IUnknown:QueryInterface (in: This=0x534c230, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534c230) returned 0x0 [0137.453] IUnknown:AddRef (This=0x534c230) returned 0x4 [0137.453] IUnknown:Release (This=0x534c230) returned 0x3 [0137.453] IUnknown:Release (This=0x534c230) returned 0x2 [0137.453] CoTaskMemFree (pv=0x534faa0) [0137.453] IUnknown:AddRef (This=0x534c230) returned 0x3 [0137.453] IWbemClassObject:Get (in: This=0x534c230, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.453] IWbemClassObject:Get (in: This=0x534c230, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2208\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.453] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2208\"") returned 0x66 [0137.453] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2208\"") returned 0x66 [0137.454] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.454] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.454] IUnknown:Release (This=0x56e704) returned 0x1 [0137.455] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534faa0) returned 0x0 [0137.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x534faa0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.455] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534faa0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5352e28) returned 0x0 [0137.455] WbemDefPath:IUnknown:Release (This=0x534faa0) returned 0x0 [0137.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352e28, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5352e28) returned 0x0 [0137.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352e28, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.456] WbemDefPath:IUnknown:AddRef (This=0x5352e28) returned 0x3 [0137.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352e28, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352e28, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352e28, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534fab0) returned 0x0 [0137.456] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534fab0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.456] WbemDefPath:IUnknown:Release (This=0x534fab0) returned 0x3 [0137.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352e28, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.456] WbemDefPath:IUnknown:Release (This=0x5352e28) returned 0x2 [0137.456] WbemDefPath:IUnknown:Release (This=0x5352e28) returned 0x1 [0137.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352e28, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5352e28) returned 0x0 [0137.457] WbemDefPath:IUnknown:AddRef (This=0x5352e28) returned 0x3 [0137.457] WbemDefPath:IUnknown:Release (This=0x5352e28) returned 0x2 [0137.457] WbemDefPath:IWbemPath:SetText (This=0x5352e28, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2208\"") returned 0x0 [0137.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.457] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.457] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.457] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.457] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.457] IWbemClassObject:Get (in: This=0x534c230, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d247c*=0, plFlavor=0x25d2480*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x25d247c*=8, plFlavor=0x25d2480*=0) returned 0x0 [0137.457] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0137.457] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0137.457] IWbemClassObject:Get (in: This=0x534c230, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d247c*=8, plFlavor=0x25d2480*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x25d247c*=8, plFlavor=0x25d2480*=0) returned 0x0 [0137.457] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0137.457] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0137.457] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534fae0, puReturned=0x25b625c | out: apObjects=0x534fae0*=0x534c3c8, puReturned=0x25b625c*=0x1) returned 0x0 [0137.459] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534c3c8) returned 0x0 [0137.459] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.459] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.459] IUnknown:AddRef (This=0x534c3c8) returned 0x3 [0137.459] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.459] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.459] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534c3cc) returned 0x0 [0137.459] IMarshal:GetUnmarshalClass (in: This=0x534c3cc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.459] IUnknown:Release (This=0x534c3cc) returned 0x3 [0137.459] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.460] IUnknown:Release (This=0x534c3c8) returned 0x2 [0137.460] IUnknown:QueryInterface (in: This=0x534c3c8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534c3c8) returned 0x0 [0137.460] IUnknown:AddRef (This=0x534c3c8) returned 0x4 [0137.460] IUnknown:Release (This=0x534c3c8) returned 0x3 [0137.460] IUnknown:Release (This=0x534c3c8) returned 0x2 [0137.460] CoTaskMemFree (pv=0x534fae0) [0137.460] IUnknown:AddRef (This=0x534c3c8) returned 0x3 [0137.460] IWbemClassObject:Get (in: This=0x534c3c8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.460] IWbemClassObject:Get (in: This=0x534c3c8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2188\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.461] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2188\"") returned 0x66 [0137.461] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2188\"") returned 0x66 [0137.461] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.461] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.461] IUnknown:Release (This=0x56e704) returned 0x1 [0137.462] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534fae0) returned 0x0 [0137.462] WbemDefPath:IUnknown:QueryInterface (in: This=0x534fae0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.462] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534fae0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5352f08) returned 0x0 [0137.463] WbemDefPath:IUnknown:Release (This=0x534fae0) returned 0x0 [0137.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352f08, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5352f08) returned 0x0 [0137.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352f08, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.463] WbemDefPath:IUnknown:AddRef (This=0x5352f08) returned 0x3 [0137.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352f08, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352f08, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352f08, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534faf0) returned 0x0 [0137.463] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534faf0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.463] WbemDefPath:IUnknown:Release (This=0x534faf0) returned 0x3 [0137.463] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352f08, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.463] WbemDefPath:IUnknown:Release (This=0x5352f08) returned 0x2 [0137.463] WbemDefPath:IUnknown:Release (This=0x5352f08) returned 0x1 [0137.464] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352f08, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5352f08) returned 0x0 [0137.464] WbemDefPath:IUnknown:AddRef (This=0x5352f08) returned 0x3 [0137.464] WbemDefPath:IUnknown:Release (This=0x5352f08) returned 0x2 [0137.464] WbemDefPath:IWbemPath:SetText (This=0x5352f08, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2188\"") returned 0x0 [0137.464] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.464] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.464] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.464] IWbemClassObject:Get (in: This=0x534c3c8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d2ce8*=0, plFlavor=0x25d2cec*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x25d2ce8*=8, plFlavor=0x25d2cec*=0) returned 0x0 [0137.464] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0137.464] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0137.464] IWbemClassObject:Get (in: This=0x534c3c8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d2ce8*=8, plFlavor=0x25d2cec*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x25d2ce8*=8, plFlavor=0x25d2cec*=0) returned 0x0 [0137.465] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0137.465] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0137.465] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534fb20, puReturned=0x25b625c | out: apObjects=0x534fb20*=0x534c560, puReturned=0x25b625c*=0x1) returned 0x0 [0137.466] IUnknown:QueryInterface (in: This=0x534c560, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x534c560) returned 0x0 [0137.466] IUnknown:QueryInterface (in: This=0x534c560, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.466] IUnknown:QueryInterface (in: This=0x534c560, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.466] IUnknown:AddRef (This=0x534c560) returned 0x3 [0137.466] IUnknown:QueryInterface (in: This=0x534c560, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.466] IUnknown:QueryInterface (in: This=0x534c560, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.466] IUnknown:QueryInterface (in: This=0x534c560, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x534c564) returned 0x0 [0137.466] IMarshal:GetUnmarshalClass (in: This=0x534c564, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.466] IUnknown:Release (This=0x534c564) returned 0x3 [0137.467] IUnknown:QueryInterface (in: This=0x534c560, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.467] IUnknown:Release (This=0x534c560) returned 0x2 [0137.467] IUnknown:QueryInterface (in: This=0x534c560, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x534c560) returned 0x0 [0137.467] IUnknown:AddRef (This=0x534c560) returned 0x4 [0137.467] IUnknown:Release (This=0x534c560) returned 0x3 [0137.467] IUnknown:Release (This=0x534c560) returned 0x2 [0137.467] CoTaskMemFree (pv=0x534fb20) [0137.467] IUnknown:AddRef (This=0x534c560) returned 0x3 [0137.467] IWbemClassObject:Get (in: This=0x534c560, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.468] IWbemClassObject:Get (in: This=0x534c560, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2216\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.468] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2216\"") returned 0x66 [0137.468] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2216\"") returned 0x66 [0137.468] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.468] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.468] IUnknown:Release (This=0x56e704) returned 0x1 [0137.469] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534fb20) returned 0x0 [0137.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x534fb20, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.470] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534fb20, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5352fe8) returned 0x0 [0137.470] WbemDefPath:IUnknown:Release (This=0x534fb20) returned 0x0 [0137.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352fe8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5352fe8) returned 0x0 [0137.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352fe8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.470] WbemDefPath:IUnknown:AddRef (This=0x5352fe8) returned 0x3 [0137.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352fe8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352fe8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352fe8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534fb30) returned 0x0 [0137.470] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534fb30, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.470] WbemDefPath:IUnknown:Release (This=0x534fb30) returned 0x3 [0137.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352fe8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.471] WbemDefPath:IUnknown:Release (This=0x5352fe8) returned 0x2 [0137.471] WbemDefPath:IUnknown:Release (This=0x5352fe8) returned 0x1 [0137.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x5352fe8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5352fe8) returned 0x0 [0137.471] WbemDefPath:IUnknown:AddRef (This=0x5352fe8) returned 0x3 [0137.471] WbemDefPath:IUnknown:Release (This=0x5352fe8) returned 0x2 [0137.471] WbemDefPath:IWbemPath:SetText (This=0x5352fe8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2216\"") returned 0x0 [0137.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.471] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.471] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.471] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.471] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.471] IWbemClassObject:Get (in: This=0x534c560, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d354c*=0, plFlavor=0x25d3550*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x25d354c*=8, plFlavor=0x25d3550*=0) returned 0x0 [0137.471] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0137.472] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0137.472] IWbemClassObject:Get (in: This=0x534c560, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d354c*=8, plFlavor=0x25d3550*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x25d354c*=8, plFlavor=0x25d3550*=0) returned 0x0 [0137.472] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0137.472] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0137.472] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534fb60, puReturned=0x25b625c | out: apObjects=0x534fb60*=0x5355d48, puReturned=0x25b625c*=0x1) returned 0x0 [0137.473] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5355d48) returned 0x0 [0137.473] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.473] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.474] IUnknown:AddRef (This=0x5355d48) returned 0x3 [0137.474] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.474] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.474] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5355d4c) returned 0x0 [0137.474] IMarshal:GetUnmarshalClass (in: This=0x5355d4c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.474] IUnknown:Release (This=0x5355d4c) returned 0x3 [0137.474] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.474] IUnknown:Release (This=0x5355d48) returned 0x2 [0137.474] IUnknown:QueryInterface (in: This=0x5355d48, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5355d48) returned 0x0 [0137.474] IUnknown:AddRef (This=0x5355d48) returned 0x4 [0137.474] IUnknown:Release (This=0x5355d48) returned 0x3 [0137.474] IUnknown:Release (This=0x5355d48) returned 0x2 [0137.474] CoTaskMemFree (pv=0x534fb60) [0137.475] IUnknown:AddRef (This=0x5355d48) returned 0x3 [0137.475] IWbemClassObject:Get (in: This=0x5355d48, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.475] IWbemClassObject:Get (in: This=0x5355d48, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2212\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.475] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2212\"") returned 0x66 [0137.475] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2212\"") returned 0x66 [0137.475] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.475] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.475] IUnknown:Release (This=0x56e704) returned 0x1 [0137.477] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534fb60) returned 0x0 [0137.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x534fb60, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.477] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534fb60, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53530c8) returned 0x0 [0137.477] WbemDefPath:IUnknown:Release (This=0x534fb60) returned 0x0 [0137.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x53530c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53530c8) returned 0x0 [0137.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x53530c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.478] WbemDefPath:IUnknown:AddRef (This=0x53530c8) returned 0x3 [0137.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x53530c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x53530c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x53530c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x534fb70) returned 0x0 [0137.478] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x534fb70, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.478] WbemDefPath:IUnknown:Release (This=0x534fb70) returned 0x3 [0137.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x53530c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.478] WbemDefPath:IUnknown:Release (This=0x53530c8) returned 0x2 [0137.478] WbemDefPath:IUnknown:Release (This=0x53530c8) returned 0x1 [0137.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x53530c8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53530c8) returned 0x0 [0137.479] WbemDefPath:IUnknown:AddRef (This=0x53530c8) returned 0x3 [0137.479] WbemDefPath:IUnknown:Release (This=0x53530c8) returned 0x2 [0137.479] WbemDefPath:IWbemPath:SetText (This=0x53530c8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2212\"") returned 0x0 [0137.479] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.479] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.479] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.479] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.479] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.479] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.479] IWbemClassObject:Get (in: This=0x5355d48, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d3dc4*=0, plFlavor=0x25d3dc8*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x25d3dc4*=8, plFlavor=0x25d3dc8*=0) returned 0x0 [0137.479] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0137.479] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0137.479] IWbemClassObject:Get (in: This=0x5355d48, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d3dc4*=8, plFlavor=0x25d3dc8*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x25d3dc4*=8, plFlavor=0x25d3dc8*=0) returned 0x0 [0137.479] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0137.479] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0137.479] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x534fba0, puReturned=0x25b625c | out: apObjects=0x534fba0*=0x5355ee0, puReturned=0x25b625c*=0x1) returned 0x0 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5355ee0) returned 0x0 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.481] IUnknown:AddRef (This=0x5355ee0) returned 0x3 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5355ee4) returned 0x0 [0137.481] IMarshal:GetUnmarshalClass (in: This=0x5355ee4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.481] IUnknown:Release (This=0x5355ee4) returned 0x3 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.481] IUnknown:Release (This=0x5355ee0) returned 0x2 [0137.481] IUnknown:QueryInterface (in: This=0x5355ee0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5355ee0) returned 0x0 [0137.482] IUnknown:AddRef (This=0x5355ee0) returned 0x4 [0137.482] IUnknown:Release (This=0x5355ee0) returned 0x3 [0137.482] IUnknown:Release (This=0x5355ee0) returned 0x2 [0137.482] CoTaskMemFree (pv=0x534fba0) [0137.482] IUnknown:AddRef (This=0x5355ee0) returned 0x3 [0137.482] IWbemClassObject:Get (in: This=0x5355ee0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.482] IWbemClassObject:Get (in: This=0x5355ee0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2192\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.482] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2192\"") returned 0x66 [0137.482] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2192\"") returned 0x66 [0137.483] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.483] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.483] IUnknown:Release (This=0x56e704) returned 0x1 [0137.484] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x534fba0) returned 0x0 [0137.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x534fba0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.484] WbemDefPath:IClassFactory:CreateInstance (in: This=0x534fba0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53531a8) returned 0x0 [0137.484] WbemDefPath:IUnknown:Release (This=0x534fba0) returned 0x0 [0137.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x53531a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53531a8) returned 0x0 [0137.484] WbemDefPath:IUnknown:QueryInterface (in: This=0x53531a8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.485] WbemDefPath:IUnknown:AddRef (This=0x53531a8) returned 0x3 [0137.485] WbemDefPath:IUnknown:QueryInterface (in: This=0x53531a8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.485] WbemDefPath:IUnknown:QueryInterface (in: This=0x53531a8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.485] WbemDefPath:IUnknown:QueryInterface (in: This=0x53531a8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535a8c8) returned 0x0 [0137.485] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535a8c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.485] WbemDefPath:IUnknown:Release (This=0x535a8c8) returned 0x3 [0137.485] WbemDefPath:IUnknown:QueryInterface (in: This=0x53531a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.485] WbemDefPath:IUnknown:Release (This=0x53531a8) returned 0x2 [0137.485] WbemDefPath:IUnknown:Release (This=0x53531a8) returned 0x1 [0137.485] WbemDefPath:IUnknown:QueryInterface (in: This=0x53531a8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53531a8) returned 0x0 [0137.485] WbemDefPath:IUnknown:AddRef (This=0x53531a8) returned 0x3 [0137.485] WbemDefPath:IUnknown:Release (This=0x53531a8) returned 0x2 [0137.485] WbemDefPath:IWbemPath:SetText (This=0x53531a8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2192\"") returned 0x0 [0137.485] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.486] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.486] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.486] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.486] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.486] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.486] IWbemClassObject:Get (in: This=0x5355ee0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d4640*=0, plFlavor=0x25d4644*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x25d4640*=8, plFlavor=0x25d4644*=0) returned 0x0 [0137.486] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0137.486] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0137.486] IWbemClassObject:Get (in: This=0x5355ee0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d4640*=8, plFlavor=0x25d4644*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x25d4640*=8, plFlavor=0x25d4644*=0) returned 0x0 [0137.486] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0137.486] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0137.486] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535a8f8, puReturned=0x25b625c | out: apObjects=0x535a8f8*=0x5356078, puReturned=0x25b625c*=0x1) returned 0x0 [0137.488] IUnknown:QueryInterface (in: This=0x5356078, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356078) returned 0x0 [0137.488] IUnknown:QueryInterface (in: This=0x5356078, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.488] IUnknown:QueryInterface (in: This=0x5356078, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.488] IUnknown:AddRef (This=0x5356078) returned 0x3 [0137.488] IUnknown:QueryInterface (in: This=0x5356078, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.488] IUnknown:QueryInterface (in: This=0x5356078, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.488] IUnknown:QueryInterface (in: This=0x5356078, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x535607c) returned 0x0 [0137.489] IMarshal:GetUnmarshalClass (in: This=0x535607c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.489] IUnknown:Release (This=0x535607c) returned 0x3 [0137.489] IUnknown:QueryInterface (in: This=0x5356078, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.489] IUnknown:Release (This=0x5356078) returned 0x2 [0137.489] IUnknown:QueryInterface (in: This=0x5356078, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356078) returned 0x0 [0137.489] IUnknown:AddRef (This=0x5356078) returned 0x4 [0137.489] IUnknown:Release (This=0x5356078) returned 0x3 [0137.489] IUnknown:Release (This=0x5356078) returned 0x2 [0137.489] CoTaskMemFree (pv=0x535a8f8) [0137.489] IUnknown:AddRef (This=0x5356078) returned 0x3 [0137.489] IWbemClassObject:Get (in: This=0x5356078, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.490] IWbemClassObject:Get (in: This=0x5356078, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2708\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.490] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2708\"") returned 0x66 [0137.490] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2708\"") returned 0x66 [0137.490] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.490] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.490] IUnknown:Release (This=0x56e704) returned 0x1 [0137.491] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535a8f8) returned 0x0 [0137.492] WbemDefPath:IUnknown:QueryInterface (in: This=0x535a8f8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.492] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535a8f8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5353288) returned 0x0 [0137.492] WbemDefPath:IUnknown:Release (This=0x535a8f8) returned 0x0 [0137.492] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353288, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5353288) returned 0x0 [0137.492] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353288, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.492] WbemDefPath:IUnknown:AddRef (This=0x5353288) returned 0x3 [0137.492] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353288, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.492] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353288, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.492] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353288, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535a908) returned 0x0 [0137.492] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535a908, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.492] WbemDefPath:IUnknown:Release (This=0x535a908) returned 0x3 [0137.493] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353288, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.493] WbemDefPath:IUnknown:Release (This=0x5353288) returned 0x2 [0137.493] WbemDefPath:IUnknown:Release (This=0x5353288) returned 0x1 [0137.493] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353288, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5353288) returned 0x0 [0137.493] WbemDefPath:IUnknown:AddRef (This=0x5353288) returned 0x3 [0137.493] WbemDefPath:IUnknown:Release (This=0x5353288) returned 0x2 [0137.493] WbemDefPath:IWbemPath:SetText (This=0x5353288, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2708\"") returned 0x0 [0137.493] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.493] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.493] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.493] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.493] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.493] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.493] IWbemClassObject:Get (in: This=0x5356078, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d4ed4*=0, plFlavor=0x25d4ed8*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x25d4ed4*=8, plFlavor=0x25d4ed8*=0) returned 0x0 [0137.493] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0137.493] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0137.493] IWbemClassObject:Get (in: This=0x5356078, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d4ed4*=8, plFlavor=0x25d4ed8*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x25d4ed4*=8, plFlavor=0x25d4ed8*=0) returned 0x0 [0137.493] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0137.493] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0137.494] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535a938, puReturned=0x25b625c | out: apObjects=0x535a938*=0x5356210, puReturned=0x25b625c*=0x1) returned 0x0 [0137.495] IUnknown:QueryInterface (in: This=0x5356210, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356210) returned 0x0 [0137.495] IUnknown:QueryInterface (in: This=0x5356210, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.495] IUnknown:QueryInterface (in: This=0x5356210, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.495] IUnknown:AddRef (This=0x5356210) returned 0x3 [0137.495] IUnknown:QueryInterface (in: This=0x5356210, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.495] IUnknown:QueryInterface (in: This=0x5356210, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.495] IUnknown:QueryInterface (in: This=0x5356210, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5356214) returned 0x0 [0137.495] IMarshal:GetUnmarshalClass (in: This=0x5356214, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.495] IUnknown:Release (This=0x5356214) returned 0x3 [0137.495] IUnknown:QueryInterface (in: This=0x5356210, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.496] IUnknown:Release (This=0x5356210) returned 0x2 [0137.496] IUnknown:QueryInterface (in: This=0x5356210, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356210) returned 0x0 [0137.496] IUnknown:AddRef (This=0x5356210) returned 0x4 [0137.496] IUnknown:Release (This=0x5356210) returned 0x3 [0137.496] IUnknown:Release (This=0x5356210) returned 0x2 [0137.496] CoTaskMemFree (pv=0x535a938) [0137.496] IUnknown:AddRef (This=0x5356210) returned 0x3 [0137.496] IWbemClassObject:Get (in: This=0x5356210, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.496] IWbemClassObject:Get (in: This=0x5356210, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2716\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.497] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2716\"") returned 0x66 [0137.497] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2716\"") returned 0x66 [0137.497] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.497] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.497] IUnknown:Release (This=0x56e704) returned 0x1 [0137.498] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535a938) returned 0x0 [0137.498] WbemDefPath:IUnknown:QueryInterface (in: This=0x535a938, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.498] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535a938, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5353368) returned 0x0 [0137.498] WbemDefPath:IUnknown:Release (This=0x535a938) returned 0x0 [0137.498] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353368, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5353368) returned 0x0 [0137.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353368, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.499] WbemDefPath:IUnknown:AddRef (This=0x5353368) returned 0x3 [0137.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353368, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353368, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353368, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535a948) returned 0x0 [0137.499] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535a948, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.499] WbemDefPath:IUnknown:Release (This=0x535a948) returned 0x3 [0137.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353368, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.499] WbemDefPath:IUnknown:Release (This=0x5353368) returned 0x2 [0137.499] WbemDefPath:IUnknown:Release (This=0x5353368) returned 0x1 [0137.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353368, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5353368) returned 0x0 [0137.499] WbemDefPath:IUnknown:AddRef (This=0x5353368) returned 0x3 [0137.499] WbemDefPath:IUnknown:Release (This=0x5353368) returned 0x2 [0137.500] WbemDefPath:IWbemPath:SetText (This=0x5353368, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2716\"") returned 0x0 [0137.500] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.500] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.500] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.500] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.500] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.500] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.500] IWbemClassObject:Get (in: This=0x5356210, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d5758*=0, plFlavor=0x25d575c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x25d5758*=8, plFlavor=0x25d575c*=0) returned 0x0 [0137.500] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0137.500] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0137.500] IWbemClassObject:Get (in: This=0x5356210, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d5758*=8, plFlavor=0x25d575c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x25d5758*=8, plFlavor=0x25d575c*=0) returned 0x0 [0137.500] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0137.500] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0137.500] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535a978, puReturned=0x25b625c | out: apObjects=0x535a978*=0x53563a8, puReturned=0x25b625c*=0x1) returned 0x0 [0137.501] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53563a8) returned 0x0 [0137.501] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.501] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.502] IUnknown:AddRef (This=0x53563a8) returned 0x3 [0137.502] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.502] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.502] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53563ac) returned 0x0 [0137.502] IMarshal:GetUnmarshalClass (in: This=0x53563ac, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.502] IUnknown:Release (This=0x53563ac) returned 0x3 [0137.502] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.502] IUnknown:Release (This=0x53563a8) returned 0x2 [0137.502] IUnknown:QueryInterface (in: This=0x53563a8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53563a8) returned 0x0 [0137.502] IUnknown:AddRef (This=0x53563a8) returned 0x4 [0137.502] IUnknown:Release (This=0x53563a8) returned 0x3 [0137.502] IUnknown:Release (This=0x53563a8) returned 0x2 [0137.502] CoTaskMemFree (pv=0x535a978) [0137.503] IUnknown:AddRef (This=0x53563a8) returned 0x3 [0137.503] IWbemClassObject:Get (in: This=0x53563a8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.503] IWbemClassObject:Get (in: This=0x53563a8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2724\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.503] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2724\"") returned 0x66 [0137.503] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2724\"") returned 0x66 [0137.503] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.503] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.504] IUnknown:Release (This=0x56e704) returned 0x1 [0137.505] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535a978) returned 0x0 [0137.505] WbemDefPath:IUnknown:QueryInterface (in: This=0x535a978, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.505] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535a978, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5353448) returned 0x0 [0137.505] WbemDefPath:IUnknown:Release (This=0x535a978) returned 0x0 [0137.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353448, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5353448) returned 0x0 [0137.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353448, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.506] WbemDefPath:IUnknown:AddRef (This=0x5353448) returned 0x3 [0137.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353448, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353448, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353448, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535a988) returned 0x0 [0137.506] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535a988, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.506] WbemDefPath:IUnknown:Release (This=0x535a988) returned 0x3 [0137.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353448, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.506] WbemDefPath:IUnknown:Release (This=0x5353448) returned 0x2 [0137.506] WbemDefPath:IUnknown:Release (This=0x5353448) returned 0x1 [0137.506] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353448, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5353448) returned 0x0 [0137.507] WbemDefPath:IUnknown:AddRef (This=0x5353448) returned 0x3 [0137.507] WbemDefPath:IUnknown:Release (This=0x5353448) returned 0x2 [0137.507] WbemDefPath:IWbemPath:SetText (This=0x5353448, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2724\"") returned 0x0 [0137.507] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.507] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.507] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.507] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.507] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.507] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.507] IWbemClassObject:Get (in: This=0x53563a8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d5fd0*=0, plFlavor=0x25d5fd4*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x25d5fd0*=8, plFlavor=0x25d5fd4*=0) returned 0x0 [0137.507] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0137.507] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0137.507] IWbemClassObject:Get (in: This=0x53563a8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d5fd0*=8, plFlavor=0x25d5fd4*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x25d5fd0*=8, plFlavor=0x25d5fd4*=0) returned 0x0 [0137.507] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0137.507] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0137.507] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535a9b8, puReturned=0x25b625c | out: apObjects=0x535a9b8*=0x5356540, puReturned=0x25b625c*=0x1) returned 0x0 [0137.508] IUnknown:QueryInterface (in: This=0x5356540, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356540) returned 0x0 [0137.509] IUnknown:QueryInterface (in: This=0x5356540, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.509] IUnknown:QueryInterface (in: This=0x5356540, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.509] IUnknown:AddRef (This=0x5356540) returned 0x3 [0137.509] IUnknown:QueryInterface (in: This=0x5356540, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.509] IUnknown:QueryInterface (in: This=0x5356540, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.509] IUnknown:QueryInterface (in: This=0x5356540, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5356544) returned 0x0 [0137.509] IMarshal:GetUnmarshalClass (in: This=0x5356544, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.509] IUnknown:Release (This=0x5356544) returned 0x3 [0137.509] IUnknown:QueryInterface (in: This=0x5356540, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.509] IUnknown:Release (This=0x5356540) returned 0x2 [0137.509] IUnknown:QueryInterface (in: This=0x5356540, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356540) returned 0x0 [0137.510] IUnknown:AddRef (This=0x5356540) returned 0x4 [0137.510] IUnknown:Release (This=0x5356540) returned 0x3 [0137.510] IUnknown:Release (This=0x5356540) returned 0x2 [0137.510] CoTaskMemFree (pv=0x535a9b8) [0137.510] IUnknown:AddRef (This=0x5356540) returned 0x3 [0137.510] IWbemClassObject:Get (in: This=0x5356540, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.510] IWbemClassObject:Get (in: This=0x5356540, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.510] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"") returned 0x66 [0137.510] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"") returned 0x66 [0137.511] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.511] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.511] IUnknown:Release (This=0x56e704) returned 0x1 [0137.541] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535a9b8) returned 0x0 [0137.542] WbemDefPath:IUnknown:QueryInterface (in: This=0x535a9b8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.542] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535a9b8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5353528) returned 0x0 [0137.542] WbemDefPath:IUnknown:Release (This=0x535a9b8) returned 0x0 [0137.542] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353528, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5353528) returned 0x0 [0137.542] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353528, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.543] WbemDefPath:IUnknown:AddRef (This=0x5353528) returned 0x3 [0137.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353528, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353528, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353528, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535a9c8) returned 0x0 [0137.543] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535a9c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.543] WbemDefPath:IUnknown:Release (This=0x535a9c8) returned 0x3 [0137.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353528, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.543] WbemDefPath:IUnknown:Release (This=0x5353528) returned 0x2 [0137.543] WbemDefPath:IUnknown:Release (This=0x5353528) returned 0x1 [0137.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353528, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5353528) returned 0x0 [0137.543] WbemDefPath:IUnknown:AddRef (This=0x5353528) returned 0x3 [0137.543] WbemDefPath:IUnknown:Release (This=0x5353528) returned 0x2 [0137.543] WbemDefPath:IWbemPath:SetText (This=0x5353528, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2732\"") returned 0x0 [0137.543] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.543] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.543] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.543] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.543] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.543] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.544] IWbemClassObject:Get (in: This=0x5356540, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d6834*=0, plFlavor=0x25d6838*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x25d6834*=8, plFlavor=0x25d6838*=0) returned 0x0 [0137.544] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0137.544] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0137.544] IWbemClassObject:Get (in: This=0x5356540, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d6834*=8, plFlavor=0x25d6838*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x25d6834*=8, plFlavor=0x25d6838*=0) returned 0x0 [0137.544] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0137.544] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0137.544] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535a9f8, puReturned=0x25b625c | out: apObjects=0x535a9f8*=0x53566d8, puReturned=0x25b625c*=0x1) returned 0x0 [0137.545] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53566d8) returned 0x0 [0137.545] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.545] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.545] IUnknown:AddRef (This=0x53566d8) returned 0x3 [0137.545] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.545] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.545] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53566dc) returned 0x0 [0137.546] IMarshal:GetUnmarshalClass (in: This=0x53566dc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.546] IUnknown:Release (This=0x53566dc) returned 0x3 [0137.546] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.546] IUnknown:Release (This=0x53566d8) returned 0x2 [0137.546] IUnknown:QueryInterface (in: This=0x53566d8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53566d8) returned 0x0 [0137.546] IUnknown:AddRef (This=0x53566d8) returned 0x4 [0137.546] IUnknown:Release (This=0x53566d8) returned 0x3 [0137.546] IUnknown:Release (This=0x53566d8) returned 0x2 [0137.546] CoTaskMemFree (pv=0x535a9f8) [0137.546] IUnknown:AddRef (This=0x53566d8) returned 0x3 [0137.546] IWbemClassObject:Get (in: This=0x53566d8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.547] IWbemClassObject:Get (in: This=0x53566d8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2740\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.547] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2740\"") returned 0x66 [0137.547] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2740\"") returned 0x66 [0137.547] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.547] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.547] IUnknown:Release (This=0x56e704) returned 0x1 [0137.548] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535a9f8) returned 0x0 [0137.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x535a9f8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.548] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535a9f8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x5353608) returned 0x0 [0137.548] WbemDefPath:IUnknown:Release (This=0x535a9f8) returned 0x0 [0137.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353608, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x5353608) returned 0x0 [0137.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353608, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.549] WbemDefPath:IUnknown:AddRef (This=0x5353608) returned 0x3 [0137.549] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353608, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.549] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353608, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.549] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353608, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535aa08) returned 0x0 [0137.549] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535aa08, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.549] WbemDefPath:IUnknown:Release (This=0x535aa08) returned 0x3 [0137.549] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353608, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.549] WbemDefPath:IUnknown:Release (This=0x5353608) returned 0x2 [0137.549] WbemDefPath:IUnknown:Release (This=0x5353608) returned 0x1 [0137.549] WbemDefPath:IUnknown:QueryInterface (in: This=0x5353608, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x5353608) returned 0x0 [0137.549] WbemDefPath:IUnknown:AddRef (This=0x5353608) returned 0x3 [0137.549] WbemDefPath:IUnknown:Release (This=0x5353608) returned 0x2 [0137.549] WbemDefPath:IWbemPath:SetText (This=0x5353608, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2740\"") returned 0x0 [0137.549] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.549] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.550] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.550] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.550] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.550] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.550] IWbemClassObject:Get (in: This=0x53566d8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d70a0*=0, plFlavor=0x25d70a4*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x25d70a0*=8, plFlavor=0x25d70a4*=0) returned 0x0 [0137.550] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0137.550] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0137.550] IWbemClassObject:Get (in: This=0x53566d8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d70a0*=8, plFlavor=0x25d70a4*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x25d70a0*=8, plFlavor=0x25d70a4*=0) returned 0x0 [0137.550] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0137.550] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0137.550] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535aa38, puReturned=0x25b625c | out: apObjects=0x535aa38*=0x5356870, puReturned=0x25b625c*=0x1) returned 0x0 [0137.552] IUnknown:QueryInterface (in: This=0x5356870, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356870) returned 0x0 [0137.552] IUnknown:QueryInterface (in: This=0x5356870, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.552] IUnknown:QueryInterface (in: This=0x5356870, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.552] IUnknown:AddRef (This=0x5356870) returned 0x3 [0137.552] IUnknown:QueryInterface (in: This=0x5356870, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.552] IUnknown:QueryInterface (in: This=0x5356870, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.552] IUnknown:QueryInterface (in: This=0x5356870, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5356874) returned 0x0 [0137.553] IMarshal:GetUnmarshalClass (in: This=0x5356874, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.553] IUnknown:Release (This=0x5356874) returned 0x3 [0137.553] IUnknown:QueryInterface (in: This=0x5356870, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.553] IUnknown:Release (This=0x5356870) returned 0x2 [0137.553] IUnknown:QueryInterface (in: This=0x5356870, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356870) returned 0x0 [0137.553] IUnknown:AddRef (This=0x5356870) returned 0x4 [0137.553] IUnknown:Release (This=0x5356870) returned 0x3 [0137.553] IUnknown:Release (This=0x5356870) returned 0x2 [0137.553] CoTaskMemFree (pv=0x535aa38) [0137.553] IUnknown:AddRef (This=0x5356870) returned 0x3 [0137.553] IWbemClassObject:Get (in: This=0x5356870, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.554] IWbemClassObject:Get (in: This=0x5356870, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2748\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.554] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2748\"") returned 0x66 [0137.554] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2748\"") returned 0x66 [0137.554] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.554] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.554] IUnknown:Release (This=0x56e704) returned 0x1 [0137.555] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535aa38) returned 0x0 [0137.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x535aa38, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.556] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535aa38, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53536e8) returned 0x0 [0137.556] WbemDefPath:IUnknown:Release (This=0x535aa38) returned 0x0 [0137.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x53536e8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53536e8) returned 0x0 [0137.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x53536e8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.556] WbemDefPath:IUnknown:AddRef (This=0x53536e8) returned 0x3 [0137.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x53536e8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x53536e8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x53536e8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535aa48) returned 0x0 [0137.556] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535aa48, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.557] WbemDefPath:IUnknown:Release (This=0x535aa48) returned 0x3 [0137.557] WbemDefPath:IUnknown:QueryInterface (in: This=0x53536e8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.557] WbemDefPath:IUnknown:Release (This=0x53536e8) returned 0x2 [0137.557] WbemDefPath:IUnknown:Release (This=0x53536e8) returned 0x1 [0137.557] WbemDefPath:IUnknown:QueryInterface (in: This=0x53536e8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53536e8) returned 0x0 [0137.557] WbemDefPath:IUnknown:AddRef (This=0x53536e8) returned 0x3 [0137.557] WbemDefPath:IUnknown:Release (This=0x53536e8) returned 0x2 [0137.557] WbemDefPath:IWbemPath:SetText (This=0x53536e8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2748\"") returned 0x0 [0137.557] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.557] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.557] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.557] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.557] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.557] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.557] IWbemClassObject:Get (in: This=0x5356870, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d7924*=0, plFlavor=0x25d7928*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x25d7924*=8, plFlavor=0x25d7928*=0) returned 0x0 [0137.558] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0137.558] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0137.558] IWbemClassObject:Get (in: This=0x5356870, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d7924*=8, plFlavor=0x25d7928*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x25d7924*=8, plFlavor=0x25d7928*=0) returned 0x0 [0137.558] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0137.558] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0137.558] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535aa78, puReturned=0x25b625c | out: apObjects=0x535aa78*=0x5356a08, puReturned=0x25b625c*=0x1) returned 0x0 [0137.559] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356a08) returned 0x0 [0137.559] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.559] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.560] IUnknown:AddRef (This=0x5356a08) returned 0x3 [0137.560] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.560] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.560] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5356a0c) returned 0x0 [0137.560] IMarshal:GetUnmarshalClass (in: This=0x5356a0c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.560] IUnknown:Release (This=0x5356a0c) returned 0x3 [0137.560] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.560] IUnknown:Release (This=0x5356a08) returned 0x2 [0137.560] IUnknown:QueryInterface (in: This=0x5356a08, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356a08) returned 0x0 [0137.560] IUnknown:AddRef (This=0x5356a08) returned 0x4 [0137.560] IUnknown:Release (This=0x5356a08) returned 0x3 [0137.560] IUnknown:Release (This=0x5356a08) returned 0x2 [0137.560] CoTaskMemFree (pv=0x535aa78) [0137.561] IUnknown:AddRef (This=0x5356a08) returned 0x3 [0137.561] IWbemClassObject:Get (in: This=0x5356a08, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.561] IWbemClassObject:Get (in: This=0x5356a08, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2756\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.561] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2756\"") returned 0x66 [0137.561] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2756\"") returned 0x66 [0137.561] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.561] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.561] IUnknown:Release (This=0x56e704) returned 0x1 [0137.563] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535aa78) returned 0x0 [0137.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x535aa78, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.563] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535aa78, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53537c8) returned 0x0 [0137.563] WbemDefPath:IUnknown:Release (This=0x535aa78) returned 0x0 [0137.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x53537c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53537c8) returned 0x0 [0137.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x53537c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.564] WbemDefPath:IUnknown:AddRef (This=0x53537c8) returned 0x3 [0137.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x53537c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x53537c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x53537c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535aa88) returned 0x0 [0137.564] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535aa88, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.564] WbemDefPath:IUnknown:Release (This=0x535aa88) returned 0x3 [0137.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x53537c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.564] WbemDefPath:IUnknown:Release (This=0x53537c8) returned 0x2 [0137.564] WbemDefPath:IUnknown:Release (This=0x53537c8) returned 0x1 [0137.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x53537c8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53537c8) returned 0x0 [0137.564] WbemDefPath:IUnknown:AddRef (This=0x53537c8) returned 0x3 [0137.564] WbemDefPath:IUnknown:Release (This=0x53537c8) returned 0x2 [0137.564] WbemDefPath:IWbemPath:SetText (This=0x53537c8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2756\"") returned 0x0 [0137.564] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.565] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.565] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.565] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.565] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.565] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.565] IWbemClassObject:Get (in: This=0x5356a08, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d819c*=0, plFlavor=0x25d81a0*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x25d819c*=8, plFlavor=0x25d81a0*=0) returned 0x0 [0137.565] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0137.565] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0137.565] IWbemClassObject:Get (in: This=0x5356a08, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d819c*=8, plFlavor=0x25d81a0*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x25d819c*=8, plFlavor=0x25d81a0*=0) returned 0x0 [0137.565] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535aab8, puReturned=0x25b625c | out: apObjects=0x535aab8*=0x5356ba0, puReturned=0x25b625c*=0x1) returned 0x0 [0137.566] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356ba0) returned 0x0 [0137.566] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.566] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.566] IUnknown:AddRef (This=0x5356ba0) returned 0x3 [0137.566] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.566] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.566] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5356ba4) returned 0x0 [0137.567] IMarshal:GetUnmarshalClass (in: This=0x5356ba4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.567] IUnknown:Release (This=0x5356ba4) returned 0x3 [0137.567] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.567] IUnknown:Release (This=0x5356ba0) returned 0x2 [0137.567] IUnknown:QueryInterface (in: This=0x5356ba0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356ba0) returned 0x0 [0137.567] IUnknown:AddRef (This=0x5356ba0) returned 0x4 [0137.567] IUnknown:Release (This=0x5356ba0) returned 0x3 [0137.567] IUnknown:Release (This=0x5356ba0) returned 0x2 [0137.567] CoTaskMemFree (pv=0x535aab8) [0137.567] IUnknown:AddRef (This=0x5356ba0) returned 0x3 [0137.567] IWbemClassObject:Get (in: This=0x5356ba0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.568] IWbemClassObject:Get (in: This=0x5356ba0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2764\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.568] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.568] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.568] IUnknown:Release (This=0x56e704) returned 0x1 [0137.569] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535aab8) returned 0x0 [0137.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x535aab8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.569] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535aab8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x53538a8) returned 0x0 [0137.570] WbemDefPath:IUnknown:Release (This=0x535aab8) returned 0x0 [0137.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x53538a8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x53538a8) returned 0x0 [0137.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x53538a8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.570] WbemDefPath:IUnknown:AddRef (This=0x53538a8) returned 0x3 [0137.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x53538a8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x53538a8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x53538a8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535aac8) returned 0x0 [0137.570] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535aac8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.570] WbemDefPath:IUnknown:Release (This=0x535aac8) returned 0x3 [0137.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x53538a8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.570] WbemDefPath:IUnknown:Release (This=0x53538a8) returned 0x2 [0137.570] WbemDefPath:IUnknown:Release (This=0x53538a8) returned 0x1 [0137.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x53538a8, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x53538a8) returned 0x0 [0137.571] WbemDefPath:IUnknown:AddRef (This=0x53538a8) returned 0x3 [0137.571] WbemDefPath:IUnknown:Release (This=0x53538a8) returned 0x2 [0137.571] WbemDefPath:IWbemPath:SetText (This=0x53538a8, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2764\"") returned 0x0 [0137.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.571] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.571] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.571] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.571] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.571] IWbemClassObject:Get (in: This=0x5356ba0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d8a08*=0, plFlavor=0x25d8a0c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x25d8a08*=8, plFlavor=0x25d8a0c*=0) returned 0x0 [0137.571] IWbemClassObject:Get (in: This=0x5356ba0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d8a08*=8, plFlavor=0x25d8a0c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x25d8a08*=8, plFlavor=0x25d8a0c*=0) returned 0x0 [0137.571] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535aaf8, puReturned=0x25b625c | out: apObjects=0x535aaf8*=0x5356d38, puReturned=0x25b625c*=0x1) returned 0x0 [0137.572] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356d38) returned 0x0 [0137.572] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.572] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.573] IUnknown:AddRef (This=0x5356d38) returned 0x3 [0137.573] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.573] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.573] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5356d3c) returned 0x0 [0137.573] IMarshal:GetUnmarshalClass (in: This=0x5356d3c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.573] IUnknown:Release (This=0x5356d3c) returned 0x3 [0137.573] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.573] IUnknown:Release (This=0x5356d38) returned 0x2 [0137.573] IUnknown:QueryInterface (in: This=0x5356d38, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356d38) returned 0x0 [0137.573] IUnknown:AddRef (This=0x5356d38) returned 0x4 [0137.573] IUnknown:Release (This=0x5356d38) returned 0x3 [0137.574] IUnknown:Release (This=0x5356d38) returned 0x2 [0137.574] CoTaskMemFree (pv=0x535aaf8) [0137.574] IUnknown:AddRef (This=0x5356d38) returned 0x3 [0137.574] IWbemClassObject:Get (in: This=0x5356d38, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.574] IWbemClassObject:Get (in: This=0x5356d38, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2772\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.574] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.574] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.574] IUnknown:Release (This=0x56e704) returned 0x1 [0137.575] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535aaf8) returned 0x0 [0137.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x535aaf8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.576] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535aaf8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e180) returned 0x0 [0137.576] WbemDefPath:IUnknown:Release (This=0x535aaf8) returned 0x0 [0137.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e180, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e180) returned 0x0 [0137.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e180, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.576] WbemDefPath:IUnknown:AddRef (This=0x535e180) returned 0x3 [0137.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e180, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e180, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e180, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535ab08) returned 0x0 [0137.577] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535ab08, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.577] WbemDefPath:IUnknown:Release (This=0x535ab08) returned 0x3 [0137.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e180, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.577] WbemDefPath:IUnknown:Release (This=0x535e180) returned 0x2 [0137.577] WbemDefPath:IUnknown:Release (This=0x535e180) returned 0x1 [0137.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e180, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e180) returned 0x0 [0137.577] WbemDefPath:IUnknown:AddRef (This=0x535e180) returned 0x3 [0137.577] WbemDefPath:IUnknown:Release (This=0x535e180) returned 0x2 [0137.577] WbemDefPath:IWbemPath:SetText (This=0x535e180, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2772\"") returned 0x0 [0137.577] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.577] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.577] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.577] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.577] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.577] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.577] IWbemClassObject:Get (in: This=0x5356d38, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d9294*=0, plFlavor=0x25d9298*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x25d9294*=8, plFlavor=0x25d9298*=0) returned 0x0 [0137.577] IWbemClassObject:Get (in: This=0x5356d38, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d9294*=8, plFlavor=0x25d9298*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x25d9294*=8, plFlavor=0x25d9298*=0) returned 0x0 [0137.577] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535ab38, puReturned=0x25b625c | out: apObjects=0x535ab38*=0x5356ed0, puReturned=0x25b625c*=0x1) returned 0x0 [0137.578] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5356ed0) returned 0x0 [0137.578] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.578] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.579] IUnknown:AddRef (This=0x5356ed0) returned 0x3 [0137.579] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.579] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.579] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5356ed4) returned 0x0 [0137.579] IMarshal:GetUnmarshalClass (in: This=0x5356ed4, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.579] IUnknown:Release (This=0x5356ed4) returned 0x3 [0137.579] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.579] IUnknown:Release (This=0x5356ed0) returned 0x2 [0137.579] IUnknown:QueryInterface (in: This=0x5356ed0, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5356ed0) returned 0x0 [0137.579] IUnknown:AddRef (This=0x5356ed0) returned 0x4 [0137.579] IUnknown:Release (This=0x5356ed0) returned 0x3 [0137.579] IUnknown:Release (This=0x5356ed0) returned 0x2 [0137.579] CoTaskMemFree (pv=0x535ab38) [0137.579] IUnknown:AddRef (This=0x5356ed0) returned 0x3 [0137.579] IWbemClassObject:Get (in: This=0x5356ed0, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.580] IWbemClassObject:Get (in: This=0x5356ed0, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2780\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.580] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.580] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.580] IUnknown:Release (This=0x56e704) returned 0x1 [0137.581] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535ab38) returned 0x0 [0137.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x535ab38, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.581] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535ab38, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e260) returned 0x0 [0137.582] WbemDefPath:IUnknown:Release (This=0x535ab38) returned 0x0 [0137.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e260, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e260) returned 0x0 [0137.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e260, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.582] WbemDefPath:IUnknown:AddRef (This=0x535e260) returned 0x3 [0137.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e260, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e260, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e260, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535ab48) returned 0x0 [0137.582] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535ab48, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.582] WbemDefPath:IUnknown:Release (This=0x535ab48) returned 0x3 [0137.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e260, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.582] WbemDefPath:IUnknown:Release (This=0x535e260) returned 0x2 [0137.582] WbemDefPath:IUnknown:Release (This=0x535e260) returned 0x1 [0137.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e260, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e260) returned 0x0 [0137.583] WbemDefPath:IUnknown:AddRef (This=0x535e260) returned 0x3 [0137.583] WbemDefPath:IUnknown:Release (This=0x535e260) returned 0x2 [0137.583] WbemDefPath:IWbemPath:SetText (This=0x535e260, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2780\"") returned 0x0 [0137.583] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.583] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.583] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.583] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.583] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.583] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.583] IWbemClassObject:Get (in: This=0x5356ed0, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d9b04*=0, plFlavor=0x25d9b08*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="various_democrat.exe", varVal2=0x0), pType=0x25d9b04*=8, plFlavor=0x25d9b08*=0) returned 0x0 [0137.583] IWbemClassObject:Get (in: This=0x5356ed0, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25d9b04*=8, plFlavor=0x25d9b08*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="various_democrat.exe", varVal2=0x0), pType=0x25d9b04*=8, plFlavor=0x25d9b08*=0) returned 0x0 [0137.583] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535ab78, puReturned=0x25b625c | out: apObjects=0x535ab78*=0x5357068, puReturned=0x25b625c*=0x1) returned 0x0 [0137.584] IUnknown:QueryInterface (in: This=0x5357068, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5357068) returned 0x0 [0137.584] IUnknown:QueryInterface (in: This=0x5357068, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.584] IUnknown:QueryInterface (in: This=0x5357068, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.585] IUnknown:AddRef (This=0x5357068) returned 0x3 [0137.585] IUnknown:QueryInterface (in: This=0x5357068, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.585] IUnknown:QueryInterface (in: This=0x5357068, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.585] IUnknown:QueryInterface (in: This=0x5357068, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x535706c) returned 0x0 [0137.585] IMarshal:GetUnmarshalClass (in: This=0x535706c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.585] IUnknown:Release (This=0x535706c) returned 0x3 [0137.585] IUnknown:QueryInterface (in: This=0x5357068, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.585] IUnknown:Release (This=0x5357068) returned 0x2 [0137.585] IUnknown:QueryInterface (in: This=0x5357068, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5357068) returned 0x0 [0137.585] IUnknown:AddRef (This=0x5357068) returned 0x4 [0137.585] IUnknown:Release (This=0x5357068) returned 0x3 [0137.585] IUnknown:Release (This=0x5357068) returned 0x2 [0137.585] CoTaskMemFree (pv=0x535ab78) [0137.585] IUnknown:AddRef (This=0x5357068) returned 0x3 [0137.586] IWbemClassObject:Get (in: This=0x5357068, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.586] IWbemClassObject:Get (in: This=0x5357068, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2788\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.586] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.586] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.586] IUnknown:Release (This=0x56e704) returned 0x1 [0137.587] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535ab78) returned 0x0 [0137.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x535ab78, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.588] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535ab78, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e340) returned 0x0 [0137.588] WbemDefPath:IUnknown:Release (This=0x535ab78) returned 0x0 [0137.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e340, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e340) returned 0x0 [0137.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e340, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.588] WbemDefPath:IUnknown:AddRef (This=0x535e340) returned 0x3 [0137.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e340, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e340, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e340, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535ab88) returned 0x0 [0137.588] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535ab88, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.588] WbemDefPath:IUnknown:Release (This=0x535ab88) returned 0x3 [0137.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e340, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.589] WbemDefPath:IUnknown:Release (This=0x535e340) returned 0x2 [0137.589] WbemDefPath:IUnknown:Release (This=0x535e340) returned 0x1 [0137.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e340, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e340) returned 0x0 [0137.589] WbemDefPath:IUnknown:AddRef (This=0x535e340) returned 0x3 [0137.589] WbemDefPath:IUnknown:Release (This=0x535e340) returned 0x2 [0137.589] WbemDefPath:IWbemPath:SetText (This=0x535e340, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2788\"") returned 0x0 [0137.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.589] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.589] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.590] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.590] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.590] IWbemClassObject:Get (in: This=0x5357068, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25da398*=0, plFlavor=0x25da39c*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="relate.exe", varVal2=0x0), pType=0x25da398*=8, plFlavor=0x25da39c*=0) returned 0x0 [0137.590] IWbemClassObject:Get (in: This=0x5357068, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25da398*=8, plFlavor=0x25da39c*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="relate.exe", varVal2=0x0), pType=0x25da398*=8, plFlavor=0x25da39c*=0) returned 0x0 [0137.590] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535abb8, puReturned=0x25b625c | out: apObjects=0x535abb8*=0x5357200, puReturned=0x25b625c*=0x1) returned 0x0 [0137.591] IUnknown:QueryInterface (in: This=0x5357200, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5357200) returned 0x0 [0137.591] IUnknown:QueryInterface (in: This=0x5357200, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.591] IUnknown:QueryInterface (in: This=0x5357200, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.591] IUnknown:AddRef (This=0x5357200) returned 0x3 [0137.591] IUnknown:QueryInterface (in: This=0x5357200, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.591] IUnknown:QueryInterface (in: This=0x5357200, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.591] IUnknown:QueryInterface (in: This=0x5357200, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5357204) returned 0x0 [0137.591] IMarshal:GetUnmarshalClass (in: This=0x5357204, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.591] IUnknown:Release (This=0x5357204) returned 0x3 [0137.592] IUnknown:QueryInterface (in: This=0x5357200, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.592] IUnknown:Release (This=0x5357200) returned 0x2 [0137.592] IUnknown:QueryInterface (in: This=0x5357200, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5357200) returned 0x0 [0137.592] IUnknown:AddRef (This=0x5357200) returned 0x4 [0137.592] IUnknown:Release (This=0x5357200) returned 0x3 [0137.592] IUnknown:Release (This=0x5357200) returned 0x2 [0137.592] CoTaskMemFree (pv=0x535abb8) [0137.592] IUnknown:AddRef (This=0x5357200) returned 0x3 [0137.592] IWbemClassObject:Get (in: This=0x5357200, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.592] IWbemClassObject:Get (in: This=0x5357200, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2796\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.592] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.592] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.593] IUnknown:Release (This=0x56e704) returned 0x1 [0137.594] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535abb8) returned 0x0 [0137.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x535abb8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.594] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535abb8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e420) returned 0x0 [0137.594] WbemDefPath:IUnknown:Release (This=0x535abb8) returned 0x0 [0137.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e420, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e420) returned 0x0 [0137.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e420, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.594] WbemDefPath:IUnknown:AddRef (This=0x535e420) returned 0x3 [0137.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e420, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e420, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e420, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535abc8) returned 0x0 [0137.594] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535abc8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.594] WbemDefPath:IUnknown:Release (This=0x535abc8) returned 0x3 [0137.595] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e420, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.595] WbemDefPath:IUnknown:Release (This=0x535e420) returned 0x2 [0137.595] WbemDefPath:IUnknown:Release (This=0x535e420) returned 0x1 [0137.595] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e420, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e420) returned 0x0 [0137.595] WbemDefPath:IUnknown:AddRef (This=0x535e420) returned 0x3 [0137.595] WbemDefPath:IUnknown:Release (This=0x535e420) returned 0x2 [0137.595] WbemDefPath:IWbemPath:SetText (This=0x535e420, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2796\"") returned 0x0 [0137.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.595] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.595] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.595] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.595] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.595] IWbemClassObject:Get (in: This=0x5357200, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dac04*=0, plFlavor=0x25dac08*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="both-well-must.exe", varVal2=0x0), pType=0x25dac04*=8, plFlavor=0x25dac08*=0) returned 0x0 [0137.595] IWbemClassObject:Get (in: This=0x5357200, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dac04*=8, plFlavor=0x25dac08*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="both-well-must.exe", varVal2=0x0), pType=0x25dac04*=8, plFlavor=0x25dac08*=0) returned 0x0 [0137.595] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535abf8, puReturned=0x25b625c | out: apObjects=0x535abf8*=0x5357398, puReturned=0x25b625c*=0x1) returned 0x0 [0137.596] IUnknown:QueryInterface (in: This=0x5357398, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5357398) returned 0x0 [0137.596] IUnknown:QueryInterface (in: This=0x5357398, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.596] IUnknown:QueryInterface (in: This=0x5357398, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.597] IUnknown:AddRef (This=0x5357398) returned 0x3 [0137.597] IUnknown:QueryInterface (in: This=0x5357398, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.597] IUnknown:QueryInterface (in: This=0x5357398, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.597] IUnknown:QueryInterface (in: This=0x5357398, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x535739c) returned 0x0 [0137.597] IMarshal:GetUnmarshalClass (in: This=0x535739c, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.597] IUnknown:Release (This=0x535739c) returned 0x3 [0137.597] IUnknown:QueryInterface (in: This=0x5357398, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.597] IUnknown:Release (This=0x5357398) returned 0x2 [0137.597] IUnknown:QueryInterface (in: This=0x5357398, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5357398) returned 0x0 [0137.597] IUnknown:AddRef (This=0x5357398) returned 0x4 [0137.597] IUnknown:Release (This=0x5357398) returned 0x3 [0137.597] IUnknown:Release (This=0x5357398) returned 0x2 [0137.597] CoTaskMemFree (pv=0x535abf8) [0137.597] IUnknown:AddRef (This=0x5357398) returned 0x3 [0137.597] IWbemClassObject:Get (in: This=0x5357398, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.598] IWbemClassObject:Get (in: This=0x5357398, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2804\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.598] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.598] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.598] IUnknown:Release (This=0x56e704) returned 0x1 [0137.599] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535abf8) returned 0x0 [0137.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x535abf8, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.599] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535abf8, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e500) returned 0x0 [0137.599] WbemDefPath:IUnknown:Release (This=0x535abf8) returned 0x0 [0137.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e500, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e500) returned 0x0 [0137.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e500, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.600] WbemDefPath:IUnknown:AddRef (This=0x535e500) returned 0x3 [0137.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e500, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e500, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e500, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535ac08) returned 0x0 [0137.600] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535ac08, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.600] WbemDefPath:IUnknown:Release (This=0x535ac08) returned 0x3 [0137.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e500, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.600] WbemDefPath:IUnknown:Release (This=0x535e500) returned 0x2 [0137.600] WbemDefPath:IUnknown:Release (This=0x535e500) returned 0x1 [0137.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e500, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e500) returned 0x0 [0137.600] WbemDefPath:IUnknown:AddRef (This=0x535e500) returned 0x3 [0137.600] WbemDefPath:IUnknown:Release (This=0x535e500) returned 0x2 [0137.600] WbemDefPath:IWbemPath:SetText (This=0x535e500, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2804\"") returned 0x0 [0137.600] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.600] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.600] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.600] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.600] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.601] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.601] IWbemClassObject:Get (in: This=0x5357398, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25db490*=0, plFlavor=0x25db494*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="true.exe", varVal2=0x0), pType=0x25db490*=8, plFlavor=0x25db494*=0) returned 0x0 [0137.601] IWbemClassObject:Get (in: This=0x5357398, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25db490*=8, plFlavor=0x25db494*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="true.exe", varVal2=0x0), pType=0x25db490*=8, plFlavor=0x25db494*=0) returned 0x0 [0137.601] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535ac38, puReturned=0x25b625c | out: apObjects=0x535ac38*=0x5357530, puReturned=0x25b625c*=0x1) returned 0x0 [0137.602] IUnknown:QueryInterface (in: This=0x5357530, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5357530) returned 0x0 [0137.602] IUnknown:QueryInterface (in: This=0x5357530, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.602] IUnknown:QueryInterface (in: This=0x5357530, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.602] IUnknown:AddRef (This=0x5357530) returned 0x3 [0137.602] IUnknown:QueryInterface (in: This=0x5357530, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.602] IUnknown:QueryInterface (in: This=0x5357530, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.602] IUnknown:QueryInterface (in: This=0x5357530, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5357534) returned 0x0 [0137.602] IMarshal:GetUnmarshalClass (in: This=0x5357534, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.602] IUnknown:Release (This=0x5357534) returned 0x3 [0137.603] IUnknown:QueryInterface (in: This=0x5357530, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.603] IUnknown:Release (This=0x5357530) returned 0x2 [0137.603] IUnknown:QueryInterface (in: This=0x5357530, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5357530) returned 0x0 [0137.603] IUnknown:AddRef (This=0x5357530) returned 0x4 [0137.603] IUnknown:Release (This=0x5357530) returned 0x3 [0137.603] IUnknown:Release (This=0x5357530) returned 0x2 [0137.603] CoTaskMemFree (pv=0x535ac38) [0137.603] IUnknown:AddRef (This=0x5357530) returned 0x3 [0137.603] IWbemClassObject:Get (in: This=0x5357530, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.603] IWbemClassObject:Get (in: This=0x5357530, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2812\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.603] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.604] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.604] IUnknown:Release (This=0x56e704) returned 0x1 [0137.605] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535ac38) returned 0x0 [0137.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x535ac38, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.605] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535ac38, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e5e0) returned 0x0 [0137.605] WbemDefPath:IUnknown:Release (This=0x535ac38) returned 0x0 [0137.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e5e0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e5e0) returned 0x0 [0137.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e5e0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.606] WbemDefPath:IUnknown:AddRef (This=0x535e5e0) returned 0x3 [0137.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e5e0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e5e0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e5e0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535ac48) returned 0x0 [0137.606] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535ac48, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.606] WbemDefPath:IUnknown:Release (This=0x535ac48) returned 0x3 [0137.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e5e0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.606] WbemDefPath:IUnknown:Release (This=0x535e5e0) returned 0x2 [0137.606] WbemDefPath:IUnknown:Release (This=0x535e5e0) returned 0x1 [0137.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e5e0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e5e0) returned 0x0 [0137.606] WbemDefPath:IUnknown:AddRef (This=0x535e5e0) returned 0x3 [0137.606] WbemDefPath:IUnknown:Release (This=0x535e5e0) returned 0x2 [0137.606] WbemDefPath:IWbemPath:SetText (This=0x535e5e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2812\"") returned 0x0 [0137.606] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.606] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.607] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.607] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.607] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.607] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.607] IWbemClassObject:Get (in: This=0x5357530, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dbd00*=0, plFlavor=0x25dbd04*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wonder.exe", varVal2=0x0), pType=0x25dbd00*=8, plFlavor=0x25dbd04*=0) returned 0x0 [0137.607] IWbemClassObject:Get (in: This=0x5357530, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dbd00*=8, plFlavor=0x25dbd04*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wonder.exe", varVal2=0x0), pType=0x25dbd00*=8, plFlavor=0x25dbd04*=0) returned 0x0 [0137.607] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x535ac78, puReturned=0x25b625c | out: apObjects=0x535ac78*=0x53576c8, puReturned=0x25b625c*=0x1) returned 0x0 [0137.608] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53576c8) returned 0x0 [0137.608] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.608] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.608] IUnknown:AddRef (This=0x53576c8) returned 0x3 [0137.608] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.608] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.608] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53576cc) returned 0x0 [0137.608] IMarshal:GetUnmarshalClass (in: This=0x53576cc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.608] IUnknown:Release (This=0x53576cc) returned 0x3 [0137.608] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.608] IUnknown:Release (This=0x53576c8) returned 0x2 [0137.609] IUnknown:QueryInterface (in: This=0x53576c8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53576c8) returned 0x0 [0137.609] IUnknown:AddRef (This=0x53576c8) returned 0x4 [0137.609] IUnknown:Release (This=0x53576c8) returned 0x3 [0137.609] IUnknown:Release (This=0x53576c8) returned 0x2 [0137.609] CoTaskMemFree (pv=0x535ac78) [0137.609] IUnknown:AddRef (This=0x53576c8) returned 0x3 [0137.609] IWbemClassObject:Get (in: This=0x53576c8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.609] IWbemClassObject:Get (in: This=0x53576c8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2820\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.609] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.609] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.609] IUnknown:Release (This=0x56e704) returned 0x1 [0137.610] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x535ac78) returned 0x0 [0137.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x535ac78, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.611] WbemDefPath:IClassFactory:CreateInstance (in: This=0x535ac78, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e6c0) returned 0x0 [0137.611] WbemDefPath:IUnknown:Release (This=0x535ac78) returned 0x0 [0137.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e6c0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e6c0) returned 0x0 [0137.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e6c0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.611] WbemDefPath:IUnknown:AddRef (This=0x535e6c0) returned 0x3 [0137.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e6c0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e6c0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e6c0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x535ac88) returned 0x0 [0137.611] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x535ac88, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.611] WbemDefPath:IUnknown:Release (This=0x535ac88) returned 0x3 [0137.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e6c0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.612] WbemDefPath:IUnknown:Release (This=0x535e6c0) returned 0x2 [0137.612] WbemDefPath:IUnknown:Release (This=0x535e6c0) returned 0x1 [0137.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e6c0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e6c0) returned 0x0 [0137.612] WbemDefPath:IUnknown:AddRef (This=0x535e6c0) returned 0x3 [0137.612] WbemDefPath:IUnknown:Release (This=0x535e6c0) returned 0x2 [0137.612] WbemDefPath:IWbemPath:SetText (This=0x535e6c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2820\"") returned 0x0 [0137.612] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.612] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.612] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.612] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.612] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.612] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.612] IWbemClassObject:Get (in: This=0x53576c8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dc56c*=0, plFlavor=0x25dc570*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x25dc56c*=8, plFlavor=0x25dc570*=0) returned 0x0 [0137.612] IWbemClassObject:Get (in: This=0x53576c8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dc56c*=8, plFlavor=0x25dc570*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x25dc56c*=8, plFlavor=0x25dc570*=0) returned 0x0 [0137.612] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5362ff0, puReturned=0x25b625c | out: apObjects=0x5362ff0*=0x5357860, puReturned=0x25b625c*=0x1) returned 0x0 [0137.613] IUnknown:QueryInterface (in: This=0x5357860, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x5357860) returned 0x0 [0137.613] IUnknown:QueryInterface (in: This=0x5357860, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.613] IUnknown:QueryInterface (in: This=0x5357860, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.613] IUnknown:AddRef (This=0x5357860) returned 0x3 [0137.613] IUnknown:QueryInterface (in: This=0x5357860, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.614] IUnknown:QueryInterface (in: This=0x5357860, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.614] IUnknown:QueryInterface (in: This=0x5357860, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x5357864) returned 0x0 [0137.614] IMarshal:GetUnmarshalClass (in: This=0x5357864, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.614] IUnknown:Release (This=0x5357864) returned 0x3 [0137.614] IUnknown:QueryInterface (in: This=0x5357860, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.614] IUnknown:Release (This=0x5357860) returned 0x2 [0137.614] IUnknown:QueryInterface (in: This=0x5357860, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x5357860) returned 0x0 [0137.614] IUnknown:AddRef (This=0x5357860) returned 0x4 [0137.614] IUnknown:Release (This=0x5357860) returned 0x3 [0137.614] IUnknown:Release (This=0x5357860) returned 0x2 [0137.614] CoTaskMemFree (pv=0x5362ff0) [0137.614] IUnknown:AddRef (This=0x5357860) returned 0x3 [0137.614] IWbemClassObject:Get (in: This=0x5357860, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.615] IWbemClassObject:Get (in: This=0x5357860, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2828\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.615] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.615] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.615] IUnknown:Release (This=0x56e704) returned 0x1 [0137.616] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5362ff0) returned 0x0 [0137.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5362ff0, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.616] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5362ff0, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e7a0) returned 0x0 [0137.616] WbemDefPath:IUnknown:Release (This=0x5362ff0) returned 0x0 [0137.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e7a0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e7a0) returned 0x0 [0137.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e7a0, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.617] WbemDefPath:IUnknown:AddRef (This=0x535e7a0) returned 0x3 [0137.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e7a0, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e7a0, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e7a0, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5363000) returned 0x0 [0137.617] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5363000, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.617] WbemDefPath:IUnknown:Release (This=0x5363000) returned 0x3 [0137.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e7a0, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.617] WbemDefPath:IUnknown:Release (This=0x535e7a0) returned 0x2 [0137.617] WbemDefPath:IUnknown:Release (This=0x535e7a0) returned 0x1 [0137.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e7a0, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e7a0) returned 0x0 [0137.617] WbemDefPath:IUnknown:AddRef (This=0x535e7a0) returned 0x3 [0137.617] WbemDefPath:IUnknown:Release (This=0x535e7a0) returned 0x2 [0137.617] WbemDefPath:IWbemPath:SetText (This=0x535e7a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"2828\"") returned 0x0 [0137.617] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.618] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.618] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.618] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.618] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.618] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.618] IWbemClassObject:Get (in: This=0x5357860, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dcdd0*=0, plFlavor=0x25dcdd4*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x25dcdd0*=8, plFlavor=0x25dcdd4*=0) returned 0x0 [0137.618] IWbemClassObject:Get (in: This=0x5357860, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dcdd0*=8, plFlavor=0x25dcdd4*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x25dcdd0*=8, plFlavor=0x25dcdd4*=0) returned 0x0 [0137.618] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5363030, puReturned=0x25b625c | out: apObjects=0x5363030*=0x53579f8, puReturned=0x25b625c*=0x1) returned 0x0 [0137.619] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce1dc | out: ppvObject=0x3ce1dc*=0x53579f8) returned 0x0 [0137.619] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce190 | out: ppvObject=0x3ce190*=0x0) returned 0x80004002 [0137.619] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x725f1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3cdfb8 | out: ppvObject=0x3cdfb8*=0x0) returned 0x80004002 [0137.619] IUnknown:AddRef (This=0x53579f8) returned 0x3 [0137.619] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdaec | out: ppvObject=0x3cdaec*=0x0) returned 0x80004002 [0137.619] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cda9c | out: ppvObject=0x3cda9c*=0x0) returned 0x80004002 [0137.619] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdaa8 | out: ppvObject=0x3cdaa8*=0x53579fc) returned 0x0 [0137.619] IMarshal:GetUnmarshalClass (in: This=0x53579fc, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdab0 | out: pCid=0x3cdab0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0137.619] IUnknown:Release (This=0x53579fc) returned 0x3 [0137.619] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdf9c | out: ppvObject=0x3cdf9c*=0x0) returned 0x80004002 [0137.620] IUnknown:Release (This=0x53579f8) returned 0x2 [0137.620] IUnknown:QueryInterface (in: This=0x53579f8, riid=0x3ce534*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ce530 | out: ppvObject=0x3ce530*=0x53579f8) returned 0x0 [0137.620] IUnknown:AddRef (This=0x53579f8) returned 0x4 [0137.620] IUnknown:Release (This=0x53579f8) returned 0x3 [0137.620] IUnknown:Release (This=0x53579f8) returned 0x2 [0137.620] CoTaskMemFree (pv=0x5363030) [0137.620] IUnknown:AddRef (This=0x53579f8) returned 0x3 [0137.620] IWbemClassObject:Get (in: This=0x53579f8, wszName="__GENUS", lFlags=0, pVal=0x3ceb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebf4*=0, plFlavor=0x3cebf0*=0 | out: pVal=0x3ceb74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3cebf4*=3, plFlavor=0x3cebf0*=64) returned 0x0 [0137.620] IWbemClassObject:Get (in: This=0x53579f8, wszName="__PATH", lFlags=0, pVal=0x3ceb58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3cebdc*=0, plFlavor=0x3cebd8*=0 | out: pVal=0x3ceb58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3524\"", varVal2=0x0), pType=0x3cebdc*=8, plFlavor=0x3cebd8*=64) returned 0x0 [0137.620] IComThreadingInfo:GetCurrentApartmentType (in: This=0x56e704, pAptType=0x3ceb7c | out: pAptType=0x3ceb7c*=1) returned 0x0 [0137.621] IUnknown:QueryInterface (in: This=0x56e704, riid=0x2551ffc*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x3ceb80 | out: ppvObject=0x3ceb80*=0x0) returned 0x80004002 [0137.621] IUnknown:Release (This=0x56e704) returned 0x1 [0137.622] CoGetClassObject (in: rclsid=0x5e414c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x72656bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ce4f0 | out: ppv=0x3ce4f0*=0x5363030) returned 0x0 [0137.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x5363030, riid=0x7261dd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ce708 | out: ppvObject=0x3ce708*=0x0) returned 0x80004002 [0137.622] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5363030, pUnkOuter=0x0, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce714 | out: ppvObject=0x3ce714*=0x535e880) returned 0x0 [0137.622] WbemDefPath:IUnknown:Release (This=0x5363030) returned 0x0 [0137.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e880, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce334 | out: ppvObject=0x3ce334*=0x535e880) returned 0x0 [0137.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e880, riid=0x725f1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ce2e8 | out: ppvObject=0x3ce2e8*=0x0) returned 0x80004002 [0137.622] WbemDefPath:IUnknown:AddRef (This=0x535e880) returned 0x3 [0137.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e880, riid=0x725f182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3cdc44 | out: ppvObject=0x3cdc44*=0x0) returned 0x80004002 [0137.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e880, riid=0x725f1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3cdbf4 | out: ppvObject=0x3cdbf4*=0x0) returned 0x80004002 [0137.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e880, riid=0x72521388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cdc00 | out: ppvObject=0x3cdc00*=0x5363040) returned 0x0 [0137.622] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5363040, riid=0x72502a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3cdc08 | out: pCid=0x3cdc08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.623] WbemDefPath:IUnknown:Release (This=0x5363040) returned 0x3 [0137.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e880, riid=0x725f1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ce0f4 | out: ppvObject=0x3ce0f4*=0x0) returned 0x80004002 [0137.623] WbemDefPath:IUnknown:Release (This=0x535e880) returned 0x2 [0137.623] WbemDefPath:IUnknown:Release (This=0x535e880) returned 0x1 [0137.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x535e880, riid=0x3cea34*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3cea30 | out: ppvObject=0x3cea30*=0x535e880) returned 0x0 [0137.623] WbemDefPath:IUnknown:AddRef (This=0x535e880) returned 0x3 [0137.623] WbemDefPath:IUnknown:Release (This=0x535e880) returned 0x2 [0137.623] WbemDefPath:IWbemPath:SetText (This=0x535e880, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Process.Handle=\"3524\"") returned 0x0 [0137.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3cebb0 | out: puCount=0x3cebb0*=0x2) returned 0x0 [0137.623] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0x0, pszText=0x0 | out: puBuffLength=0x3cebac*=0xf, pszText=0x0) returned 0x0 [0137.623] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3cebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x3cebac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5df510, puCount=0x3ceb7c | out: puCount=0x3ceb7c*=0x2) returned 0x0 [0137.623] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0x0, pszText=0x0 | out: puBuffLength=0x3ceb78*=0xf, pszText=0x0) returned 0x0 [0137.623] WbemDefPath:IWbemPath:GetText (in: This=0x5df510, lFlags=4, puBuffLength=0x3ceb78*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ceb78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0137.623] IWbemClassObject:Get (in: This=0x53579f8, wszName="Name", lFlags=0, pVal=0x3ceb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dd65c*=0, plFlavor=0x25dd660*=0 | out: pVal=0x3ceb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="AppLaunch.exe", varVal2=0x0), pType=0x25dd65c*=8, plFlavor=0x25dd660*=0) returned 0x0 [0137.623] IWbemClassObject:Get (in: This=0x53579f8, wszName="Name", lFlags=0, pVal=0x3ceb80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25dd65c*=8, plFlavor=0x25dd660*=0 | out: pVal=0x3ceb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="AppLaunch.exe", varVal2=0x0), pType=0x25dd65c*=8, plFlavor=0x25dd660*=0) returned 0x0 [0137.623] IEnumWbemClassObject:Next (in: This=0x584860, lTimeout=-1, uCount=0x1, apObjects=0x5363070, puReturned=0x25b625c | out: apObjects=0x5363070*=0x0, puReturned=0x25b625c*=0x0) returned 0x1 [0137.624] CoTaskMemFree (pv=0x5363070) [0137.624] IUnknown:Release (This=0x584860) returned 0x1 [0137.624] IUnknown:Release (This=0x584860) returned 0x0 [0137.626] IUnknown:Release (This=0x584798) returned 0x1 [0137.626] IUnknown:Release (This=0x584798) returned 0x0 [0137.628] CoTaskMemAlloc (cb=0x20c) returned 0x5351470 [0137.629] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5351470 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0137.629] CoTaskMemFree (pv=0x5351470) [0137.629] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x3ce674, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0137.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec00) returned 1 [0137.629] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x3ce6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0137.629] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata\\*", lpFindFileData=0x3ce9b0 | out: lpFindFileData=0x3ce9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce970) returned 1 [0137.631] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x3ce774, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0137.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec44) returned 1 [0137.631] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x3ce724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x39 [0137.631] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata\\*", lpFindFileData=0x3ce9f4 | out: lpFindFileData=0x3ce9f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b4) returned 1 [0137.637] CoCreateGuid (in: pguid=0x3ce974 | out: pguid=0x3ce974*(Data1=0xb45a9b57, Data2=0xf6f, Data3=0x4663, Data4=([0]=0x8e, [1]=0x45, [2]=0xfc, [3]=0x9, [4]=0x2d, [5]=0xc8, [6]=0x5f, [7]=0xb7))) returned 0x0 [0137.637] CoCreateGuid (in: pguid=0x3ce8b8 | out: pguid=0x3ce8b8*(Data1=0x734e4e0a, Data2=0xc94, Data3=0x41ba, Data4=([0]=0xaf, [1]=0xe9, [2]=0xca, [3]=0xc9, [4]=0xab, [5]=0x93, [6]=0xa9, [7]=0x4e))) returned 0x0 [0137.638] send (s=0x238, buf=0x2647e4b*, len=167, flags=0) returned 167 [0137.638] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 132 [0137.717] CoTaskMemAlloc (cb=0x20c) returned 0x5351470 [0137.717] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5351470 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0137.717] CoTaskMemFree (pv=0x5351470) [0137.718] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x3ce67c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0137.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb74) returned 1 [0137.718] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x3ce654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0137.718] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\*", lpFindFileData=0x3ce924 | out: lpFindFileData=0x3ce924*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc9fb2070, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc9fb2070, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.719] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc9fb2070, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc9fb2070, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0ef0be0, ftCreationTime.dwHighDateTime=0x1d7e3b7, ftLastAccessTime.dwLowDateTime=0x3bf01f90, ftLastAccessTime.dwHighDateTime=0x1d7e4f2, ftLastWriteTime.dwLowDateTime=0x3bf01f90, ftLastWriteTime.dwHighDateTime=0x1d7e4f2, nFileSizeHigh=0x0, nFileSizeLow=0x117fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="34F 3dy-PcpzHM.png", cAlternateFileName="34F3DY~1.PNG")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x889e5b0, ftCreationTime.dwHighDateTime=0x1d7db5f, ftLastAccessTime.dwLowDateTime=0xe3e28ff0, ftLastAccessTime.dwHighDateTime=0x1d7e5e0, ftLastWriteTime.dwLowDateTime=0xe3e28ff0, ftLastWriteTime.dwHighDateTime=0x1d7e5e0, nFileSizeHigh=0x0, nFileSizeLow=0xed0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="7LBqunrT9.mp4", cAlternateFileName="7LBQUN~1.MP4")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6f7aff80, ftCreationTime.dwHighDateTime=0x1d7e3b0, ftLastAccessTime.dwLowDateTime=0x919335e0, ftLastAccessTime.dwHighDateTime=0x1d7e6d7, ftLastWriteTime.dwLowDateTime=0x919335e0, ftLastWriteTime.dwHighDateTime=0x1d7e6d7, nFileSizeHigh=0x0, nFileSizeLow=0x14c0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="84_yCRt- 9oI73.odp", cAlternateFileName="84_YCR~1.ODP")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc22ca160, ftCreationTime.dwHighDateTime=0x1d7de25, ftLastAccessTime.dwLowDateTime=0x88b573f0, ftLastAccessTime.dwHighDateTime=0x1d7e044, ftLastWriteTime.dwLowDateTime=0x88b573f0, ftLastWriteTime.dwHighDateTime=0x1d7e044, nFileSizeHigh=0x0, nFileSizeLow=0x19ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="992Q9e22csp.mp3", cAlternateFileName="992Q9E~1.MP3")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5cde3de0, ftCreationTime.dwHighDateTime=0x1d7d7ff, ftLastAccessTime.dwLowDateTime=0xc74be930, ftLastAccessTime.dwHighDateTime=0x1d7e02d, ftLastWriteTime.dwLowDateTime=0xc74be930, ftLastWriteTime.dwHighDateTime=0x1d7e02d, nFileSizeHigh=0x0, nFileSizeLow=0xa679, dwReserved0=0x0, dwReserved1=0x0, cFileName="cqil_hT.jpg", cAlternateFileName="")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa5b9bb50, ftCreationTime.dwHighDateTime=0x1d7e0ee, ftLastAccessTime.dwLowDateTime=0x994fbb90, ftLastAccessTime.dwHighDateTime=0x1d7e723, ftLastWriteTime.dwLowDateTime=0x994fbb90, ftLastWriteTime.dwHighDateTime=0x1d7e723, nFileSizeHigh=0x0, nFileSizeLow=0x39c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="fMVIIPw4dzccZuX8bb.ppt", cAlternateFileName="FMVIIP~1.PPT")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25b09320, ftCreationTime.dwHighDateTime=0x1d7db4e, ftLastAccessTime.dwLowDateTime=0x8b6e20a0, ftLastAccessTime.dwHighDateTime=0x1d7df5a, ftLastWriteTime.dwLowDateTime=0x8b6e20a0, ftLastWriteTime.dwHighDateTime=0x1d7df5a, nFileSizeHigh=0x0, nFileSizeLow=0x104aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fo31oIieyXg3NqJC0z.mp3", cAlternateFileName="FO31OI~1.MP3")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19647d0, ftCreationTime.dwHighDateTime=0x1d7e6a4, ftLastAccessTime.dwLowDateTime=0x41288c50, ftLastAccessTime.dwHighDateTime=0x1d7e708, ftLastWriteTime.dwLowDateTime=0x41288c50, ftLastWriteTime.dwHighDateTime=0x1d7e708, nFileSizeHigh=0x0, nFileSizeLow=0x143cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="GztTXkwrKz.jpg", cAlternateFileName="GZTTXK~1.JPG")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf02d59d0, ftCreationTime.dwHighDateTime=0x1d7e6fc, ftLastAccessTime.dwLowDateTime=0x10fa53b0, ftLastAccessTime.dwHighDateTime=0x1d7e780, ftLastWriteTime.dwLowDateTime=0x10fa53b0, ftLastWriteTime.dwHighDateTime=0x1d7e780, nFileSizeHigh=0x0, nFileSizeLow=0x3ce7, dwReserved0=0x0, dwReserved1=0x0, cFileName="H5JRHATI9Tyq0caeV.mkv", cAlternateFileName="H5JRHA~1.MKV")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d84a8a0, ftCreationTime.dwHighDateTime=0x1d7e5e4, ftLastAccessTime.dwLowDateTime=0x339e1c00, ftLastAccessTime.dwHighDateTime=0x1d7e6e8, ftLastWriteTime.dwLowDateTime=0x339e1c00, ftLastWriteTime.dwHighDateTime=0x1d7e6e8, nFileSizeHigh=0x0, nFileSizeLow=0xc9c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hfxw.m4a", cAlternateFileName="")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c9a7650, ftCreationTime.dwHighDateTime=0x1d7e2b5, ftLastAccessTime.dwLowDateTime=0xdcb556b0, ftLastAccessTime.dwHighDateTime=0x1d7e38b, ftLastWriteTime.dwLowDateTime=0xdcb556b0, ftLastWriteTime.dwHighDateTime=0x1d7e38b, nFileSizeHigh=0x0, nFileSizeLow=0x138d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="IF4wcwFM72.avi", cAlternateFileName="IF4WCW~1.AVI")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4b2b5e20, ftCreationTime.dwHighDateTime=0x1d7e457, ftLastAccessTime.dwLowDateTime=0xcf6dc630, ftLastAccessTime.dwHighDateTime=0x1d7e765, ftLastWriteTime.dwLowDateTime=0xcf6dc630, ftLastWriteTime.dwHighDateTime=0x1d7e765, nFileSizeHigh=0x0, nFileSizeLow=0x3fc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="iHjBU.m4a", cAlternateFileName="")) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdbb4ab80, ftCreationTime.dwHighDateTime=0x1d7d846, ftLastAccessTime.dwLowDateTime=0x303b6ac0, ftLastAccessTime.dwHighDateTime=0x1d7e28f, ftLastWriteTime.dwLowDateTime=0x303b6ac0, ftLastWriteTime.dwHighDateTime=0x1d7e28f, nFileSizeHigh=0x0, nFileSizeLow=0xb2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="jaYPEVMHYWKAi.bmp", cAlternateFileName="JAYPEV~1.BMP")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc380db80, ftCreationTime.dwHighDateTime=0x1d7e690, ftLastAccessTime.dwLowDateTime=0xdf5d0d10, ftLastAccessTime.dwHighDateTime=0x1d7e77b, ftLastWriteTime.dwLowDateTime=0xdf5d0d10, ftLastWriteTime.dwHighDateTime=0x1d7e77b, nFileSizeHigh=0x0, nFileSizeLow=0x9943, dwReserved0=0x0, dwReserved1=0x0, cFileName="KF9EQqh6NUFeSNF.m4a", cAlternateFileName="KF9EQQ~1.M4A")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf197d8d0, ftCreationTime.dwHighDateTime=0x1d7df05, ftLastAccessTime.dwLowDateTime=0xd7f08ef0, ftLastAccessTime.dwHighDateTime=0x1d7e639, ftLastWriteTime.dwLowDateTime=0xd7f08ef0, ftLastWriteTime.dwHighDateTime=0x1d7e639, nFileSizeHigh=0x0, nFileSizeLow=0x11a61, dwReserved0=0x0, dwReserved1=0x0, cFileName="KnYhzeGd1YTcGRXkDF8.flv", cAlternateFileName="KNYHZE~1.FLV")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9b4cbe0, ftCreationTime.dwHighDateTime=0x1d7ddbb, ftLastAccessTime.dwLowDateTime=0x2ca7a1d0, ftLastAccessTime.dwHighDateTime=0x1d7e230, ftLastWriteTime.dwLowDateTime=0x2ca7a1d0, ftLastWriteTime.dwHighDateTime=0x1d7e230, nFileSizeHigh=0x0, nFileSizeLow=0xce46, dwReserved0=0x0, dwReserved1=0x0, cFileName="kw6Bdd.swf", cAlternateFileName="")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf98b7b0, ftCreationTime.dwHighDateTime=0x1d7de47, ftLastAccessTime.dwLowDateTime=0x1f994a60, ftLastAccessTime.dwHighDateTime=0x1d7e344, ftLastWriteTime.dwLowDateTime=0x1f994a60, ftLastWriteTime.dwHighDateTime=0x1d7e344, nFileSizeHigh=0x0, nFileSizeLow=0x8ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="lAoKXZ2EjVmOj.bmp", cAlternateFileName="LAOKXZ~1.BMP")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x172a4680, ftCreationTime.dwHighDateTime=0x1d7dc06, ftLastAccessTime.dwLowDateTime=0x93c66160, ftLastAccessTime.dwHighDateTime=0x1d7e228, ftLastWriteTime.dwLowDateTime=0x93c66160, ftLastWriteTime.dwHighDateTime=0x1d7e228, nFileSizeHigh=0x0, nFileSizeLow=0xed70, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mt7-A8p2Fj.ots", cAlternateFileName="MT7-A8~1.OTS")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x56568a40, ftCreationTime.dwHighDateTime=0x1d7dfac, ftLastAccessTime.dwLowDateTime=0x429469c0, ftLastAccessTime.dwHighDateTime=0x1d7e315, ftLastWriteTime.dwLowDateTime=0x429469c0, ftLastWriteTime.dwHighDateTime=0x1d7e315, nFileSizeHigh=0x0, nFileSizeLow=0x2bec, dwReserved0=0x0, dwReserved1=0x0, cFileName="N4jSogdrAOE0JM7AN3Z.flv", cAlternateFileName="N4JSOG~1.FLV")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82f75a90, ftCreationTime.dwHighDateTime=0x1d7e680, ftLastAccessTime.dwLowDateTime=0x6e9fa8b0, ftLastAccessTime.dwHighDateTime=0x1d7e6e7, ftLastWriteTime.dwLowDateTime=0x6e9fa8b0, ftLastWriteTime.dwHighDateTime=0x1d7e6e7, nFileSizeHigh=0x0, nFileSizeLow=0x15cd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="raX8PTzk7G.wav", cAlternateFileName="RAX8PT~1.WAV")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbebc2770, ftCreationTime.dwHighDateTime=0x1d7dd90, ftLastAccessTime.dwLowDateTime=0xe03dfdf0, ftLastAccessTime.dwHighDateTime=0x1d7e55c, ftLastWriteTime.dwLowDateTime=0xe03dfdf0, ftLastWriteTime.dwHighDateTime=0x1d7e55c, nFileSizeHigh=0x0, nFileSizeLow=0x16622, dwReserved0=0x0, dwReserved1=0x0, cFileName="sO0ppt-o.gif", cAlternateFileName="")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x12cf7f10, ftCreationTime.dwHighDateTime=0x1d7e0c0, ftLastAccessTime.dwLowDateTime=0x44129ab0, ftLastAccessTime.dwHighDateTime=0x1d7e649, ftLastWriteTime.dwLowDateTime=0x44129ab0, ftLastWriteTime.dwHighDateTime=0x1d7e649, nFileSizeHigh=0x0, nFileSizeLow=0xbfbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="sQw5Zkm.pdf", cAlternateFileName="")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d09b460, ftCreationTime.dwHighDateTime=0x1d7e341, ftLastAccessTime.dwLowDateTime=0x5b2be3e0, ftLastAccessTime.dwHighDateTime=0x1d7e43d, ftLastWriteTime.dwLowDateTime=0x5b2be3e0, ftLastWriteTime.dwHighDateTime=0x1d7e43d, nFileSizeHigh=0x0, nFileSizeLow=0x3b1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="T0fnx.xlsx", cAlternateFileName="T0FNX~1.XLS")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16d2310, ftCreationTime.dwHighDateTime=0x1d7dd2f, ftLastAccessTime.dwLowDateTime=0x60b5830, ftLastAccessTime.dwHighDateTime=0x1d7e683, ftLastWriteTime.dwLowDateTime=0x60b5830, ftLastWriteTime.dwHighDateTime=0x1d7e683, nFileSizeHigh=0x0, nFileSizeLow=0xd550, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tb8_E.mp3", cAlternateFileName="")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5aa2120, ftCreationTime.dwHighDateTime=0x1d7e74e, ftLastAccessTime.dwLowDateTime=0x78a57c20, ftLastAccessTime.dwHighDateTime=0x1d7e775, ftLastWriteTime.dwLowDateTime=0x78a57c20, ftLastWriteTime.dwHighDateTime=0x1d7e775, nFileSizeHigh=0x0, nFileSizeLow=0x115da, dwReserved0=0x0, dwReserved1=0x0, cFileName="TtCl.wav", cAlternateFileName="")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fa9dcc0, ftCreationTime.dwHighDateTime=0x1d7d918, ftLastAccessTime.dwLowDateTime=0xc6196090, ftLastAccessTime.dwHighDateTime=0x1d7e5a7, ftLastWriteTime.dwLowDateTime=0xc6196090, ftLastWriteTime.dwHighDateTime=0x1d7e5a7, nFileSizeHigh=0x0, nFileSizeLow=0x168ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsqIJsYejgW-9Czi.jpg", cAlternateFileName="USQIJS~1.JPG")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x48664120, ftCreationTime.dwHighDateTime=0x1d7da87, ftLastAccessTime.dwLowDateTime=0x50a12170, ftLastAccessTime.dwHighDateTime=0x1d7deab, ftLastWriteTime.dwLowDateTime=0x50a12170, ftLastWriteTime.dwHighDateTime=0x1d7deab, nFileSizeHigh=0x0, nFileSizeLow=0x63de, dwReserved0=0x0, dwReserved1=0x0, cFileName="V1gism.flv", cAlternateFileName="")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd0fd8d0, ftCreationTime.dwHighDateTime=0x1d7db32, ftLastAccessTime.dwLowDateTime=0x7e1d1f0, ftLastAccessTime.dwHighDateTime=0x1d7e059, ftLastWriteTime.dwLowDateTime=0x7e1d1f0, ftLastWriteTime.dwHighDateTime=0x1d7e059, nFileSizeHigh=0x0, nFileSizeLow=0x10a01, dwReserved0=0x0, dwReserved1=0x0, cFileName="vsSBdw10VYv5nXFV.gif", cAlternateFileName="VSSBDW~1.GIF")) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf33e9c70, ftCreationTime.dwHighDateTime=0x1d7e683, ftLastAccessTime.dwLowDateTime=0xd4d5eb90, ftLastAccessTime.dwHighDateTime=0x1d7e6b4, ftLastWriteTime.dwLowDateTime=0xd4d5eb90, ftLastWriteTime.dwHighDateTime=0x1d7e6b4, nFileSizeHigh=0x0, nFileSizeLow=0x107fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="XG0C7.png", cAlternateFileName="")) returned 1 [0137.722] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40d2e40, ftCreationTime.dwHighDateTime=0x1d7e733, ftLastAccessTime.dwLowDateTime=0x51a67440, ftLastAccessTime.dwHighDateTime=0x1d7e742, ftLastWriteTime.dwLowDateTime=0x51a67440, ftLastWriteTime.dwHighDateTime=0x1d7e742, nFileSizeHigh=0x0, nFileSizeLow=0x1746c, dwReserved0=0x0, dwReserved1=0x0, cFileName="XucgPV1nW.m4a", cAlternateFileName="XUCGPV~1.M4A")) returned 1 [0137.722] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe42f56d0, ftCreationTime.dwHighDateTime=0x1d7d8ef, ftLastAccessTime.dwLowDateTime=0x5ea0f170, ftLastAccessTime.dwHighDateTime=0x1d7de1e, ftLastWriteTime.dwLowDateTime=0x5ea0f170, ftLastWriteTime.dwHighDateTime=0x1d7de1e, nFileSizeHigh=0x0, nFileSizeLow=0x136c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="YcV7Y4i7K8Dc.png", cAlternateFileName="YCV7Y4~1.PNG")) returned 1 [0137.722] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa750ad00, ftCreationTime.dwHighDateTime=0x1d7e104, ftLastAccessTime.dwLowDateTime=0x540f5ac0, ftLastAccessTime.dwHighDateTime=0x1d7e25c, ftLastWriteTime.dwLowDateTime=0x540f5ac0, ftLastWriteTime.dwHighDateTime=0x1d7e25c, nFileSizeHigh=0x0, nFileSizeLow=0xcf26, dwReserved0=0x0, dwReserved1=0x0, cFileName="YsQmt.swf", cAlternateFileName="")) returned 1 [0137.722] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x987820e0, ftCreationTime.dwHighDateTime=0x1d7e6ce, ftLastAccessTime.dwLowDateTime=0x338929a0, ftLastAccessTime.dwHighDateTime=0x1d7e786, ftLastWriteTime.dwLowDateTime=0x338929a0, ftLastWriteTime.dwHighDateTime=0x1d7e786, nFileSizeHigh=0x0, nFileSizeLow=0x49fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZEz-TNlMB2XGESkl.ods", cAlternateFileName="ZEZ-TN~1.ODS")) returned 1 [0137.722] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xff8930b0, ftCreationTime.dwHighDateTime=0x1d7e077, ftLastAccessTime.dwLowDateTime=0x7b9334b0, ftLastAccessTime.dwHighDateTime=0x1d7e0bb, ftLastWriteTime.dwLowDateTime=0x7b9334b0, ftLastWriteTime.dwHighDateTime=0x1d7e0bb, nFileSizeHigh=0x0, nFileSizeLow=0x8e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="_9O8kwKt95MWnuz84Vn.odp", cAlternateFileName="_9O8KW~1.ODP")) returned 1 [0137.722] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb9849e30, ftCreationTime.dwHighDateTime=0x1d7dcb0, ftLastAccessTime.dwLowDateTime=0x4a3882f0, ftLastAccessTime.dwHighDateTime=0x1d7e4b5, ftLastWriteTime.dwLowDateTime=0x4a3882f0, ftLastWriteTime.dwHighDateTime=0x1d7e4b5, nFileSizeHigh=0x0, nFileSizeLow=0x1407c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Y6-.swf", cAlternateFileName="")) returned 1 [0137.722] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb9849e30, ftCreationTime.dwHighDateTime=0x1d7dcb0, ftLastAccessTime.dwLowDateTime=0x4a3882f0, ftLastAccessTime.dwHighDateTime=0x1d7e4b5, ftLastWriteTime.dwLowDateTime=0x4a3882f0, ftLastWriteTime.dwHighDateTime=0x1d7e4b5, nFileSizeHigh=0x0, nFileSizeLow=0x1407c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Y6-.swf", cAlternateFileName="")) returned 0 [0137.722] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8e4) returned 1 [0137.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb44) returned 1 [0137.722] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0137.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.723] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0137.723] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.725] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.725] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0137.725] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0137.725] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb34) returned 1 [0137.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceae0) returned 1 [0137.725] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x3ce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2d [0137.725] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x3ce890 | out: lpFindFileData=0x3ce890*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.726] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.726] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0137.726] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.726] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce850) returned 1 [0137.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceab0) returned 1 [0137.726] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpFilePart=0x0) returned 0x54 [0137.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.726] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpFilePart=0x0) returned 0x54 [0137.726] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.727] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.727] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.727] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.727] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0137.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.727] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0137.727] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0137.729] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb34) returned 1 [0137.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceae0) returned 1 [0137.729] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x3ce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0137.729] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x3ce890 | out: lpFindFileData=0x3ce890*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.729] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.729] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0137.729] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0137.731] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0137.731] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0137.731] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0137.731] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0137.731] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0137.731] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.731] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce850) returned 1 [0137.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceab0) returned 1 [0137.731] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x33 [0137.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.731] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x33 [0137.732] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.732] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.732] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.733] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.733] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x39 [0137.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.733] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x39 [0137.733] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.736] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.736] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0137.736] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 0 [0137.736] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.736] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0137.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.737] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0137.737] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.737] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.737] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.737] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.737] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0137.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.738] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0137.738] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.739] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.739] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0137.739] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0137.739] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.739] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x45 [0137.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.739] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x45 [0137.740] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.741] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.741] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0137.741] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0137.741] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.741] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x32 [0137.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.742] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x32 [0137.742] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.742] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.742] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0137.743] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0137.743] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.743] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0137.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.743] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0137.743] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.743] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.744] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0137.744] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0 [0137.744] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.744] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0137.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.744] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0137.744] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.745] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.745] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0137.745] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0137.745] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.745] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x33 [0137.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.746] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x33 [0137.746] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.747] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.747] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2868d050, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2868d050, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2868d050, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0137.748] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0137.748] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0137.748] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.748] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x34 [0137.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.748] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x34 [0137.748] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.749] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.749] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53aa4cd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x53aa4cd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a502870, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0137.749] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a907d30, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x93e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0137.749] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.749] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.749] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", lpFilePart=0x0) returned 0x32 [0137.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.749] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof", lpFilePart=0x0) returned 0x32 [0137.750] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.751] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.751] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.751] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.751] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x34 [0137.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.751] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x34 [0137.752] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.752] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.752] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x47b8e1c0, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0137.752] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0137.752] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x510a9850, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-4219442223-4223814209-3835049652-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0137.752] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7bba3b70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7bba3b70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x47bf4a60, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0137.752] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.752] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.752] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x3f [0137.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.752] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x3f [0137.753] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.753] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.753] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0137.753] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0137.753] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.753] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x36 [0137.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.754] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x36 [0137.754] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.754] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.754] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b354e30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b354e30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b4aba90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4615, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0137.754] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.754] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.755] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", lpFilePart=0x0) returned 0x33 [0137.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.755] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof", lpFilePart=0x0) returned 0x33 [0137.755] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.756] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.756] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426e0920, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0137.756] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.756] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.756] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x34 [0137.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.756] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x34 [0137.756] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x75cc2be0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xd14a1930, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xd14a1930, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e803170, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x794f55f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0137.757] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 0 [0137.757] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.757] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x31 [0137.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.758] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x31 [0137.758] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.758] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.758] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0137.758] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 0 [0137.758] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.759] CoTaskMemAlloc (cb=0x20c) returned 0x5351470 [0137.759] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5351470 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0137.759] CoTaskMemFree (pv=0x5351470) [0137.759] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x3ce67c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0137.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb74) returned 1 [0137.759] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x3ce654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0137.759] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\*", lpFindFileData=0x3ce924 | out: lpFindFileData=0x3ce924*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x31f057d0, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x31f057d0, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.759] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x31f057d0, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x31f057d0, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.759] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d965b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d965b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d965b0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0137.759] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79dbc710, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79dbc710, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79dbc710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0137.759] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xc63243a0, ftLastWriteTime.dwHighDateTime=0x1d7e780, nFileSizeHigh=0x0, nFileSizeLow=0x11eca5, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0137.759] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0137.759] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x202d1240, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x202d1240, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0137.759] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79dbc710, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79dbc710, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79dbc710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0137.760] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0137.760] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31f057d0, ftCreationTime.dwHighDateTime=0x1d7fc21, ftLastAccessTime.dwLowDateTime=0x31f057d0, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x31f057d0, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yandex", cAlternateFileName="")) returned 1 [0137.760] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce92c | out: lpFindFileData=0x3ce92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.760] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8e4) returned 1 [0137.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb44) returned 1 [0137.760] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x31 [0137.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.760] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x31 [0137.761] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Application Data\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.768] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", lpFilePart=0x0) returned 0x28 [0137.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.769] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\History", lpFilePart=0x0) returned 0x28 [0137.769] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\History\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.771] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0137.771] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.771] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0137.771] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.771] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~4")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0137.772] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce91c | out: lpFindFileData=0x3ce91c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0137.772] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb34) returned 1 [0137.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceae0) returned 1 [0137.773] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x3ce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2a [0137.773] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x3ce890 | out: lpFindFileData=0x3ce890*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.773] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.773] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0137.773] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0137.773] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0137.773] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0137.773] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~4")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0137.774] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce898 | out: lpFindFileData=0x3ce898*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.774] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce850) returned 1 [0137.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceab0) returned 1 [0137.774] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x36 [0137.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.775] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x36 [0137.775] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.775] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.775] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.775] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.776] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x30 [0137.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.776] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x30 [0137.776] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.776] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79bcd530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.776] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0137.776] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0137.777] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0137.777] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0137.777] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.777] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x36 [0137.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.777] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x36 [0137.777] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xc6ff0710, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0137.778] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79861590, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0137.778] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.778] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x30 [0137.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.778] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x30 [0137.779] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.779] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2cedac90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.779] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2cedac90, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2cedac90, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2d1623f0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 1 [0137.780] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.780] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.780] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3c [0137.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.780] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3c [0137.780] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.780] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x519a8410, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.781] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0137.781] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b81270, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b81270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef07f70, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x2fa5, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0137.781] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x519a8410, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x519a8410, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8e4a11a0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x2466, dwReserved0=0x0, dwReserved1=0x0, cFileName="frameiconcache.dat", cAlternateFileName="FRAMEI~1.DAT")) returned 1 [0137.781] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4dbf6cc0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4dbf6cc0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4dbf6cc0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0137.781] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4d225200, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x518e9d30, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x518e9d30, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0137.781] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4d225200, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x518e9d30, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x518e9d30, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 0 [0137.781] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.782] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x37 [0137.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.782] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x37 [0137.782] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.784] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.784] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b5b110, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b5b110, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2ada6de0, ftLastWriteTime.dwHighDateTime=0x1d706aa, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0137.784] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x79b5b110, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2acc25a0, ftLastAccessTime.dwHighDateTime=0x1d706aa, ftLastWriteTime.dwLowDateTime=0x2acc25a0, ftLastWriteTime.dwHighDateTime=0x1d706aa, nFileSizeHigh=0x0, nFileSizeLow=0x1106e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0137.784] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7983b430, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7983b430, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0137.784] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcba84960, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 1 [0137.784] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcba84960, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0xcba84960, ftLastAccessTime.dwHighDateTime=0x1d706b2, ftLastWriteTime.dwLowDateTime=0xcba84960, ftLastWriteTime.dwHighDateTime=0x1d706b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 0 [0137.785] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.785] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", lpFilePart=0x0) returned 0x31 [0137.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.786] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office", lpFilePart=0x0) returned 0x31 [0137.786] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.786] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x5bb5ba10, ftLastAccessTime.dwHighDateTime=0x1d70910, ftLastWriteTime.dwLowDateTime=0x5bb5ba10, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.786] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x14ff8dd0, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x2dbcc430, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2dbcc430, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16.0", cAlternateFileName="")) returned 1 [0137.787] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5bb5ba10, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x44005180, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x44005180, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTele", cAlternateFileName="")) returned 1 [0137.787] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5bb5ba10, ftCreationTime.dwHighDateTime=0x1d70910, ftLastAccessTime.dwLowDateTime=0x44005180, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x44005180, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTele", cAlternateFileName="")) returned 0 [0137.787] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.787] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", lpFilePart=0x0) returned 0x33 [0137.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.787] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive", lpFilePart=0x0) returned 0x33 [0137.787] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.788] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.788] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe91c6830, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf26feb50, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="17.3.4604.0120", cAlternateFileName="173460~1.012")) returned 1 [0137.788] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf26feb50, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf26feb50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe9617010, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x44aa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.exe", cAlternateFileName="")) returned 1 [0137.788] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8a7c4d0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8a7c4d0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 1 [0137.788] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8a7c4d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8a7c4d0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8a7c4d0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 0 [0137.788] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.788] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x32 [0137.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.788] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x32 [0137.788] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.789] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x23884f50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x23884f50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.789] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ce8e9d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2ce8e9d0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2ce8e9d0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gliding", cAlternateFileName="")) returned 1 [0137.789] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d32b470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x21cff0f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x21cff0f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="mapisvc.inf", cAlternateFileName="")) returned 1 [0137.789] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23884f50, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x242a2cd0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x242a2cd0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 1 [0137.789] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x23884f50, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x242a2cd0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x242a2cd0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 0 [0137.789] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.789] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", lpFilePart=0x0) returned 0x32 [0137.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.789] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows", lpFilePart=0x0) returned 0x32 [0137.790] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb1ed8fe0, ftLastAccessTime.dwHighDateTime=0x1d73a91, ftLastWriteTime.dwLowDateTime=0xb1ed8fe0, ftLastWriteTime.dwHighDateTime=0x1d73a91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x107d8460, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x10aabe80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x10aabe80, ftLastWriteTime.dwHighDateTime=0x1d706a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x46c35e30, ftLastAccessTime.dwHighDateTime=0x1d7a944, ftLastWriteTime.dwLowDateTime=0x46c35e30, ftLastWriteTime.dwHighDateTime=0x1d7a944, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Burn", cAlternateFileName="")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x798152d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x462fb4a0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x462fb4a0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Caches", cAlternateFileName="")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x797ef170, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Explorer", cAlternateFileName="")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x797ef170, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x797ef170, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x797c9010, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb1ed8fe0, ftCreationTime.dwHighDateTime=0x1d73a91, ftLastAccessTime.dwLowDateTime=0xa18da600, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0xa18da600, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell", cAlternateFileName="POWERS~1")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7977cd50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7977cd50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x796e47d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb10c4320, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0xb10c4320, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0137.790] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd49789d0, ftCreationTime.dwHighDateTime=0x1d72469, ftLastAccessTime.dwLowDateTime=0xd49789d0, ftLastAccessTime.dwHighDateTime=0x1d72469, ftLastWriteTime.dwLowDateTime=0xd49789d0, ftLastWriteTime.dwHighDateTime=0x1d72469, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0137.791] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x79b0ee50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xc6aba9c0, ftLastAccessTime.dwHighDateTime=0x1d7e780, ftLastWriteTime.dwLowDateTime=0x22834eb0, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat", cAlternateFileName="")) returned 1 [0137.791] FindNextFileW (in: hFindFile=0x5e9cd8, lpFindFileData=0x3ce888 | out: lpFindFileData=0x3ce888*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79b0ee50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b0ee50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2280ed50, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x1e400, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat.LOG1", cAlternateFileName="USRCLA~2.LOG")) returned 1 [0137.791] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.791] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", lpFilePart=0x0) returned 0x37 [0137.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.792] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live", lpFilePart=0x0) returned 0x37 [0137.792] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Live\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8cddad0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8d03c30, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8d03c30, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.793] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.793] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", lpFilePart=0x0) returned 0x37 [0137.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.793] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail", lpFilePart=0x0) returned 0x37 [0137.794] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x796be670, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7d4ee530, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7d4ee530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.796] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.797] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x38 [0137.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.797] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media", lpFilePart=0x0) returned 0x38 [0137.797] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79698510, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.798] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.798] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", lpFilePart=0x0) returned 0x3a [0137.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.798] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar", lpFilePart=0x0) returned 0x3a [0137.798] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.799] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.799] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0137.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.799] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0137.799] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x202d1240, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x202d1240, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.800] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb34) returned 1 [0137.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceae0) returned 1 [0137.800] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3ce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0137.800] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\*", lpFindFileData=0x3ce890 | out: lpFindFileData=0x3ce890*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x202d1240, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x202d1240, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.800] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce850) returned 1 [0137.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceab0) returned 1 [0137.800] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", lpFilePart=0x0) returned 0x2c [0137.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.800] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py", lpFilePart=0x0) returned 0x2c [0137.801] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\gen_py\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc41f7e30, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc41f7e30, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc41f7e30, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.801] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.801] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", lpFilePart=0x0) returned 0x29 [0137.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.801] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low", lpFilePart=0x0) returned 0x29 [0137.802] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\Low\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc67c1b70, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0xc67c1b70, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0xc67c1b70, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.802] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.802] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", lpFilePart=0x0) returned 0x2c [0137.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.802] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE", lpFilePart=0x0) returned 0x2c [0137.803] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\WPDNSE\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x99411110, ftCreationTime.dwHighDateTime=0x1d7e793, ftLastAccessTime.dwLowDateTime=0x99411110, ftLastAccessTime.dwHighDateTime=0x1d7e793, ftLastWriteTime.dwLowDateTime=0x99411110, ftLastWriteTime.dwHighDateTime=0x1d7e793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.803] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.803] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x39 [0137.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.804] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x39 [0137.804] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.805] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0137.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.805] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0137.806] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.806] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb34) returned 1 [0137.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceae0) returned 1 [0137.806] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x3ce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2d [0137.807] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x3ce890 | out: lpFindFileData=0x3ce890*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7b85dd30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7b85dd30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7b85dd30, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.807] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce850) returned 1 [0137.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceab0) returned 1 [0137.807] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x3ce680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0137.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb64) returned 1 [0137.807] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x3ce644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0137.807] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\*", lpFindFileData=0x3ce914 | out: lpFindFileData=0x3ce914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31f057d0, ftCreationTime.dwHighDateTime=0x1d7fc21, ftLastAccessTime.dwLowDateTime=0x31f057d0, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x31f057d0, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.807] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d4) returned 1 [0137.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceb34) returned 1 [0137.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceae0) returned 1 [0137.808] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", nBufferLength=0x105, lpBuffer=0x3ce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex", lpFilePart=0x0) returned 0x27 [0137.808] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\*", lpFindFileData=0x3ce890 | out: lpFindFileData=0x3ce890*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31f057d0, ftCreationTime.dwHighDateTime=0x1d7fc21, ftLastAccessTime.dwLowDateTime=0x31f057d0, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x31f057d0, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.808] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce850) returned 1 [0137.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceab0) returned 1 [0137.808] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x3ce5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0137.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cead0) returned 1 [0137.808] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x3ce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x2f [0137.809] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YaAddon\\*", lpFindFileData=0x3ce880 | out: lpFindFileData=0x3ce880*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31f057d0, ftCreationTime.dwHighDateTime=0x1d7fc21, ftLastAccessTime.dwLowDateTime=0x31f057d0, ftLastAccessTime.dwHighDateTime=0x1d7fc21, ftLastWriteTime.dwLowDateTime=0x31f057d0, ftLastWriteTime.dwHighDateTime=0x1d7fc21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5e9cd8 [0137.809] FindClose (in: hFindFile=0x5e9cd8 | out: hFindFile=0x5e9cd8) returned 1 [0137.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce840) returned 1 [0137.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ceaa0) returned 1 [0137.846] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.846] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net") returned 0x2c [0137.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.846] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2b [0137.846] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Battle.net\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.848] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.848] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data") returned 0x34 [0137.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.848] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0137.849] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.850] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.850] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x39 [0137.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.850] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0137.851] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.852] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.852] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x3e [0137.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.852] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x3d [0137.852] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.854] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.854] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\") returned 0x33 [0137.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.854] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x32 [0137.854] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.856] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.856] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x42 [0137.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.856] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0137.856] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.857] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.857] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data") returned 0x33 [0137.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.857] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0137.858] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.859] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.859] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x37 [0137.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.860] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0137.860] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.861] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.861] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data") returned 0x37 [0137.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.861] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0137.861] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.863] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.863] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data") returned 0x32 [0137.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.863] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0137.863] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.864] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.864] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data") returned 0x33 [0137.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.865] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0137.865] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.866] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.866] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data") returned 0x32 [0137.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.866] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0137.867] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.868] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.868] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data") returned 0x3c [0137.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.868] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0137.868] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.869] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.870] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x40 [0137.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.870] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0137.870] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.871] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.871] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3a [0137.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.872] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0137.872] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.873] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.873] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x55 [0137.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.873] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0137.873] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.875] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.875] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x40 [0137.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.875] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0137.875] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.877] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.877] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x39 [0137.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.877] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0137.877] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.878] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.878] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data") returned 0x32 [0137.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.878] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0137.879] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.880] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.880] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data") returned 0x34 [0137.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.880] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0137.880] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.882] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.882] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data") returned 0x33 [0137.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.882] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0137.882] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.883] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.883] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x39 [0137.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.883] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0137.884] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.886] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.886] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data") returned 0x36 [0137.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.886] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x35 [0137.886] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.887] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.887] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data") returned 0x31 [0137.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.887] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0137.887] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.889] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.889] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x40 [0137.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.889] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0137.889] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.890] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.891] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data") returned 0x32 [0137.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.891] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x31 [0137.891] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.892] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.892] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x3e [0137.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.892] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x3d [0137.893] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Browser\\Browser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.894] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.894] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data") returned 0x34 [0137.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.894] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x33 [0137.894] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Maxthon3\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.895] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.895] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data") returned 0x33 [0137.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.896] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x32 [0137.896] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\K-Melon\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.897] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.897] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3b [0137.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.898] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0137.898] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.899] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.899] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data") returned 0x34 [0137.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.899] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x33 [0137.900] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Nichrome\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.902] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.902] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3a [0137.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.902] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0137.903] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.904] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.904] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data") returned 0x30 [0137.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.904] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x2f [0137.904] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Uran\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.905] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.906] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data") returned 0x34 [0137.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.906] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x33 [0137.906] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromodo\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.907] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.907] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x38 [0137.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.908] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x37 [0137.908] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.909] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.909] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x47 [0137.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.909] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0137.909] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.910] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.911] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3a [0137.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.911] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0137.911] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.912] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.912] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x4e [0137.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.913] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x4d [0137.913] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.914] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.914] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam") returned 0x27 [0137.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x26 [0137.914] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Steam\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.916] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.916] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x3ceac8, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x3d [0137.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ceb60) returned 1 [0137.916] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x3ce640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3c [0137.917] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CryptoTab Browser\\User Data\\*", lpFindFileData=0x3ce910 | out: lpFindFileData=0x3ce910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce8d0) returned 1 [0137.954] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.954] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Armory", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory") returned 0x2a [0137.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x29 [0137.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x29 [0137.954] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Armory\\*.wallet", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.956] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.956] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\atomic", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic") returned 0x2a [0137.956] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x29 [0137.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.956] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x29 [0137.957] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.958] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.958] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Binance", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance") returned 0x2b [0137.958] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2a [0137.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.959] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2a [0137.959] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Binance\\*app-store*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.960] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.960] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Coinomi", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi") returned 0x2b [0137.960] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", lpFilePart=0x0) returned 0x2a [0137.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.961] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi", lpFilePart=0x0) returned 0x2a [0137.961] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Coinomi\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.962] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.962] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Electrum\\wallets", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets") returned 0x34 [0137.962] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x33 [0137.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.962] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x33 [0137.963] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.964] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.964] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Ethereum\\wallets", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets") returned 0x34 [0137.965] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x33 [0137.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.965] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x33 [0137.965] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\wallets\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.966] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.967] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus\\exodus.wallet", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet") returned 0x38 [0137.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x37 [0137.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x37 [0137.967] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.968] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.968] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus") returned 0x2a [0137.968] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x29 [0137.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.969] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x29 [0137.969] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\*.json", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.971] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.971] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Guarda", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda") returned 0x2a [0137.971] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x29 [0137.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.971] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x29 [0137.971] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Guarda\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.972] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x23 [0137.973] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\com.liberty.jaxx", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx") returned 0x34 [0137.973] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x33 [0137.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.973] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x33 [0137.973] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.974] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj") returned 0x13 [0137.974] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents\\Monero\\wallets", lpDst=0x3ceb54, nSize=0x64 | out: lpDst="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets") returned 0x2c [0137.974] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x3ce778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2b [0137.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cec48) returned 1 [0137.975] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x3ce728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2b [0137.975] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets\\*", lpFindFileData=0x3ce9f8 | out: lpFindFileData=0x3ce9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0137.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce9b8) returned 1 [0137.978] CoCreateGuid (in: pguid=0x3ce974 | out: pguid=0x3ce974*(Data1=0xc3217b28, Data2=0x9835, Data3=0x486b, Data4=([0]=0x8d, [1]=0xdf, [2]=0x80, [3]=0x5b, [4]=0x1a, [5]=0x61, [6]=0x25, [7]=0x9d))) returned 0x0 [0137.978] CoCreateGuid (in: pguid=0x3ce8b8 | out: pguid=0x3ce8b8*(Data1=0x7465b881, Data2=0x738c, Data3=0x4bc7, Data4=([0]=0x99, [1]=0xd8, [2]=0xc2, [3]=0x78, [4]=0x47, [5]=0x96, [6]=0xfc, [7]=0xd5))) returned 0x0 [0137.992] send (s=0x238, buf=0x25613cb*, len=162, flags=0) returned 162 [0137.993] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 132 [0138.045] CoCreateGuid (in: pguid=0x3ce9c4 | out: pguid=0x3ce9c4*(Data1=0x9be06d56, Data2=0x9c0c, Data3=0x438b, Data4=([0]=0xa9, [1]=0xb9, [2]=0xcf, [3]=0x5, [4]=0x82, [5]=0x6a, [6]=0x24, [7]=0x9c))) returned 0x0 [0138.045] CoCreateGuid (in: pguid=0x3ce908 | out: pguid=0x3ce908*(Data1=0x6d240530, Data2=0x62bf, Data3=0x4a42, Data4=([0]=0x8b, [1]=0xc3, [2]=0xf4, [3]=0x49, [4]=0xc2, [5]=0x9c, [6]=0x6, [7]=0x81))) returned 0x0 [0138.046] send (s=0x238, buf=0x25613cb*, len=157, flags=0) returned 157 [0138.046] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 112 [0138.105] CoCreateGuid (in: pguid=0x3ce98c | out: pguid=0x3ce98c*(Data1=0x552c6414, Data2=0x6017, Data3=0x46bf, Data4=([0]=0x9e, [1]=0x31, [2]=0x96, [3]=0x8e, [4]=0x98, [5]=0x75, [6]=0x7c, [7]=0xb9))) returned 0x0 [0138.105] CoCreateGuid (in: pguid=0x3ce8d0 | out: pguid=0x3ce8d0*(Data1=0x880607d, Data2=0x522f, Data3=0x4c1d, Data4=([0]=0xb7, [1]=0x9b, [2]=0x7b, [3]=0x10, [4]=0xd6, [5]=0x16, [6]=0x56, [7]=0xa3))) returned 0x0 [0138.106] send (s=0x238, buf=0x262716f*, len=567, flags=0) returned 567 [0138.106] recv (in: s=0x238, buf=0x24f4430, len=8192, flags=0 | out: buf=0x24f4430*) returned 136 [0138.191] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340 [0138.191] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318 [0138.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cde54 | out: phkResult=0x3cde54*=0x33c) returned 0x0 [0138.199] RegQueryValueExW (in: hKey=0x33c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3cde74, lpData=0x0, lpcbData=0x3cde70*=0x0 | out: lpType=0x3cde74*=0x1, lpData=0x0, lpcbData=0x3cde70*=0xe) returned 0x0 [0138.199] RegQueryValueExW (in: hKey=0x33c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3cde74, lpData=0x262bf1c, lpcbData=0x3cde70*=0xe | out: lpType=0x3cde74*=0x1, lpData="Client", lpcbData=0x3cde70*=0xe) returned 0x0 [0138.199] RegCloseKey (hKey=0x33c) returned 0x0 [0138.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec20 | out: phkResult=0x3cec20*=0x33c) returned 0x0 [0138.203] RegQueryValueExW (in: hKey=0x33c, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x3cec3c, lpData=0x0, lpcbData=0x3cec38*=0x0 | out: lpType=0x3cec3c*=0x0, lpData=0x0, lpcbData=0x3cec38*=0x0) returned 0x2 [0138.203] RegCloseKey (hKey=0x33c) returned 0x0 [0138.206] GetCurrentProcessId () returned 0xdc4 [0138.208] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.294] EnumProcessModules (in: hProcess=0x33c, lphModule=0x262c700, cb=0x100, lpcbNeeded=0x3cec2c | out: lphModule=0x262c700, lpcbNeeded=0x3cec2c) returned 1 [0138.296] EnumProcessModules (in: hProcess=0x33c, lphModule=0x262ca98, cb=0x200, lpcbNeeded=0x3cec2c | out: lphModule=0x262ca98, lpcbNeeded=0x3cec2c) returned 1 [0138.298] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x262ccd8, cb=0xc | out: lpmodinfo=0x262ccd8*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.299] CoTaskMemAlloc (cb=0x804) returned 0x538d418 [0138.299] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x538d418, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.299] CoTaskMemFree (pv=0x538d418) [0138.300] CoTaskMemAlloc (cb=0x804) returned 0x538d418 [0138.300] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x538d418, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.300] CoTaskMemFree (pv=0x538d418) [0138.300] CloseHandle (hObject=0x33c) returned 1 [0138.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.301] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x0) returned 0x2 [0138.302] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.302] RegQueryValueExW (in: hKey=0x33c, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.302] RegCloseKey (hKey=0x33c) returned 0x0 [0138.302] GetCurrentProcessId () returned 0xdc4 [0138.302] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.303] EnumProcessModules (in: hProcess=0x33c, lphModule=0x263a404, cb=0x100, lpcbNeeded=0x3cec2c | out: lphModule=0x263a404, lpcbNeeded=0x3cec2c) returned 1 [0138.304] EnumProcessModules (in: hProcess=0x33c, lphModule=0x263a510, cb=0x200, lpcbNeeded=0x3cec2c | out: lphModule=0x263a510, lpcbNeeded=0x3cec2c) returned 1 [0138.305] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x263a750, cb=0xc | out: lpmodinfo=0x263a750*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.305] CoTaskMemAlloc (cb=0x804) returned 0x538d418 [0138.305] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x538d418, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.306] CoTaskMemFree (pv=0x538d418) [0138.306] CoTaskMemAlloc (cb=0x804) returned 0x538d418 [0138.306] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x538d418, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.306] CoTaskMemFree (pv=0x538d418) [0138.306] CloseHandle (hObject=0x33c) returned 1 [0138.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x0) returned 0x2 [0138.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.307] RegQueryValueExW (in: hKey=0x33c, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.307] RegCloseKey (hKey=0x33c) returned 0x0 [0138.308] GetCurrentProcessId () returned 0xdc4 [0138.308] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.308] EnumProcessModules (in: hProcess=0x33c, lphModule=0x2642b40, cb=0x100, lpcbNeeded=0x3cec2c | out: lphModule=0x2642b40, lpcbNeeded=0x3cec2c) returned 1 [0138.310] EnumProcessModules (in: hProcess=0x33c, lphModule=0x2642c4c, cb=0x200, lpcbNeeded=0x3cec2c | out: lphModule=0x2642c4c, lpcbNeeded=0x3cec2c) returned 1 [0138.311] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x2642e8c, cb=0xc | out: lpmodinfo=0x2642e8c*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.311] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.311] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x53849d8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.311] CoTaskMemFree (pv=0x53849d8) [0138.311] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.311] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x53849d8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.312] CoTaskMemFree (pv=0x53849d8) [0138.312] CloseHandle (hObject=0x33c) returned 1 [0138.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.312] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x0) returned 0x2 [0138.313] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.313] RegQueryValueExW (in: hKey=0x33c, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.313] RegCloseKey (hKey=0x33c) returned 0x0 [0138.314] GetCurrentProcessId () returned 0xdc4 [0138.314] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.314] EnumProcessModules (in: hProcess=0x33c, lphModule=0x2645804, cb=0x100, lpcbNeeded=0x3cec2c | out: lphModule=0x2645804, lpcbNeeded=0x3cec2c) returned 1 [0138.315] EnumProcessModules (in: hProcess=0x33c, lphModule=0x2645910, cb=0x200, lpcbNeeded=0x3cec2c | out: lphModule=0x2645910, lpcbNeeded=0x3cec2c) returned 1 [0138.316] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x2645b50, cb=0xc | out: lpmodinfo=0x2645b50*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.317] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.317] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x53849d8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.317] CoTaskMemFree (pv=0x53849d8) [0138.317] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.317] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x53849d8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.317] CoTaskMemFree (pv=0x53849d8) [0138.317] CloseHandle (hObject=0x33c) returned 1 [0138.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.318] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x0) returned 0x2 [0138.318] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.318] RegQueryValueExW (in: hKey=0x33c, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.318] RegCloseKey (hKey=0x33c) returned 0x0 [0138.319] GetCurrentProcessId () returned 0xdc4 [0138.319] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.319] EnumProcessModules (in: hProcess=0x33c, lphModule=0x2649f00, cb=0x100, lpcbNeeded=0x3cec2c | out: lphModule=0x2649f00, lpcbNeeded=0x3cec2c) returned 1 [0138.320] EnumProcessModules (in: hProcess=0x33c, lphModule=0x264a00c, cb=0x200, lpcbNeeded=0x3cec2c | out: lphModule=0x264a00c, lpcbNeeded=0x3cec2c) returned 1 [0138.322] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x264a24c, cb=0xc | out: lpmodinfo=0x264a24c*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.322] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.322] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x53849d8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.322] CoTaskMemFree (pv=0x53849d8) [0138.323] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.323] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x53849d8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.323] CoTaskMemFree (pv=0x53849d8) [0138.323] CloseHandle (hObject=0x33c) returned 1 [0138.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.323] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x0) returned 0x2 [0138.324] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.324] RegQueryValueExW (in: hKey=0x33c, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.324] RegCloseKey (hKey=0x33c) returned 0x0 [0138.324] GetCurrentProcessId () returned 0xdc4 [0138.324] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.324] EnumProcessModules (in: hProcess=0x33c, lphModule=0x264cb28, cb=0x100, lpcbNeeded=0x3cec2c | out: lphModule=0x264cb28, lpcbNeeded=0x3cec2c) returned 1 [0138.326] EnumProcessModules (in: hProcess=0x33c, lphModule=0x264cc34, cb=0x200, lpcbNeeded=0x3cec2c | out: lphModule=0x264cc34, lpcbNeeded=0x3cec2c) returned 1 [0138.327] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x264ce74, cb=0xc | out: lpmodinfo=0x264ce74*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.327] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.327] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x53849d8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.328] CoTaskMemFree (pv=0x53849d8) [0138.328] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.328] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x53849d8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.328] CoTaskMemFree (pv=0x53849d8) [0138.328] CloseHandle (hObject=0x33c) returned 1 [0138.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x0) returned 0x2 [0138.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.329] RegQueryValueExW (in: hKey=0x33c, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.329] RegCloseKey (hKey=0x33c) returned 0x0 [0138.335] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.335] RegQueryValueExW (in: hKey=0x33c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.335] RegCloseKey (hKey=0x33c) returned 0x0 [0138.336] GetCurrentProcessId () returned 0xdc4 [0138.336] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.336] EnumProcessModules (in: hProcess=0x33c, lphModule=0x26507b8, cb=0x100, lpcbNeeded=0x3cec28 | out: lphModule=0x26507b8, lpcbNeeded=0x3cec28) returned 1 [0138.337] EnumProcessModules (in: hProcess=0x33c, lphModule=0x26508c4, cb=0x200, lpcbNeeded=0x3cec28 | out: lphModule=0x26508c4, lpcbNeeded=0x3cec28) returned 1 [0138.351] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x2650b04, cb=0xc | out: lpmodinfo=0x2650b04*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.352] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.352] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x53849d8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.352] CoTaskMemFree (pv=0x53849d8) [0138.352] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.352] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x53849d8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.352] CoTaskMemFree (pv=0x53849d8) [0138.352] CloseHandle (hObject=0x33c) returned 1 [0138.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.354] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec20 | out: phkResult=0x3cec20*=0x0) returned 0x2 [0138.354] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec20 | out: phkResult=0x3cec20*=0x33c) returned 0x0 [0138.354] RegQueryValueExW (in: hKey=0x33c, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x3cec3c, lpData=0x0, lpcbData=0x3cec38*=0x0 | out: lpType=0x3cec3c*=0x0, lpData=0x0, lpcbData=0x3cec38*=0x0) returned 0x2 [0138.354] RegCloseKey (hKey=0x33c) returned 0x0 [0138.355] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec24 | out: phkResult=0x3cec24*=0x33c) returned 0x0 [0138.355] RegQueryValueExW (in: hKey=0x33c, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x3cec40, lpData=0x0, lpcbData=0x3cec3c*=0x0 | out: lpType=0x3cec40*=0x0, lpData=0x0, lpcbData=0x3cec3c*=0x0) returned 0x2 [0138.355] RegCloseKey (hKey=0x33c) returned 0x0 [0138.356] GetCurrentProcessId () returned 0xdc4 [0138.356] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x33c [0138.356] EnumProcessModules (in: hProcess=0x33c, lphModule=0x26537d0, cb=0x100, lpcbNeeded=0x3cec28 | out: lphModule=0x26537d0, lpcbNeeded=0x3cec28) returned 1 [0138.357] EnumProcessModules (in: hProcess=0x33c, lphModule=0x26538dc, cb=0x200, lpcbNeeded=0x3cec28 | out: lphModule=0x26538dc, lpcbNeeded=0x3cec28) returned 1 [0138.358] GetModuleInformation (in: hProcess=0x33c, hModule=0x400000, lpmodinfo=0x2653b1c, cb=0xc | out: lpmodinfo=0x2653b1c*(lpBaseOfDll=0x400000, SizeOfImage=0x20000, EntryPoint=0x4191be)) returned 1 [0138.359] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.359] GetModuleBaseNameW (in: hProcess=0x33c, hModule=0x400000, lpBaseName=0x53849d8, nSize=0x800 | out: lpBaseName="AppLaunch.exe") returned 0xd [0138.359] CoTaskMemFree (pv=0x53849d8) [0138.359] CoTaskMemAlloc (cb=0x804) returned 0x53849d8 [0138.359] GetModuleFileNameExW (in: hProcess=0x33c, hModule=0x400000, lpFilename=0x53849d8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe")) returned 0x3b [0138.359] CoTaskMemFree (pv=0x53849d8) [0138.359] CloseHandle (hObject=0x33c) returned 1 [0138.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x3ce750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b [0138.360] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec20 | out: phkResult=0x3cec20*=0x0) returned 0x2 [0138.360] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cec20 | out: phkResult=0x3cec20*=0x33c) returned 0x0 [0138.360] RegQueryValueExW (in: hKey=0x33c, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x3cec3c, lpData=0x0, lpcbData=0x3cec38*=0x0 | out: lpType=0x3cec3c*=0x0, lpData=0x0, lpcbData=0x3cec38*=0x0) returned 0x2 [0138.360] RegCloseKey (hKey=0x33c) returned 0x0 [0138.393] CoGetContextToken (in: pToken=0x3cf748 | out: pToken=0x3cf748) returned 0x0 [0138.393] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cf76c | out: ppvObject=0x3cf76c*=0x56e704) returned 0x0 [0138.393] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0x3cf7cc | out: pThreadType=0x3cf7cc*=0) returned 0x0 [0138.393] IUnknown:Release (This=0x56e704) returned 0x1 [0138.395] CoGetContextToken (in: pToken=0x3cf454 | out: pToken=0x3cf454) returned 0x0 [0138.395] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cf478 | out: ppvObject=0x3cf478*=0x56e704) returned 0x0 [0138.395] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0x3cf4a4 | out: pThreadType=0x3cf4a4*=0) returned 0x0 [0138.395] IUnknown:Release (This=0x56e704) returned 0x1 [0138.400] CoGetContextToken (in: pToken=0x3cf454 | out: pToken=0x3cf454) returned 0x0 [0138.400] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cf478 | out: ppvObject=0x3cf478*=0x56e704) returned 0x0 [0138.400] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0x3cf4a4 | out: pThreadType=0x3cf4a4*=0) returned 0x0 [0138.401] IUnknown:Release (This=0x56e704) returned 0x1 [0138.464] CoGetContextToken (in: pToken=0x3cf454 | out: pToken=0x3cf454) returned 0x0 [0138.464] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cf478 | out: ppvObject=0x3cf478*=0x56e704) returned 0x0 [0138.464] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0x3cf4a4 | out: pThreadType=0x3cf4a4*=0) returned 0x0 [0138.464] IUnknown:Release (This=0x56e704) returned 0x1 [0138.466] CoGetContextToken (in: pToken=0x3cf474 | out: pToken=0x3cf474) returned 0x0 [0138.466] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3cf498 | out: ppvObject=0x3cf498*=0x56e704) returned 0x0 [0138.466] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0x3cf4c4 | out: pThreadType=0x3cf4c4*=0) returned 0x0 [0138.466] IUnknown:Release (This=0x56e704) returned 0x1 [0138.503] CoUninitialize () Thread: id = 3 os_tid = 0xdcc Thread: id = 4 os_tid = 0xdd0 [0077.135] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0105.690] CoGetContextToken (in: pToken=0xfdfa74 | out: pToken=0xfdfa74) returned 0x0 [0105.690] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0105.690] WbemLocator:IUnknown:Release (This=0x5ea398) returned 0x1 [0105.690] WbemLocator:IUnknown:Release (This=0x5ea398) returned 0x0 [0105.690] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0105.690] IUnknown:Release (This=0x60b2f8) returned 0x2 [0105.690] IUnknown:Release (This=0x60b2f8) returned 0x1 [0105.690] IUnknown:Release (This=0x60b2f8) returned 0x0 [0105.691] RegCloseKey (hKey=0x318) returned 0x0 [0105.691] RegCloseKey (hKey=0x314) returned 0x0 [0108.401] CoGetContextToken (in: pToken=0xfdfa74 | out: pToken=0xfdfa74) returned 0x0 [0108.401] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.401] WbemLocator:IUnknown:Release (This=0x5ea408) returned 0x1 [0108.401] WbemLocator:IUnknown:Release (This=0x5ea408) returned 0x0 [0108.401] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.401] WbemLocator:IUnknown:Release (This=0x608f48) returned 0x1 [0108.401] WbemLocator:IUnknown:Release (This=0x608f48) returned 0x0 [0108.449] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.449] WbemLocator:IUnknown:Release (This=0x5ea4d8) returned 0x1 [0108.449] WbemLocator:IUnknown:Release (This=0x5ea4d8) returned 0x0 [0108.450] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.450] WbemLocator:IUnknown:Release (This=0x5919b8) returned 0x1 [0108.450] WbemLocator:IUnknown:Release (This=0x5919b8) returned 0x0 [0108.454] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.454] WbemLocator:IUnknown:Release (This=0x608e08) returned 0x1 [0108.454] WbemLocator:IUnknown:Release (This=0x608e08) returned 0x0 [0108.454] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.455] WbemLocator:IUnknown:Release (This=0x5ea3a8) returned 0x1 [0108.455] WbemLocator:IUnknown:Release (This=0x5ea3a8) returned 0x0 [0108.455] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.455] WbemLocator:IUnknown:Release (This=0x608e58) returned 0x1 [0108.455] WbemLocator:IUnknown:Release (This=0x608e58) returned 0x0 [0108.455] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.455] WbemLocator:IUnknown:Release (This=0x60a750) returned 0x1 [0108.455] WbemLocator:IUnknown:Release (This=0x60a750) returned 0x0 [0108.456] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.456] WbemLocator:IUnknown:Release (This=0x6090d8) returned 0x1 [0108.456] WbemLocator:IUnknown:Release (This=0x6090d8) returned 0x0 [0108.456] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.456] WbemLocator:IUnknown:Release (This=0x60a7b0) returned 0x1 [0108.456] WbemLocator:IUnknown:Release (This=0x60a7b0) returned 0x0 [0108.456] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.456] IUnknown:Release (This=0x5c6840) returned 0x2 [0108.456] IUnknown:Release (This=0x5c6840) returned 0x1 [0108.456] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.457] WbemLocator:IUnknown:Release (This=0x60a810) returned 0x1 [0108.457] WbemLocator:IUnknown:Release (This=0x60a810) returned 0x0 [0108.457] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.457] WbemLocator:IUnknown:Release (This=0x6093a8) returned 0x1 [0108.457] WbemLocator:IUnknown:Release (This=0x6093a8) returned 0x0 [0108.457] CoGetContextToken (in: pToken=0xfdfa74 | out: pToken=0xfdfa74) returned 0x0 [0108.457] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x1 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x0 [0108.458] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df740) returned 0x1 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df740) returned 0x0 [0108.458] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x1 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x0 [0108.458] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df660) returned 0x1 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df660) returned 0x0 [0108.458] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x1 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x0 [0108.458] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x1 [0108.458] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x0 [0108.458] IUnknown:Release (This=0x5c6840) returned 0x0 [0108.653] CoGetContextToken (in: pToken=0xfdfa74 | out: pToken=0xfdfa74) returned 0x0 [0108.653] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.653] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x1 [0108.653] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x0 [0108.653] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.654] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x1 [0108.654] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x0 [0108.654] CoGetContextToken (in: pToken=0xfdfa74 | out: pToken=0xfdfa74) returned 0x0 [0108.654] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0108.654] WbemLocator:IUnknown:Release (This=0x6091c8) returned 0x1 [0108.654] WbemLocator:IUnknown:Release (This=0x6091c8) returned 0x0 [0108.699] IUnknown:Release (This=0x56e6f8) returned 0x0 [0108.743] GdipDisposeImage (image=0x4ae2230) returned 0x0 [0135.500] CoGetContextToken (in: pToken=0xfdfa74 | out: pToken=0xfdfa74) returned 0x0 [0135.500] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0135.500] IUnknown:Release (This=0x61fde8) returned 0x2 [0135.500] IUnknown:Release (This=0x61fde8) returned 0x1 [0135.500] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0135.500] WbemLocator:IUnknown:Release (This=0x60a940) returned 0x1 [0135.500] WbemLocator:IUnknown:Release (This=0x60a940) returned 0x0 [0135.500] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0135.500] IUnknown:Release (This=0x61fab8) returned 0x2 [0135.500] IUnknown:Release (This=0x61fab8) returned 0x1 [0135.500] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0135.500] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x1 [0135.500] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x0 [0135.500] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0135.500] IUnknown:Release (This=0x5c6840) returned 0x2 [0135.500] IUnknown:Release (This=0x5c6840) returned 0x1 [0135.500] CoGetContextToken (in: pToken=0xfdf9f8 | out: pToken=0xfdf9f8) returned 0x0 [0135.500] WbemLocator:IUnknown:Release (This=0x60a830) returned 0x1 [0135.500] WbemLocator:IUnknown:Release (This=0x60a830) returned 0x0 [0135.500] IUnknown:Release (This=0x5c6840) returned 0x0 [0135.501] IUnknown:Release (This=0x61fab8) returned 0x0 [0135.501] IUnknown:Release (This=0x61fde8) returned 0x0 [0135.501] RegCloseKey (hKey=0x33c) returned 0x0 [0135.501] RegCloseKey (hKey=0x318) returned 0x0 [0135.501] RegCloseKey (hKey=0x340) returned 0x0 [0138.396] EtwEventUnregister () returned 0x0 [0138.396] EtwEventUnregister () returned 0x0 [0138.398] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x220 [0138.399] PostMessageW (hWnd=0x800cc, Msg=0x12, wParam=0x0, lParam=0x0) returned 1 [0138.399] CoGetContextToken (in: pToken=0xfdf644 | out: pToken=0xfdf644) returned 0x0 [0138.399] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xfdf668 | out: ppvObject=0xfdf668*=0x56e704) returned 0x0 [0138.399] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0xfdf694 | out: pThreadType=0xfdf694*=0) returned 0x0 [0138.399] IUnknown:Release (This=0x56e704) returned 0x1 [0138.413] CoGetContextToken (in: pToken=0xfdf65c | out: pToken=0xfdf65c) returned 0x0 [0138.414] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xfdf680 | out: ppvObject=0xfdf680*=0x56e704) returned 0x0 [0138.414] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0xfdf6ac | out: pThreadType=0xfdf6ac*=0) returned 0x0 [0138.414] IUnknown:Release (This=0x56e704) returned 0x1 [0138.424] IUnknown:Release (This=0x53579f8) returned 0x2 [0138.424] IUnknown:Release (This=0x5357860) returned 0x2 [0138.425] IUnknown:Release (This=0x53576c8) returned 0x2 [0138.425] IUnknown:Release (This=0x5357530) returned 0x2 [0138.425] IUnknown:Release (This=0x5357398) returned 0x2 [0138.425] IUnknown:Release (This=0x5357200) returned 0x2 [0138.425] IUnknown:Release (This=0x5357068) returned 0x2 [0138.425] IUnknown:Release (This=0x5356ed0) returned 0x2 [0138.426] IUnknown:Release (This=0x5356d38) returned 0x2 [0138.426] IUnknown:Release (This=0x5356ba0) returned 0x2 [0138.426] IUnknown:Release (This=0x5356a08) returned 0x2 [0138.426] IUnknown:Release (This=0x5356870) returned 0x2 [0138.426] IUnknown:Release (This=0x53566d8) returned 0x2 [0138.427] IUnknown:Release (This=0x5356540) returned 0x2 [0138.427] IUnknown:Release (This=0x53563a8) returned 0x2 [0138.427] IUnknown:Release (This=0x5356210) returned 0x2 [0138.427] IUnknown:Release (This=0x5356078) returned 0x2 [0138.427] IUnknown:Release (This=0x5355ee0) returned 0x2 [0138.428] IUnknown:Release (This=0x5355d48) returned 0x2 [0138.428] IUnknown:Release (This=0x534c560) returned 0x2 [0138.428] IUnknown:Release (This=0x534c3c8) returned 0x2 [0138.428] IUnknown:Release (This=0x534c230) returned 0x2 [0138.428] IUnknown:Release (This=0x534c098) returned 0x2 [0138.429] IUnknown:Release (This=0x534bf00) returned 0x2 [0138.429] IUnknown:Release (This=0x534bd68) returned 0x2 [0138.429] IUnknown:Release (This=0x534bbd0) returned 0x2 [0138.429] IUnknown:Release (This=0x534ba38) returned 0x2 [0138.429] IUnknown:Release (This=0x534b8a0) returned 0x2 [0138.429] IUnknown:Release (This=0x534b708) returned 0x2 [0138.430] IUnknown:Release (This=0x534b570) returned 0x2 [0138.430] IUnknown:Release (This=0x534b3d8) returned 0x2 [0138.430] IUnknown:Release (This=0x534b240) returned 0x2 [0138.430] IUnknown:Release (This=0x534b0a8) returned 0x2 [0138.430] IUnknown:Release (This=0x534af10) returned 0x2 [0138.431] IUnknown:Release (This=0x534ad78) returned 0x2 [0138.431] IUnknown:Release (This=0x534abe0) returned 0x2 [0138.431] IUnknown:Release (This=0x534aa48) returned 0x2 [0138.431] IUnknown:Release (This=0x534a8b0) returned 0x2 [0138.431] IUnknown:Release (This=0x534a718) returned 0x2 [0138.432] IUnknown:Release (This=0x53414b8) returned 0x2 [0138.432] IUnknown:Release (This=0x5341320) returned 0x2 [0138.432] IUnknown:Release (This=0x5341188) returned 0x2 [0138.432] IUnknown:Release (This=0x5340ff0) returned 0x2 [0138.432] IUnknown:Release (This=0x5340e58) returned 0x2 [0138.432] IUnknown:Release (This=0x5340cc0) returned 0x2 [0138.433] IUnknown:Release (This=0x5340b28) returned 0x2 [0138.433] IUnknown:Release (This=0x5340990) returned 0x2 [0138.433] IUnknown:Release (This=0x53407f8) returned 0x2 [0138.433] IUnknown:Release (This=0x5340660) returned 0x2 [0138.434] IUnknown:Release (This=0x53404c8) returned 0x2 [0138.434] IUnknown:Release (This=0x5340330) returned 0x2 [0138.434] IUnknown:Release (This=0x5340198) returned 0x2 [0138.434] IUnknown:Release (This=0x5340000) returned 0x2 [0138.434] IUnknown:Release (This=0x533fe68) returned 0x2 [0138.435] IUnknown:Release (This=0x533fcd0) returned 0x2 [0138.435] IUnknown:Release (This=0x533fb38) returned 0x2 [0138.435] IUnknown:Release (This=0x533f9a0) returned 0x2 [0138.435] IUnknown:Release (This=0x533f808) returned 0x2 [0138.435] IUnknown:Release (This=0x533f670) returned 0x2 [0138.436] IUnknown:Release (This=0x532ef20) returned 0x2 [0138.436] IUnknown:Release (This=0x53241e0) returned 0x2 [0138.436] IUnknown:Release (This=0x5324048) returned 0x2 [0138.436] IUnknown:Release (This=0x532c298) returned 0x2 [0138.436] IUnknown:Release (This=0x532be20) returned 0x2 [0138.437] IUnknown:Release (This=0x532ad90) returned 0x2 [0138.437] IUnknown:Release (This=0x532a928) returned 0x2 [0138.437] IUnknown:Release (This=0x532a490) returned 0x2 [0138.437] IUnknown:Release (This=0x532a028) returned 0x2 [0138.437] IUnknown:Release (This=0x5329bc0) returned 0x2 [0138.438] IUnknown:Release (This=0x5329758) returned 0x2 [0138.438] IUnknown:Release (This=0x5331510) returned 0x2 [0138.438] IUnknown:Release (This=0x5326a88) returned 0x2 [0138.438] IUnknown:Release (This=0x609c20) returned 0x2 [0138.438] IUnknown:Release (This=0x5c6840) returned 0x2 [0138.445] EtwEventUnregister () returned 0x0 [0138.449] CloseHandle (hObject=0x310) returned 1 [0138.454] CloseHandle (hObject=0x220) returned 1 [0138.455] CloseHandle (hObject=0x318) returned 1 [0138.455] CloseHandle (hObject=0x340) returned 1 [0138.456] CloseHandle (hObject=0x298) returned 1 [0138.457] CloseHandle (hObject=0x270) returned 1 [0138.457] RegCloseKey (hKey=0x80000004) returned 0x0 [0138.458] CloseHandle (hObject=0x320) returned 1 [0138.458] UnmapViewOfFile (lpBaseAddress=0x420000) returned 1 [0138.460] setsockopt (s=0x238, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0138.460] closesocket (s=0x238) returned 0 [0138.466] CoGetContextToken (in: pToken=0xfdf6b4 | out: pToken=0xfdf6b4) returned 0x0 [0138.466] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.466] WbemLocator:IUnknown:Release (This=0x608ef8) returned 0x1 [0138.466] WbemLocator:IUnknown:Release (This=0x608ef8) returned 0x0 [0138.468] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.468] IUnknown:Release (This=0x5340198) returned 0x1 [0138.468] IUnknown:Release (This=0x5340198) returned 0x0 [0138.468] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.468] IUnknown:Release (This=0x53576c8) returned 0x1 [0138.468] IUnknown:Release (This=0x53576c8) returned 0x0 [0138.469] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.469] IUnknown:Release (This=0x534a8b0) returned 0x1 [0138.469] IUnknown:Release (This=0x534a8b0) returned 0x0 [0138.469] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.469] IUnknown:Release (This=0x534c560) returned 0x1 [0138.469] IUnknown:Release (This=0x534c560) returned 0x0 [0138.469] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.469] IUnknown:Release (This=0x5c6840) returned 0x1 [0138.469] IUnknown:Release (This=0x5c6840) returned 0x0 [0138.469] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.469] IUnknown:Release (This=0x5340990) returned 0x1 [0138.470] IUnknown:Release (This=0x5340990) returned 0x0 [0138.470] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.470] IUnknown:Release (This=0x5356210) returned 0x1 [0138.470] IUnknown:Release (This=0x5356210) returned 0x0 [0138.470] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.470] IUnknown:Release (This=0x534b0a8) returned 0x1 [0138.470] IUnknown:Release (This=0x534b0a8) returned 0x0 [0138.470] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.470] IUnknown:Release (This=0x609c20) returned 0x1 [0138.470] IUnknown:Release (This=0x609c20) returned 0x0 [0138.470] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.470] IUnknown:Release (This=0x5356540) returned 0x1 [0138.470] IUnknown:Release (This=0x5356540) returned 0x0 [0138.470] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.471] IUnknown:Release (This=0x5341188) returned 0x1 [0138.471] IUnknown:Release (This=0x5341188) returned 0x0 [0138.471] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.471] IUnknown:Release (This=0x5356a08) returned 0x1 [0138.471] IUnknown:Release (This=0x5356a08) returned 0x0 [0138.471] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.471] IUnknown:Release (This=0x534b8a0) returned 0x1 [0138.471] IUnknown:Release (This=0x534b8a0) returned 0x0 [0138.471] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.471] IUnknown:Release (This=0x532ad90) returned 0x1 [0138.471] IUnknown:Release (This=0x532ad90) returned 0x0 [0138.471] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.471] IUnknown:Release (This=0x5355d48) returned 0x1 [0138.471] IUnknown:Release (This=0x5355d48) returned 0x0 [0138.472] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.472] IUnknown:Release (This=0x5357200) returned 0x1 [0138.472] IUnknown:Release (This=0x5357200) returned 0x0 [0138.472] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.472] IUnknown:Release (This=0x534c098) returned 0x1 [0138.472] IUnknown:Release (This=0x534c098) returned 0x0 [0138.472] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.472] IUnknown:Release (This=0x533fcd0) returned 0x1 [0138.472] IUnknown:Release (This=0x533fcd0) returned 0x0 [0138.472] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.472] IUnknown:Release (This=0x53241e0) returned 0x1 [0138.472] IUnknown:Release (This=0x53241e0) returned 0x0 [0138.472] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.472] IUnknown:Release (This=0x5324048) returned 0x1 [0138.473] IUnknown:Release (This=0x5324048) returned 0x0 [0138.473] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.473] IUnknown:Release (This=0x53404c8) returned 0x1 [0138.473] IUnknown:Release (This=0x53404c8) returned 0x0 [0138.473] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.473] IUnknown:Release (This=0x534abe0) returned 0x1 [0138.473] IUnknown:Release (This=0x534abe0) returned 0x0 [0138.473] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.473] IUnknown:Release (This=0x5340cc0) returned 0x1 [0138.473] IUnknown:Release (This=0x5340cc0) returned 0x0 [0138.473] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.473] IUnknown:Release (This=0x534b3d8) returned 0x1 [0138.473] IUnknown:Release (This=0x534b3d8) returned 0x0 [0138.473] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.473] IUnknown:Release (This=0x53414b8) returned 0x1 [0138.474] IUnknown:Release (This=0x53414b8) returned 0x0 [0138.474] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.474] IUnknown:Release (This=0x5356d38) returned 0x1 [0138.474] IUnknown:Release (This=0x5356d38) returned 0x0 [0138.474] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.474] IUnknown:Release (This=0x534bbd0) returned 0x1 [0138.474] IUnknown:Release (This=0x534bbd0) returned 0x0 [0138.474] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.474] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x1 [0138.474] WbemLocator:IUnknown:Release (This=0x60a860) returned 0x0 [0138.474] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.474] IUnknown:Release (This=0x5356ba0) returned 0x1 [0138.474] IUnknown:Release (This=0x5356ba0) returned 0x0 [0138.474] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.474] IUnknown:Release (This=0x5357530) returned 0x1 [0138.474] IUnknown:Release (This=0x5357530) returned 0x0 [0138.475] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.475] IUnknown:Release (This=0x534c3c8) returned 0x1 [0138.475] IUnknown:Release (This=0x534c3c8) returned 0x0 [0138.475] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.475] IUnknown:Release (This=0x533f808) returned 0x1 [0138.475] IUnknown:Release (This=0x533f808) returned 0x0 [0138.475] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.475] WbemLocator:IUnknown:Release (This=0x6093a8) returned 0x1 [0138.475] WbemLocator:IUnknown:Release (This=0x6093a8) returned 0x0 [0138.476] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.476] IUnknown:Release (This=0x53566d8) returned 0x1 [0138.476] IUnknown:Release (This=0x53566d8) returned 0x0 [0138.476] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.476] IUnknown:Release (This=0x5340000) returned 0x1 [0138.476] IUnknown:Release (This=0x5340000) returned 0x0 [0138.476] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.476] WbemLocator:IUnknown:Release (This=0x6091c8) returned 0x1 [0138.476] WbemLocator:IUnknown:Release (This=0x6091c8) returned 0x0 [0138.477] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.477] IUnknown:Release (This=0x534a718) returned 0x1 [0138.477] IUnknown:Release (This=0x534a718) returned 0x0 [0138.477] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.477] IUnknown:Release (This=0x53407f8) returned 0x1 [0138.477] IUnknown:Release (This=0x53407f8) returned 0x0 [0138.477] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.477] IUnknown:Release (This=0x5356078) returned 0x1 [0138.477] IUnknown:Release (This=0x5356078) returned 0x0 [0138.478] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.478] IUnknown:Release (This=0x534af10) returned 0x1 [0138.478] IUnknown:Release (This=0x534af10) returned 0x0 [0138.478] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.478] IUnknown:Release (This=0x5340ff0) returned 0x1 [0138.478] IUnknown:Release (This=0x5340ff0) returned 0x0 [0138.478] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.478] IUnknown:Release (This=0x534b708) returned 0x1 [0138.478] IUnknown:Release (This=0x534b708) returned 0x0 [0138.478] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.478] IUnknown:Release (This=0x5329758) returned 0x1 [0138.478] IUnknown:Release (This=0x5329758) returned 0x0 [0138.479] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.479] IUnknown:Release (This=0x5357068) returned 0x1 [0138.479] IUnknown:Release (This=0x5357068) returned 0x0 [0138.479] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.479] IUnknown:Release (This=0x534bf00) returned 0x1 [0138.479] IUnknown:Release (This=0x534bf00) returned 0x0 [0138.479] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.479] IUnknown:Release (This=0x5357860) returned 0x1 [0138.479] IUnknown:Release (This=0x5357860) returned 0x0 [0138.479] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.479] IUnknown:Release (This=0x533fb38) returned 0x1 [0138.479] IUnknown:Release (This=0x533fb38) returned 0x0 [0138.479] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.480] WbemLocator:IUnknown:Release (This=0x609308) returned 0x1 [0138.480] WbemLocator:IUnknown:Release (This=0x609308) returned 0x0 [0138.480] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.480] IUnknown:Release (This=0x5356870) returned 0x1 [0138.480] IUnknown:Release (This=0x5356870) returned 0x0 [0138.480] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.480] IUnknown:Release (This=0x5340330) returned 0x1 [0138.481] IUnknown:Release (This=0x5340330) returned 0x0 [0138.481] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.481] IUnknown:Release (This=0x534aa48) returned 0x1 [0138.481] IUnknown:Release (This=0x534aa48) returned 0x0 [0138.481] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.481] IUnknown:Release (This=0x532be20) returned 0x1 [0138.481] IUnknown:Release (This=0x532be20) returned 0x0 [0138.481] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.481] IUnknown:Release (This=0x5340b28) returned 0x1 [0138.481] IUnknown:Release (This=0x5340b28) returned 0x0 [0138.481] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.481] IUnknown:Release (This=0x534b240) returned 0x1 [0138.481] IUnknown:Release (This=0x534b240) returned 0x0 [0138.482] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.482] IUnknown:Release (This=0x5329bc0) returned 0x1 [0138.482] IUnknown:Release (This=0x5329bc0) returned 0x0 [0138.482] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.482] IUnknown:Release (This=0x5326a88) returned 0x1 [0138.482] IUnknown:Release (This=0x5326a88) returned 0x0 [0138.482] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.482] IUnknown:Release (This=0x5331510) returned 0x1 [0138.482] IUnknown:Release (This=0x5331510) returned 0x0 [0138.482] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.482] IUnknown:Release (This=0x5341320) returned 0x1 [0138.482] IUnknown:Release (This=0x5341320) returned 0x0 [0138.483] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.483] IUnknown:Release (This=0x534ba38) returned 0x1 [0138.483] IUnknown:Release (This=0x534ba38) returned 0x0 [0138.483] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.483] IUnknown:Release (This=0x532c298) returned 0x1 [0138.483] IUnknown:Release (This=0x532c298) returned 0x0 [0138.483] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.483] IUnknown:Release (This=0x5357398) returned 0x1 [0138.483] IUnknown:Release (This=0x5357398) returned 0x0 [0138.483] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.483] IUnknown:Release (This=0x534c230) returned 0x1 [0138.483] IUnknown:Release (This=0x534c230) returned 0x0 [0138.483] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.484] IUnknown:Release (This=0x533f670) returned 0x1 [0138.484] IUnknown:Release (This=0x533f670) returned 0x0 [0138.484] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.484] IUnknown:Release (This=0x533fe68) returned 0x1 [0138.484] IUnknown:Release (This=0x533fe68) returned 0x0 [0138.484] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.484] IUnknown:Release (This=0x532a028) returned 0x1 [0138.484] IUnknown:Release (This=0x532a028) returned 0x0 [0138.484] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.484] IUnknown:Release (This=0x532ef20) returned 0x1 [0138.484] IUnknown:Release (This=0x532ef20) returned 0x0 [0138.484] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.484] IUnknown:Release (This=0x5340660) returned 0x1 [0138.484] IUnknown:Release (This=0x5340660) returned 0x0 [0138.485] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.485] IUnknown:Release (This=0x5355ee0) returned 0x1 [0138.485] IUnknown:Release (This=0x5355ee0) returned 0x0 [0138.485] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.485] IUnknown:Release (This=0x534ad78) returned 0x1 [0138.485] IUnknown:Release (This=0x534ad78) returned 0x0 [0138.485] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.485] IUnknown:Release (This=0x5340e58) returned 0x1 [0138.485] IUnknown:Release (This=0x5340e58) returned 0x0 [0138.485] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.485] IUnknown:Release (This=0x534b570) returned 0x1 [0138.485] IUnknown:Release (This=0x534b570) returned 0x0 [0138.486] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.486] IUnknown:Release (This=0x53579f8) returned 0x1 [0138.486] IUnknown:Release (This=0x53579f8) returned 0x0 [0138.486] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.486] IUnknown:Release (This=0x5356ed0) returned 0x1 [0138.486] IUnknown:Release (This=0x5356ed0) returned 0x0 [0138.486] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.486] IUnknown:Release (This=0x534bd68) returned 0x1 [0138.486] IUnknown:Release (This=0x534bd68) returned 0x0 [0138.486] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.486] IUnknown:Release (This=0x532a928) returned 0x1 [0138.486] IUnknown:Release (This=0x532a928) returned 0x0 [0138.486] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.486] IUnknown:Release (This=0x53563a8) returned 0x1 [0138.487] IUnknown:Release (This=0x53563a8) returned 0x0 [0138.487] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.487] IUnknown:Release (This=0x532a490) returned 0x1 [0138.487] IUnknown:Release (This=0x532a490) returned 0x0 [0138.487] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.487] IUnknown:Release (This=0x533f9a0) returned 0x1 [0138.487] IUnknown:Release (This=0x533f9a0) returned 0x0 [0138.487] IUnknown:Release (This=0x56e6f8) returned 0x0 [0138.487] CoGetContextToken (in: pToken=0xfdf6b4 | out: pToken=0xfdf6b4) returned 0x0 [0138.487] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.487] WbemDefPath:IUnknown:Release (This=0x5dfb30) returned 0x1 [0138.487] WbemDefPath:IUnknown:Release (This=0x5dfb30) returned 0x0 [0138.487] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.487] WbemDefPath:IUnknown:Release (This=0x53537c8) returned 0x1 [0138.487] WbemDefPath:IUnknown:Release (This=0x53537c8) returned 0x0 [0138.488] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.488] WbemDefPath:IUnknown:Release (This=0x53489d8) returned 0x1 [0138.488] WbemDefPath:IUnknown:Release (This=0x53489d8) returned 0x0 [0138.488] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.488] WbemDefPath:IUnknown:Release (This=0x5348658) returned 0x1 [0138.488] WbemDefPath:IUnknown:Release (This=0x5348658) returned 0x0 [0138.488] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.488] WbemDefPath:IUnknown:Release (This=0x532cff8) returned 0x1 [0138.488] WbemDefPath:IUnknown:Release (This=0x532cff8) returned 0x0 [0138.488] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.488] WbemDefPath:IUnknown:Release (This=0x53482d8) returned 0x1 [0138.488] WbemDefPath:IUnknown:Release (This=0x53482d8) returned 0x0 [0138.488] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.488] WbemDefPath:IUnknown:Release (This=0x532cc78) returned 0x1 [0138.488] WbemDefPath:IUnknown:Release (This=0x532cc78) returned 0x0 [0138.489] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.489] WbemDefPath:IUnknown:Release (This=0x53530c8) returned 0x1 [0138.489] WbemDefPath:IUnknown:Release (This=0x53530c8) returned 0x0 [0138.489] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.489] WbemDefPath:IUnknown:Release (This=0x535e6c0) returned 0x1 [0138.489] WbemDefPath:IUnknown:Release (This=0x535e6c0) returned 0x0 [0138.489] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.489] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x1 [0138.489] WbemDefPath:IUnknown:Release (This=0x5df7b0) returned 0x0 [0138.489] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.489] WbemDefPath:IUnknown:Release (This=0x5348e38) returned 0x1 [0138.489] WbemDefPath:IUnknown:Release (This=0x5348e38) returned 0x0 [0138.489] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.489] WbemDefPath:IUnknown:Release (This=0x532cab8) returned 0x1 [0138.489] WbemDefPath:IUnknown:Release (This=0x532cab8) returned 0x0 [0138.490] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.490] WbemDefPath:IUnknown:Release (This=0x532c8f8) returned 0x1 [0138.490] WbemDefPath:IUnknown:Release (This=0x532c8f8) returned 0x0 [0138.490] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.490] WbemDefPath:IUnknown:Release (This=0x5dff90) returned 0x1 [0138.490] WbemDefPath:IUnknown:Release (This=0x5dff90) returned 0x0 [0138.490] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.490] WbemDefPath:IUnknown:Release (This=0x532d0d8) returned 0x1 [0138.490] WbemDefPath:IUnknown:Release (This=0x532d0d8) returned 0x0 [0138.490] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.490] WbemDefPath:IUnknown:Release (This=0x5352d48) returned 0x1 [0138.490] WbemDefPath:IUnknown:Release (This=0x5352d48) returned 0x0 [0138.490] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.490] WbemDefPath:IUnknown:Release (This=0x535e340) returned 0x1 [0138.490] WbemDefPath:IUnknown:Release (This=0x535e340) returned 0x0 [0138.491] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.491] WbemDefPath:IUnknown:Release (This=0x5348ab8) returned 0x1 [0138.491] WbemDefPath:IUnknown:Release (This=0x5348ab8) returned 0x0 [0138.491] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.491] WbemDefPath:IUnknown:Release (This=0x532d458) returned 0x1 [0138.491] WbemDefPath:IUnknown:Release (This=0x532d458) returned 0x0 [0138.491] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.491] WbemDefPath:IUnknown:Release (This=0x53538a8) returned 0x1 [0138.491] WbemDefPath:IUnknown:Release (This=0x53538a8) returned 0x0 [0138.491] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.491] WbemDefPath:IUnknown:Release (This=0x532cf18) returned 0x1 [0138.491] WbemDefPath:IUnknown:Release (This=0x532cf18) returned 0x0 [0138.491] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.491] WbemDefPath:IUnknown:Release (This=0x5348738) returned 0x1 [0138.492] WbemDefPath:IUnknown:Release (This=0x5348738) returned 0x0 [0138.492] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.492] WbemDefPath:IUnknown:Release (This=0x53529c8) returned 0x1 [0138.492] WbemDefPath:IUnknown:Release (This=0x53529c8) returned 0x0 [0138.492] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.492] WbemDefPath:IUnknown:Release (This=0x5e0150) returned 0x1 [0138.492] WbemDefPath:IUnknown:Release (This=0x5e0150) returned 0x0 [0138.492] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.492] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x1 [0138.492] WbemDefPath:IUnknown:Release (This=0x5df890) returned 0x0 [0138.492] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.492] WbemDefPath:IUnknown:Release (This=0x5353528) returned 0x1 [0138.492] WbemDefPath:IUnknown:Release (This=0x5353528) returned 0x0 [0138.493] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.493] WbemDefPath:IUnknown:Release (This=0x53536e8) returned 0x1 [0138.493] WbemDefPath:IUnknown:Release (This=0x53536e8) returned 0x0 [0138.493] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.493] WbemDefPath:IUnknown:Release (This=0x5df9e0) returned 0x1 [0138.493] WbemDefPath:IUnknown:Release (This=0x5df9e0) returned 0x0 [0138.493] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.493] WbemDefPath:IUnknown:Release (This=0x53483b8) returned 0x1 [0138.493] WbemDefPath:IUnknown:Release (This=0x53483b8) returned 0x0 [0138.493] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.493] WbemDefPath:IUnknown:Release (This=0x532cd58) returned 0x1 [0138.493] WbemDefPath:IUnknown:Release (This=0x532cd58) returned 0x0 [0138.493] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.493] WbemDefPath:IUnknown:Release (This=0x535e7a0) returned 0x1 [0138.493] WbemDefPath:IUnknown:Release (This=0x535e7a0) returned 0x0 [0138.494] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.494] WbemDefPath:IUnknown:Release (This=0x5348038) returned 0x1 [0138.494] WbemDefPath:IUnknown:Release (This=0x5348038) returned 0x0 [0138.494] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.494] WbemDefPath:IUnknown:Release (This=0x5348f18) returned 0x1 [0138.494] WbemDefPath:IUnknown:Release (This=0x5348f18) returned 0x0 [0138.494] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.494] WbemDefPath:IUnknown:Release (This=0x532c9d8) returned 0x1 [0138.494] WbemDefPath:IUnknown:Release (This=0x532c9d8) returned 0x0 [0138.494] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.494] WbemDefPath:IUnknown:Release (This=0x5e0070) returned 0x1 [0138.494] WbemDefPath:IUnknown:Release (This=0x5e0070) returned 0x0 [0138.494] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.495] WbemDefPath:IUnknown:Release (This=0x535e420) returned 0x1 [0138.495] WbemDefPath:IUnknown:Release (This=0x535e420) returned 0x0 [0138.495] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.495] WbemDefPath:IUnknown:Release (This=0x5353368) returned 0x1 [0138.495] WbemDefPath:IUnknown:Release (This=0x5353368) returned 0x0 [0138.495] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.495] WbemDefPath:IUnknown:Release (This=0x535e880) returned 0x1 [0138.495] WbemDefPath:IUnknown:Release (This=0x535e880) returned 0x0 [0138.495] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.495] WbemDefPath:IUnknown:Release (This=0x535e5e0) returned 0x1 [0138.495] WbemDefPath:IUnknown:Release (This=0x535e5e0) returned 0x0 [0138.495] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.495] WbemDefPath:IUnknown:Release (This=0x5348b98) returned 0x1 [0138.495] WbemDefPath:IUnknown:Release (This=0x5348b98) returned 0x0 [0138.496] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.496] WbemDefPath:IUnknown:Release (This=0x532d538) returned 0x1 [0138.496] WbemDefPath:IUnknown:Release (This=0x532d538) returned 0x0 [0138.496] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.496] WbemDefPath:IUnknown:Release (This=0x5352aa8) returned 0x1 [0138.496] WbemDefPath:IUnknown:Release (This=0x5352aa8) returned 0x0 [0138.496] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.496] WbemDefPath:IUnknown:Release (This=0x5dfc10) returned 0x1 [0138.496] WbemDefPath:IUnknown:Release (This=0x5dfc10) returned 0x0 [0138.496] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.496] WbemDefPath:IUnknown:Release (This=0x53531a8) returned 0x1 [0138.496] WbemDefPath:IUnknown:Release (This=0x53531a8) returned 0x0 [0138.496] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.496] WbemDefPath:IUnknown:Release (This=0x5348818) returned 0x1 [0138.497] WbemDefPath:IUnknown:Release (This=0x5348818) returned 0x0 [0138.497] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.497] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x1 [0138.497] WbemDefPath:IUnknown:Release (This=0x5df970) returned 0x0 [0138.497] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.497] WbemDefPath:IUnknown:Release (This=0x532d618) returned 0x1 [0138.497] WbemDefPath:IUnknown:Release (This=0x532d618) returned 0x0 [0138.497] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.497] WbemDefPath:IUnknown:Release (This=0x5348498) returned 0x1 [0138.497] WbemDefPath:IUnknown:Release (This=0x5348498) returned 0x0 [0138.497] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.497] WbemDefPath:IUnknown:Release (This=0x532ce38) returned 0x1 [0138.497] WbemDefPath:IUnknown:Release (This=0x532ce38) returned 0x0 [0138.497] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.497] WbemDefPath:IUnknown:Release (This=0x5352e28) returned 0x1 [0138.497] WbemDefPath:IUnknown:Release (This=0x5352e28) returned 0x0 [0138.497] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x5348118) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x5348118) returned 0x0 [0138.498] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x5348c78) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x5348c78) returned 0x0 [0138.498] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x532d1b8) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x532d1b8) returned 0x0 [0138.498] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x5352f08) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x5352f08) returned 0x0 [0138.498] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x535e500) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x535e500) returned 0x0 [0138.498] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x5df820) returned 0x0 [0138.498] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x532c738) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x532c738) returned 0x0 [0138.498] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.498] WbemDefPath:IUnknown:Release (This=0x5dfdd0) returned 0x1 [0138.498] WbemDefPath:IUnknown:Release (This=0x5dfdd0) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x5352b88) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x5352b88) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x535e180) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x535e180) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x5df510) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x5df510) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x53488f8) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x53488f8) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x532d378) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x532d378) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x532d298) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x532d298) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x5348578) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x5348578) returned 0x0 [0138.499] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.499] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x1 [0138.499] WbemDefPath:IUnknown:Release (This=0x5df6d0) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x5353608) returned 0x1 [0138.500] WbemDefPath:IUnknown:Release (This=0x5353608) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x53481f8) returned 0x1 [0138.500] WbemDefPath:IUnknown:Release (This=0x53481f8) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x532cb98) returned 0x1 [0138.500] WbemDefPath:IUnknown:Release (This=0x532cb98) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x5352fe8) returned 0x1 [0138.500] WbemDefPath:IUnknown:Release (This=0x5352fe8) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x5353448) returned 0x1 [0138.500] WbemDefPath:IUnknown:Release (This=0x5353448) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x5dfcf0) returned 0x1 [0138.500] WbemDefPath:IUnknown:Release (This=0x5dfcf0) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x1 [0138.500] WbemDefPath:IUnknown:Release (This=0x5df900) returned 0x0 [0138.500] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.500] WbemDefPath:IUnknown:Release (This=0x5348d58) returned 0x1 [0138.501] WbemDefPath:IUnknown:Release (This=0x5348d58) returned 0x0 [0138.501] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.501] WbemDefPath:IUnknown:Release (This=0x532c818) returned 0x1 [0138.501] WbemDefPath:IUnknown:Release (This=0x532c818) returned 0x0 [0138.501] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.501] WbemDefPath:IUnknown:Release (This=0x5dfeb0) returned 0x1 [0138.501] WbemDefPath:IUnknown:Release (This=0x5dfeb0) returned 0x0 [0138.501] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.501] WbemDefPath:IUnknown:Release (This=0x5352c68) returned 0x1 [0138.501] WbemDefPath:IUnknown:Release (This=0x5352c68) returned 0x0 [0138.501] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.501] WbemDefPath:IUnknown:Release (This=0x535e260) returned 0x1 [0138.501] WbemDefPath:IUnknown:Release (This=0x535e260) returned 0x0 [0138.501] CoGetContextToken (in: pToken=0xfdf638 | out: pToken=0xfdf638) returned 0x0 [0138.501] WbemDefPath:IUnknown:Release (This=0x5353288) returned 0x1 [0138.501] WbemDefPath:IUnknown:Release (This=0x5353288) returned 0x0 Thread: id = 5 os_tid = 0xdd4 Thread: id = 6 os_tid = 0xddc Thread: id = 7 os_tid = 0xde0 [0097.712] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0097.716] SetConsoleCtrlHandler (HandlerRoutine=0x4a0b0e, Add=1) returned 1 [0097.717] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0097.717] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0097.718] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", lpWndClass=0x25b0b1c | out: lpWndClass=0x25b0b1c) returned 0 [0097.722] CoTaskMemAlloc (cb=0x58) returned 0x5c9fb8 [0097.722] RegisterClassW (lpWndClass=0x4f7f678) returned 0xc1bc [0097.723] CoTaskMemFree (pv=0x5c9fb8) [0097.724] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x800cc [0097.725] NtdllDefWindowProc_W () returned 0x1 [0097.726] NtdllDefWindowProc_W () returned 0x0 [0097.726] NtdllDefWindowProc_W () returned 0x0 [0097.726] NtdllDefWindowProc_W () returned 0x0 [0097.726] NtdllDefWindowProc_W () returned 0x0 [0097.727] SetEvent (hEvent=0x270) returned 1 [0097.732] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0097.858] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0098.015] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0098.145] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0098.263] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0098.391] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0098.616] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0098.777] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0099.197] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0099.371] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0099.528] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0099.993] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0100.264] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0102.914] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0103.738] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0104.252] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0104.392] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0104.517] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0104.642] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0104.767] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0104.914] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0105.032] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0105.188] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0105.315] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0105.455] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0105.644] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0105.785] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0105.906] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.030] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.159] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.286] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.405] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.530] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.655] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.779] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0106.917] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0107.036] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0107.159] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0107.289] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0107.419] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0107.575] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0107.731] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0107.870] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0108.308] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0108.498] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0108.698] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0108.904] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0109.026] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0109.151] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0109.275] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0109.400] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0109.525] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0109.652] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0109.915] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.040] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.165] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.291] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.414] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.539] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.685] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.805] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0110.937] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.069] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.194] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.334] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.461] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.584] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.709] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.833] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0111.958] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.083] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.208] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.333] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.458] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.585] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.709] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.833] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0112.957] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.081] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.207] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.336] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.457] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.581] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.706] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.830] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0113.959] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.080] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.205] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.332] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.456] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.579] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.704] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.829] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0114.953] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.091] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.205] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.328] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.454] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.578] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.702] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.827] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0115.952] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0116.077] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0116.205] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0116.326] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0116.451] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0116.638] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0116.779] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0116.904] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0117.028] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0117.153] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0117.403] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0117.527] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0117.652] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0117.777] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0117.902] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.027] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.152] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.277] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.406] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.546] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.666] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.791] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0118.918] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0119.408] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0119.853] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0120.450] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0121.298] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0121.445] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0121.574] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0121.733] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0121.880] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0122.050] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0122.320] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0122.582] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0123.253] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0123.831] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0124.030] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0124.399] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0125.148] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0125.911] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0126.099] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0126.732] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0126.863] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0127.432] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0128.874] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0129.169] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0129.290] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0129.415] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0129.743] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0130.352] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0130.926] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0131.256] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0131.427] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0131.577] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0131.756] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0131.942] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0132.129] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0132.318] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0132.512] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0132.717] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0132.895] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0133.081] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0133.268] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0133.395] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0133.519] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0133.643] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0133.768] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0133.900] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.018] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.142] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.267] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.395] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.516] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.641] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.797] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0134.954] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0135.280] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0135.502] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0135.637] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0135.780] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0135.967] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0136.149] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0136.345] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0136.578] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0136.819] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0137.092] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0137.246] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0137.420] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0137.558] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0137.750] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0137.932] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0138.057] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0138.292] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x0 [0138.405] PeekMessageW (in: lpMsg=0x4f7f764, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4f7f764) returned 1 [0138.407] IsWindow (hWnd=0x800cc) returned 1 [0138.408] GetModuleHandleW (lpModuleName="user32.dll") returned 0x773b0000 [0138.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x4f7f674, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWupÖµ¶¹DþNrD÷÷\x04\x01", lpUsedDefaultChar=0x0) returned 14 [0138.408] GetProcAddress (hModule=0x773b0000, lpProcName="DefWindowProcW") returned 0x77a125dd [0138.409] SetWindowLongW (hWnd=0x800cc, nIndex=-4, dwNewLong=2007049693) returned 4852534 [0138.409] SetClassLongW (hWnd=0x800cc, nIndex=-24, dwNewLong=2007049693) returned 0x4a0b36 [0138.410] IsWindow (hWnd=0x800cc) returned 1 [0138.410] DestroyWindow (hWnd=0x800cc) returned 1 [0138.412] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0138.413] UnregisterClassW (lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", hInstance=0x400000) returned 1 [0138.413] SetConsoleCtrlHandler (HandlerRoutine=0x4a0b0e, Add=0) returned 1 [0138.413] SetEvent (hEvent=0x220) returned 1 [0138.414] CoGetContextToken (in: pToken=0x4f7faac | out: pToken=0x4f7faac) returned 0x0 [0138.414] IUnknown:QueryInterface (in: This=0x56e6f8, riid=0x7258b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f7fad0 | out: ppvObject=0x4f7fad0*=0x56e704) returned 0x0 [0138.414] IComThreadingInfo:GetCurrentThreadType (in: This=0x56e704, pThreadType=0x4f7fafc | out: pThreadType=0x4f7fafc*=0) returned 0x0 [0138.414] IUnknown:Release (This=0x56e704) returned 0x1 [0138.415] CoUninitialize () Thread: id = 8 os_tid = 0xde4 Thread: id = 9 os_tid = 0xde8 Thread: id = 10 os_tid = 0xdec Thread: id = 76 os_tid = 0xe0c Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xa35b000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d101" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 910 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 911 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 912 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 913 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 914 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 915 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 916 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 917 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 918 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 919 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 920 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 921 start_va = 0x190000 end_va = 0x19afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 922 start_va = 0x1a0000 end_va = 0x1acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 923 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 924 start_va = 0x1c0000 end_va = 0x1c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 925 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 926 start_va = 0x1e0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 927 start_va = 0x2e0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 928 start_va = 0x3e0000 end_va = 0x3e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 929 start_va = 0x3f0000 end_va = 0x3f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 930 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 931 start_va = 0x410000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 932 start_va = 0x440000 end_va = 0x443fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 933 start_va = 0x450000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 934 start_va = 0x460000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 935 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 936 start_va = 0x480000 end_va = 0x607fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 937 start_va = 0x610000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 938 start_va = 0x7a0000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 939 start_va = 0x860000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 940 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 941 start_va = 0x8f0000 end_va = 0x90bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 942 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 943 start_va = 0x920000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 944 start_va = 0x930000 end_va = 0x930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 945 start_va = 0x940000 end_va = 0x940fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 946 start_va = 0x980000 end_va = 0x999fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 947 start_va = 0x9a0000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 948 start_va = 0x9b0000 end_va = 0x9b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 949 start_va = 0x9c0000 end_va = 0x9c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 950 start_va = 0x9d0000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 951 start_va = 0xa50000 end_va = 0xab5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 952 start_va = 0xb40000 end_va = 0xb40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 953 start_va = 0xb50000 end_va = 0xbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 954 start_va = 0xbd0000 end_va = 0xe9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 955 start_va = 0xea0000 end_va = 0xea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ea0000" filename = "" Region: id = 956 start_va = 0xeb0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 957 start_va = 0xf30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f30000" filename = "" Region: id = 958 start_va = 0xf40000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f40000" filename = "" Region: id = 959 start_va = 0xf50000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f50000" filename = "" Region: id = 960 start_va = 0xf60000 end_va = 0xf6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f60000" filename = "" Region: id = 961 start_va = 0xf70000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 962 start_va = 0xf80000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 963 start_va = 0xf90000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 964 start_va = 0xfa0000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 965 start_va = 0xfb0000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 966 start_va = 0x1030000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001030000" filename = "" Region: id = 967 start_va = 0x1040000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 968 start_va = 0x1050000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001050000" filename = "" Region: id = 969 start_va = 0x1060000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 970 start_va = 0x1070000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001070000" filename = "" Region: id = 971 start_va = 0x1080000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001080000" filename = "" Region: id = 972 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 973 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 974 start_va = 0x1120000 end_va = 0x1120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 975 start_va = 0x1130000 end_va = 0x1131fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 976 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 977 start_va = 0x11c0000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 978 start_va = 0x1240000 end_va = 0x1240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 979 start_va = 0x1250000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 980 start_va = 0x1260000 end_va = 0x1267fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 981 start_va = 0x1270000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 982 start_va = 0x1280000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 983 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 984 start_va = 0x12a0000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 985 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 986 start_va = 0x12c0000 end_va = 0x12cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 987 start_va = 0x12d0000 end_va = 0x12d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 988 start_va = 0x12e0000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 989 start_va = 0x1360000 end_va = 0x136ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 990 start_va = 0x1370000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Region: id = 991 start_va = 0x1380000 end_va = 0x1387fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 992 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 993 start_va = 0x13d0000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 994 start_va = 0x1460000 end_va = 0x14dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 995 start_va = 0x14e0000 end_va = 0x155ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 996 start_va = 0x1580000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 997 start_va = 0x1630000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 998 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 999 start_va = 0x1750000 end_va = 0x175ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 1000 start_va = 0x1770000 end_va = 0x17effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 1001 start_va = 0x1830000 end_va = 0x18affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 1002 start_va = 0x18c0000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018c0000" filename = "" Region: id = 1003 start_va = 0x1940000 end_va = 0x19bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 1004 start_va = 0x19e0000 end_va = 0x1a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 1005 start_va = 0x1ab0000 end_va = 0x1b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 1006 start_va = 0x1b50000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 1007 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1008 start_va = 0x1c50000 end_va = 0x1ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1009 start_va = 0x1ce0000 end_va = 0x1d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 1010 start_va = 0x1d60000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 1011 start_va = 0x1e60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 1012 start_va = 0x1f90000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 1013 start_va = 0x2080000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1014 start_va = 0x21f0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 1015 start_va = 0x2270000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 1016 start_va = 0x23b0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1017 start_va = 0x23d0000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1018 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1019 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1020 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1021 start_va = 0x2730000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 1022 start_va = 0x27c0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1023 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 1024 start_va = 0x2910000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 1025 start_va = 0x29c0000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 1026 start_va = 0x2a50000 end_va = 0x2b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 1027 start_va = 0x2cc0000 end_va = 0x2d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 1028 start_va = 0x2df0000 end_va = 0x2e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002df0000" filename = "" Region: id = 1029 start_va = 0x2ec0000 end_va = 0x2f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 1030 start_va = 0x2f40000 end_va = 0x2fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 1031 start_va = 0x2fc0000 end_va = 0x307ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1032 start_va = 0x3090000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 1033 start_va = 0x3110000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1034 start_va = 0x3310000 end_va = 0x340ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 1035 start_va = 0x3430000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 1036 start_va = 0x34b0000 end_va = 0x34effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034b0000" filename = "" Region: id = 1037 start_va = 0x34f0000 end_va = 0x352ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034f0000" filename = "" Region: id = 1038 start_va = 0x3540000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 1039 start_va = 0x35c0000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 1040 start_va = 0x3800000 end_va = 0x387ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 1041 start_va = 0x3880000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003880000" filename = "" Region: id = 1042 start_va = 0x3910000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 1043 start_va = 0x3990000 end_va = 0x3a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003990000" filename = "" Region: id = 1044 start_va = 0x3b30000 end_va = 0x3baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 1045 start_va = 0x3bb0000 end_va = 0x3faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 1046 start_va = 0x3fe0000 end_va = 0x405ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fe0000" filename = "" Region: id = 1047 start_va = 0x4060000 end_va = 0x40dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 1048 start_va = 0x4190000 end_va = 0x420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 1049 start_va = 0x4210000 end_va = 0x440ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 1050 start_va = 0x4410000 end_va = 0x450ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004410000" filename = "" Region: id = 1051 start_va = 0x4510000 end_va = 0x458ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004510000" filename = "" Region: id = 1052 start_va = 0x4590000 end_va = 0x468ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 1053 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1054 start_va = 0x4780000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 1055 start_va = 0x4880000 end_va = 0x497ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004880000" filename = "" Region: id = 1056 start_va = 0x4980000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004980000" filename = "" Region: id = 1057 start_va = 0x4a80000 end_va = 0x5a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 1058 start_va = 0x5af0000 end_va = 0x5b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005af0000" filename = "" Region: id = 1059 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1060 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1061 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1062 start_va = 0x779d0000 end_va = 0x779d6fff monitored = 0 entry_point = 0x779d106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1063 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1064 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1065 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1066 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1067 start_va = 0x7fef0560000 end_va = 0x7fef07b2fff monitored = 0 entry_point = 0x7fef056236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1068 start_va = 0x7fef1060000 end_va = 0x7fef106efff monitored = 0 entry_point = 0x7fef1069a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1069 start_va = 0x7fef27b0000 end_va = 0x7fef2881fff monitored = 0 entry_point = 0x7fef2841a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1070 start_va = 0x7fef2890000 end_va = 0x7fef2b09fff monitored = 0 entry_point = 0x7fef28c2200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1071 start_va = 0x7fef4120000 end_va = 0x7fef413bfff monitored = 0 entry_point = 0x7fef41211a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1072 start_va = 0x7fef4140000 end_va = 0x7fef41a1fff monitored = 0 entry_point = 0x7fef4141198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1073 start_va = 0x7fef41b0000 end_va = 0x7fef41e9fff monitored = 0 entry_point = 0x7fef41b1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1074 start_va = 0x7fef4890000 end_va = 0x7fef4900fff monitored = 0 entry_point = 0x7fef48cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1075 start_va = 0x7fef4bd0000 end_va = 0x7fef4becfff monitored = 0 entry_point = 0x7fef4bd2f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 1076 start_va = 0x7fef4bf0000 end_va = 0x7fef4bfbfff monitored = 0 entry_point = 0x7fef4bf602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1077 start_va = 0x7fef4e30000 end_va = 0x7fef4ea0fff monitored = 0 entry_point = 0x7fef4e751d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1078 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1079 start_va = 0x7fef4ed0000 end_va = 0x7fef4f84fff monitored = 0 entry_point = 0x7fef4f4cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1080 start_va = 0x7fef4f90000 end_va = 0x7fef4f97fff monitored = 0 entry_point = 0x7fef4f91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1081 start_va = 0x7fef4fa0000 end_va = 0x7fef4ff9fff monitored = 0 entry_point = 0x7fef4fddde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1082 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1083 start_va = 0x7fef5030000 end_va = 0x7fef509afff monitored = 0 entry_point = 0x7fef5074344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1084 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1085 start_va = 0x7fef50c0000 end_va = 0x7fef5121fff monitored = 0 entry_point = 0x7fef50fbd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1086 start_va = 0x7fef5130000 end_va = 0x7fef525bfff monitored = 0 entry_point = 0x7fef51e0ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1087 start_va = 0x7fef5260000 end_va = 0x7fef5279fff monitored = 0 entry_point = 0x7fef5273fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1088 start_va = 0x7fef5280000 end_va = 0x7fef5303fff monitored = 0 entry_point = 0x7fef52d1118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1089 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1090 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1091 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1092 start_va = 0x7fef5470000 end_va = 0x7fef5488fff monitored = 0 entry_point = 0x7fef5471104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1093 start_va = 0x7fef5490000 end_va = 0x7fef54dffff monitored = 0 entry_point = 0x7fef5491190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1094 start_va = 0x7fef54e0000 end_va = 0x7fef54e7fff monitored = 0 entry_point = 0x7fef54e1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1095 start_va = 0x7fef54f0000 end_va = 0x7fef5514fff monitored = 0 entry_point = 0x7fef5508c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1096 start_va = 0x7fef5520000 end_va = 0x7fef555cfff monitored = 0 entry_point = 0x7fef5521070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1097 start_va = 0x7fef5560000 end_va = 0x7fef55a6fff monitored = 0 entry_point = 0x7fef5561040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1098 start_va = 0x7fef55b0000 end_va = 0x7fef55f1fff monitored = 0 entry_point = 0x7fef55b17e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1099 start_va = 0x7fef5600000 end_va = 0x7fef5610fff monitored = 0 entry_point = 0x7fef56014c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1100 start_va = 0x7fef5620000 end_va = 0x7fef56b1fff monitored = 0 entry_point = 0x7fef56951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1101 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1102 start_va = 0x7fef5740000 end_va = 0x7fef5779fff monitored = 0 entry_point = 0x7fef575d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1103 start_va = 0x7fef5960000 end_va = 0x7fef5970fff monitored = 0 entry_point = 0x7fef5969e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1104 start_va = 0x7fef5a10000 end_va = 0x7fef5a73fff monitored = 0 entry_point = 0x7fef5a11254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1105 start_va = 0x7fef5a80000 end_va = 0x7fef5af0fff monitored = 0 entry_point = 0x7fef5a81010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1106 start_va = 0x7fef5b90000 end_va = 0x7fef5ba6fff monitored = 0 entry_point = 0x7fef5b91060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1107 start_va = 0x7fef5bb0000 end_va = 0x7fef5d5ffff monitored = 0 entry_point = 0x7fef5bb1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1108 start_va = 0x7fef6a50000 end_va = 0x7fef6ac3fff monitored = 0 entry_point = 0x7fef6a566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1109 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1110 start_va = 0x7fef8080000 end_va = 0x7fef8088fff monitored = 0 entry_point = 0x7fef80811a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1111 start_va = 0x7fef81d0000 end_va = 0x7fef8214fff monitored = 0 entry_point = 0x7fef8203644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1112 start_va = 0x7fef8220000 end_va = 0x7fef8234fff monitored = 0 entry_point = 0x7fef8221020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1113 start_va = 0x7fef8840000 end_va = 0x7fef8851fff monitored = 0 entry_point = 0x7fef88490bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1114 start_va = 0x7fef8d20000 end_va = 0x7fef8d96fff monitored = 0 entry_point = 0x7fef8d2afd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1115 start_va = 0x7fef8df0000 end_va = 0x7fef8eddfff monitored = 0 entry_point = 0x7fef8df12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1116 start_va = 0x7fef8ee0000 end_va = 0x7fef8ee9fff monitored = 0 entry_point = 0x7fef8ee260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1117 start_va = 0x7fef8ef0000 end_va = 0x7fef9001fff monitored = 0 entry_point = 0x7fef8f0f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1118 start_va = 0x7fef9010000 end_va = 0x7fef901efff monitored = 0 entry_point = 0x7fef9017e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1119 start_va = 0x7fef9020000 end_va = 0x7fef9028fff monitored = 0 entry_point = 0x7fef9023668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1120 start_va = 0x7fef9030000 end_va = 0x7fef9038fff monitored = 0 entry_point = 0x7fef9031020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1121 start_va = 0x7fef9040000 end_va = 0x7fef9095fff monitored = 0 entry_point = 0x7fef9041040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1122 start_va = 0x7fef90a0000 end_va = 0x7fef90fdfff monitored = 0 entry_point = 0x7fef90a9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1123 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1124 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1125 start_va = 0x7fef9150000 end_va = 0x7fef91a2fff monitored = 0 entry_point = 0x7fef9152b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1126 start_va = 0x7fef91c0000 end_va = 0x7fef91c9fff monitored = 0 entry_point = 0x7fef91c3994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1127 start_va = 0x7fef98b0000 end_va = 0x7fef98f1fff monitored = 0 entry_point = 0x7fef98e0048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1128 start_va = 0x7fef9900000 end_va = 0x7fef9919fff monitored = 0 entry_point = 0x7fef9911ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1129 start_va = 0x7fef9940000 end_va = 0x7fef994efff monitored = 0 entry_point = 0x7fef9946894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1130 start_va = 0x7fefb210000 end_va = 0x7fefb223fff monitored = 0 entry_point = 0x7fefb213e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1131 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1132 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1133 start_va = 0x7fefb270000 end_va = 0x7fefb2d6fff monitored = 0 entry_point = 0x7fefb286060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1134 start_va = 0x7fefb2f0000 end_va = 0x7fefb2fafff monitored = 0 entry_point = 0x7fefb2f4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1135 start_va = 0x7fefb300000 end_va = 0x7fefb30bfff monitored = 0 entry_point = 0x7fefb3015d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1136 start_va = 0x7fefb310000 end_va = 0x7fefb31ffff monitored = 0 entry_point = 0x7fefb31835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1137 start_va = 0x7fefb320000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb3211a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1138 start_va = 0x7fefb340000 end_va = 0x7fefb376fff monitored = 0 entry_point = 0x7fefb348424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1139 start_va = 0x7fefb3c0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3c60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1140 start_va = 0x7fefb3e0000 end_va = 0x7fefb4a1fff monitored = 0 entry_point = 0x7fefb3e101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1141 start_va = 0x7fefb6c0000 end_va = 0x7fefb6d6fff monitored = 0 entry_point = 0x7fefb6c9d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1142 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1143 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1144 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1145 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1146 start_va = 0x7fefb970000 end_va = 0x7fefb985fff monitored = 0 entry_point = 0x7fefb9711a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1147 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1148 start_va = 0x7fefbc00000 end_va = 0x7fefbc34fff monitored = 0 entry_point = 0x7fefbc01064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1149 start_va = 0x7fefc070000 end_va = 0x7fefc0c5fff monitored = 0 entry_point = 0x7fefc07bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1150 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1151 start_va = 0x7fefc200000 end_va = 0x7fefc21cfff monitored = 0 entry_point = 0x7fefc201ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1152 start_va = 0x7fefc250000 end_va = 0x7fefc443fff monitored = 0 entry_point = 0x7fefc3dc924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1153 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1154 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1155 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1156 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1157 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1158 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1159 start_va = 0x7fefcb10000 end_va = 0x7fefcb21fff monitored = 0 entry_point = 0x7fefcb11060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1160 start_va = 0x7fefcb30000 end_va = 0x7fefcb4efff monitored = 0 entry_point = 0x7fefcb35c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1161 start_va = 0x7fefcc00000 end_va = 0x7fefcc38fff monitored = 0 entry_point = 0x7fefcc0c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1162 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1163 start_va = 0x7fefcc50000 end_va = 0x7fefcc5cfff monitored = 0 entry_point = 0x7fefcc51348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1164 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1165 start_va = 0x7fefce30000 end_va = 0x7fefce5ffff monitored = 0 entry_point = 0x7fefce3194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1166 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1167 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1168 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1169 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1170 start_va = 0x7fefd150000 end_va = 0x7fefd181fff monitored = 0 entry_point = 0x7fefd15144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1171 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1172 start_va = 0x7fefd210000 end_va = 0x7fefd23efff monitored = 0 entry_point = 0x7fefd211064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1173 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1174 start_va = 0x7fefd2c0000 end_va = 0x7fefd2d3fff monitored = 0 entry_point = 0x7fefd2c4160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1175 start_va = 0x7fefd520000 end_va = 0x7fefd527fff monitored = 0 entry_point = 0x7fefd522a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1176 start_va = 0x7fefd530000 end_va = 0x7fefd539fff monitored = 0 entry_point = 0x7fefd533b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1177 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1178 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1179 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1180 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1181 start_va = 0x7fefd650000 end_va = 0x7fefd6e0fff monitored = 0 entry_point = 0x7fefd651440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1182 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1183 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1184 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1185 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1186 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1187 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1188 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1189 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1190 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1191 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1192 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1193 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1194 start_va = 0x7fefdee0000 end_va = 0x7fefec67fff monitored = 0 entry_point = 0x7fefdf5cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1195 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1196 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1197 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1198 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1199 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1200 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1201 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1202 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1203 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1204 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1205 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1206 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1207 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1208 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1209 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1210 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 1211 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 1212 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 1213 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1214 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 1215 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 1216 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 1217 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1218 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1219 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1220 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 1221 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1222 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 1223 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 1224 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 1225 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1226 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1227 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1228 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1229 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1230 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1231 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1232 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1233 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1234 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1235 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1236 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1237 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1238 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1239 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1240 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1241 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1242 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1243 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1244 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1245 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1246 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1247 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1248 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1249 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1250 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1251 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 1392 start_va = 0x2130000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1393 start_va = 0x2d50000 end_va = 0x2dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 1394 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1395 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1396 start_va = 0x7fef14e0000 end_va = 0x7fef16b3fff monitored = 0 entry_point = 0x7fef1516b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1397 start_va = 0x5b70000 end_va = 0x5d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b70000" filename = "" Region: id = 1398 start_va = 0x2b50000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 1399 start_va = 0x2b50000 end_va = 0x2c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 1400 start_va = 0x2c40000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 1401 start_va = 0x5d70000 end_va = 0x616ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d70000" filename = "" Region: id = 1402 start_va = 0x950000 end_va = 0x950fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1403 start_va = 0x960000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1404 start_va = 0x7fef89f0000 end_va = 0x7fef8a6bfff monitored = 0 entry_point = 0x7fef89f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1405 start_va = 0x1600000 end_va = 0x168ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1406 start_va = 0xac0000 end_va = 0xac2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1407 start_va = 0xad0000 end_va = 0xadffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1408 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1409 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1410 start_va = 0xad0000 end_va = 0xadffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1411 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1412 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1414 start_va = 0x2df0000 end_va = 0x2e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002df0000" filename = "" Region: id = 1415 start_va = 0x36e0000 end_va = 0x375ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 1416 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1417 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1418 start_va = 0x40e0000 end_va = 0x4189fff monitored = 0 entry_point = 0x40e4104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1419 start_va = 0xad0000 end_va = 0xadcfff monitored = 0 entry_point = 0xada138 region_type = mapped_file name = "wuauclt.exe" filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe") Region: id = 1420 start_va = 0x6170000 end_va = 0x63befff monitored = 0 entry_point = 0x617236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1421 start_va = 0xad0000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 1422 start_va = 0x3a90000 end_va = 0x3b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a90000" filename = "" Region: id = 1423 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1424 start_va = 0xad0000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 1435 start_va = 0xae0000 end_va = 0xaeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1436 start_va = 0xaf0000 end_va = 0xafffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2096 start_va = 0xb00000 end_va = 0xb02fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 2768 start_va = 0x2100000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2769 start_va = 0x2d90000 end_va = 0x2e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Thread: id = 11 os_tid = 0xd58 Thread: id = 12 os_tid = 0xd54 Thread: id = 13 os_tid = 0xce4 Thread: id = 14 os_tid = 0xcd8 Thread: id = 15 os_tid = 0x82c Thread: id = 16 os_tid = 0x180 Thread: id = 17 os_tid = 0x728 Thread: id = 18 os_tid = 0x4a4 Thread: id = 19 os_tid = 0x5bc Thread: id = 20 os_tid = 0x484 Thread: id = 21 os_tid = 0x12c Thread: id = 22 os_tid = 0x18c Thread: id = 23 os_tid = 0x110 Thread: id = 24 os_tid = 0x544 Thread: id = 25 os_tid = 0x224 Thread: id = 26 os_tid = 0x444 Thread: id = 27 os_tid = 0x440 Thread: id = 28 os_tid = 0x76c Thread: id = 29 os_tid = 0x748 Thread: id = 30 os_tid = 0x730 Thread: id = 31 os_tid = 0x724 Thread: id = 32 os_tid = 0x6fc Thread: id = 33 os_tid = 0x6e8 Thread: id = 34 os_tid = 0x6e0 Thread: id = 35 os_tid = 0x6c0 Thread: id = 36 os_tid = 0x6ac Thread: id = 37 os_tid = 0x694 Thread: id = 38 os_tid = 0x4b0 Thread: id = 39 os_tid = 0x4ac Thread: id = 40 os_tid = 0x49c Thread: id = 41 os_tid = 0x498 Thread: id = 42 os_tid = 0x48c Thread: id = 43 os_tid = 0x1bc Thread: id = 44 os_tid = 0x120 Thread: id = 45 os_tid = 0x3f0 Thread: id = 46 os_tid = 0x3e4 Thread: id = 47 os_tid = 0x3d8 Thread: id = 48 os_tid = 0x380 Thread: id = 49 os_tid = 0x37c Thread: id = 50 os_tid = 0x378 Thread: id = 51 os_tid = 0x36c Thread: id = 52 os_tid = 0x364 Thread: id = 70 os_tid = 0xdf0 Thread: id = 71 os_tid = 0xdf4 Thread: id = 72 os_tid = 0xdf8 Thread: id = 73 os_tid = 0xdfc Thread: id = 74 os_tid = 0xe00 Thread: id = 75 os_tid = 0xe04 Thread: id = 77 os_tid = 0xe10 Thread: id = 78 os_tid = 0xe14 Thread: id = 79 os_tid = 0xe18 Thread: id = 81 os_tid = 0xe38 Thread: id = 83 os_tid = 0xe5c Thread: id = 108 os_tid = 0xe80 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4ed8d000" os_pid = "0xb24" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x248" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004923d" [0xc000000f] Region: id = 1256 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1257 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1258 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1259 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1260 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1261 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1262 start_va = 0xd0000 end_va = 0xd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1263 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1264 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1265 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 1266 start_va = 0x110000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1267 start_va = 0x190000 end_va = 0x19cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1268 start_va = 0x1c0000 end_va = 0x1c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1269 start_va = 0x230000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1270 start_va = 0x330000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 1271 start_va = 0x430000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1272 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1273 start_va = 0x530000 end_va = 0x6b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1274 start_va = 0x6c0000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1275 start_va = 0x850000 end_va = 0xb1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1276 start_va = 0xb90000 end_va = 0xc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 1277 start_va = 0xc60000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 1278 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 1279 start_va = 0xdd0000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 1280 start_va = 0xed0000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 1281 start_va = 0xf60000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1282 start_va = 0x1060000 end_va = 0x10dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1283 start_va = 0x1100000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 1284 start_va = 0x1180000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1285 start_va = 0x72c90000 end_va = 0x72c92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1286 start_va = 0x72de0000 end_va = 0x72de2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1287 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1288 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1289 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1290 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1291 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1292 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1293 start_va = 0x13fa50000 end_va = 0x13fabbfff monitored = 0 entry_point = 0x13fa8b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1294 start_va = 0x7fef0df0000 end_va = 0x7fef0df9fff monitored = 0 entry_point = 0x7fef0df31c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1295 start_va = 0x7fef0e00000 end_va = 0x7fef0ff9fff monitored = 0 entry_point = 0x7fef0e14c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1296 start_va = 0x7fef1050000 end_va = 0x7fef1057fff monitored = 0 entry_point = 0x7fef10511a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1297 start_va = 0x7fef1070000 end_va = 0x7fef1081fff monitored = 0 entry_point = 0x7fef107aab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1298 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1299 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1300 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1301 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1302 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1303 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1304 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1305 start_va = 0x7fef96a0000 end_va = 0x7fef96e2fff monitored = 0 entry_point = 0x7fef96c1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1306 start_va = 0x7fef99e0000 end_va = 0x7fef99eefff monitored = 0 entry_point = 0x7fef99e1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1307 start_va = 0x7fefb300000 end_va = 0x7fefb30bfff monitored = 0 entry_point = 0x7fefb3015d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1308 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1309 start_va = 0x7fefb920000 end_va = 0x7fefb933fff monitored = 0 entry_point = 0x7fefb9216b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1310 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1311 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1312 start_va = 0x7fefb970000 end_va = 0x7fefb985fff monitored = 0 entry_point = 0x7fefb9711a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1313 start_va = 0x7fefbaa0000 end_va = 0x7fefbab0fff monitored = 0 entry_point = 0x7fefbaa1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1314 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1315 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1316 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1317 start_va = 0x7fefcdd0000 end_va = 0x7fefce26fff monitored = 0 entry_point = 0x7fefcdd5e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1318 start_va = 0x7fefce30000 end_va = 0x7fefce5ffff monitored = 0 entry_point = 0x7fefce3194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1319 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1320 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1321 start_va = 0x7fefd540000 end_va = 0x7fefd562fff monitored = 0 entry_point = 0x7fefd541198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1322 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1323 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1324 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1325 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1326 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1327 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1328 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1329 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1330 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1331 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1332 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1333 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1334 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1335 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1336 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1337 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1338 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1339 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1340 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1341 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1342 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1343 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1344 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1345 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1346 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1347 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1348 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1349 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1350 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1351 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1352 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1353 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1354 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1355 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1356 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1357 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1358 start_va = 0x7fffffda000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1359 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1360 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1413 start_va = 0x7fef4990000 end_va = 0x7fef49bbfff monitored = 0 entry_point = 0x7fef49a8194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 1433 start_va = 0x1a0000 end_va = 0x1a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1434 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1437 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1438 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1439 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1440 start_va = 0x1d0000 end_va = 0x223fff monitored = 0 entry_point = 0x1e3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1441 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1442 start_va = 0x1d0000 end_va = 0x223fff monitored = 0 entry_point = 0x1e3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1443 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1444 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x1ea06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1445 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1446 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x1ea06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1447 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1448 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x1ea06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1449 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1450 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x1ea06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1451 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1452 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1453 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1454 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1455 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1456 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1457 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1458 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1459 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1460 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1461 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1462 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1463 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1464 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1465 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1466 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1467 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1468 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x2168c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1469 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1470 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x2168c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1471 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1472 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1473 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1474 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1475 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1476 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1477 start_va = 0x1d0000 end_va = 0x1f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1478 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1479 start_va = 0x1d0000 end_va = 0x1f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1480 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1481 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1482 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1483 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1484 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1485 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1486 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1487 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1488 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1489 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1490 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1491 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1492 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1493 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1494 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1495 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1496 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1497 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1498 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1499 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1500 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1501 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1502 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1503 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1504 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1505 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1506 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1507 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1508 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1509 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1510 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1511 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1512 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1513 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1514 start_va = 0x1d0000 end_va = 0x21ffff monitored = 0 entry_point = 0x1d2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1515 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1516 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1517 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1518 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1519 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1520 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1521 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1522 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1523 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1524 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1525 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1526 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1527 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1528 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1529 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1530 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1531 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1532 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1533 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1534 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1535 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1536 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1537 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1538 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1539 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1540 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1541 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1542 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1543 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1544 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1545 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1546 start_va = 0x1d0000 end_va = 0x1e9fff monitored = 1 entry_point = 0x1d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1547 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1548 start_va = 0x1d0000 end_va = 0x1f7fff monitored = 0 entry_point = 0x1d1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 1549 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 1550 start_va = 0x1d0000 end_va = 0x1f7fff monitored = 0 entry_point = 0x1d1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 1551 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 1552 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1553 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1554 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1555 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1556 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1557 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1558 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1559 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1560 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1561 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1562 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1563 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1564 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1565 start_va = 0x1d0000 end_va = 0x1ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1566 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1567 start_va = 0x1d0000 end_va = 0x1ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1568 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 1569 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 1570 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1571 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1572 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1573 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1574 start_va = 0x1d0000 end_va = 0x217fff monitored = 0 entry_point = 0x20fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1575 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1576 start_va = 0x1d0000 end_va = 0x217fff monitored = 0 entry_point = 0x20fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1577 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1578 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1579 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1580 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1581 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1582 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1583 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1584 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1585 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1586 start_va = 0x1d0000 end_va = 0x221fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui") Region: id = 1587 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1588 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1589 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1590 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1591 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1592 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1593 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1594 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1595 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 1596 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 1597 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 1598 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 1599 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1600 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1601 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1602 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1603 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1604 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1605 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1606 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1607 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1608 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1609 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1610 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1611 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1612 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1613 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1614 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1615 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1616 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1617 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1618 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1619 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1620 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1621 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1622 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1623 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1624 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1625 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1626 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1627 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1628 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1629 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1630 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1631 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1632 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1633 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1634 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1635 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1636 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1637 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1638 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1639 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1640 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1641 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1642 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1643 start_va = 0x4f0000 end_va = 0x518fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1644 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1645 start_va = 0x4f0000 end_va = 0x518fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1646 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1647 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1648 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1649 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1650 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1651 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1652 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1653 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1654 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1655 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1656 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1657 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1658 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1659 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1660 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1661 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1662 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1663 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1664 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1665 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1666 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1667 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1668 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1669 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1670 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1671 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1672 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1673 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1674 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1675 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1676 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1677 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1678 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1679 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1680 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1681 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1682 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1683 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1684 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1685 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1686 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1687 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1688 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1689 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1690 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1691 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1692 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1693 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1694 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1695 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1696 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1697 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1698 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1699 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1700 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1701 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1702 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1703 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1704 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1705 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1706 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1707 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1708 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1709 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1710 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1711 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1712 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1713 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1714 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1715 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1716 start_va = 0x4f0000 end_va = 0x517fff monitored = 0 entry_point = 0x4f1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 1717 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 1718 start_va = 0x4f0000 end_va = 0x517fff monitored = 0 entry_point = 0x4f1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 1719 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 1720 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1721 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1722 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1723 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1724 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1725 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1726 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1727 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1728 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1729 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1730 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1731 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1732 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1733 start_va = 0x4f0000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1734 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1735 start_va = 0x4f0000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1736 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1737 start_va = 0x4f0000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1738 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 1739 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 1740 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1741 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1742 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1743 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1744 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1745 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1746 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1747 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1748 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1749 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1750 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1751 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1752 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1753 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1754 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1755 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1756 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1757 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1758 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1759 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1760 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1761 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1762 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1763 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1764 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 1765 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 1766 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 1767 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 1768 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1769 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1770 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1771 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1772 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1773 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1774 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1775 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1776 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1777 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1778 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1779 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1780 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1781 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1782 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1783 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1784 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1785 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1786 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1787 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1788 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1789 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1790 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1791 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1792 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1793 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1794 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1795 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1796 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1797 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1798 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1799 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1800 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1801 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1802 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1803 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1804 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1805 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1806 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1807 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1808 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1809 start_va = 0x4f0000 end_va = 0x518fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1810 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1811 start_va = 0x4f0000 end_va = 0x518fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1812 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1813 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1814 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1815 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1816 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1817 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1818 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1819 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1820 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1821 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1822 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1823 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1824 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1825 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1826 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1827 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1828 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1829 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1830 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1831 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1832 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1833 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1834 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1835 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1836 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1837 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1838 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1839 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1840 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1841 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1842 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1843 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1844 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1845 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1846 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1847 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1848 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1849 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1850 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1851 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1852 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1853 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1854 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1855 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1856 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1857 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1858 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1859 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1860 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1861 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1862 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1863 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1864 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1865 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1866 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1867 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1868 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1869 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1870 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1871 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1872 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1873 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1874 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1875 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1876 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1877 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1878 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1879 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1880 start_va = 0x4f0000 end_va = 0x517fff monitored = 0 entry_point = 0x4f1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 1881 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 1882 start_va = 0x4f0000 end_va = 0x517fff monitored = 0 entry_point = 0x4f1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 1883 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 1884 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1885 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1886 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1887 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1888 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1889 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1890 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1891 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1892 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1893 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1894 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 1895 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 1896 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1897 start_va = 0x4f0000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1898 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1899 start_va = 0x4f0000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1900 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 1901 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 1902 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1903 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1904 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1905 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1906 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1907 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1908 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1909 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1910 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1911 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1912 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1913 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1914 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1915 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1916 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1917 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1918 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1919 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1920 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1921 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1922 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1923 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1924 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1925 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1926 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 1927 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 1928 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 1929 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 1930 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1931 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1932 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1933 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1934 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1935 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1936 start_va = 0xb20000 end_va = 0xb73fff monitored = 0 entry_point = 0xb33450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 1937 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 1938 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1939 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1940 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1941 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1942 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1943 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1944 start_va = 0x4f0000 end_va = 0x510fff monitored = 0 entry_point = 0x50a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1945 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1946 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1947 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1948 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1949 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1950 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1951 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1952 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1953 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1954 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1955 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1956 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1957 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1958 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1959 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1960 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1961 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1962 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1963 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1964 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb668c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1965 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1966 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1967 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1968 start_va = 0x1280000 end_va = 0x135bfff monitored = 0 entry_point = 0x12f5ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1969 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1970 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1971 start_va = 0x4f0000 end_va = 0x518fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1972 start_va = 0x1280000 end_va = 0x1361fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1973 start_va = 0x4f0000 end_va = 0x518fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1974 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1975 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1976 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1977 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1978 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1979 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1980 start_va = 0x1280000 end_va = 0x1328fff monitored = 0 entry_point = 0x12918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1981 start_va = 0x1b0000 end_va = 0x1b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1982 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1983 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1984 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1985 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1986 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1987 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1988 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1989 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1990 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1991 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1992 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1993 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1994 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1995 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1996 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1997 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1998 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1999 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2000 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2001 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2002 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2003 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2004 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2005 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2006 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2007 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2008 start_va = 0xb20000 end_va = 0xb6ffff monitored = 0 entry_point = 0xb22b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2009 start_va = 0x4f0000 end_va = 0x502fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2010 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2011 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2012 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2013 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2014 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2015 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2016 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2017 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2018 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2019 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2020 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2021 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2022 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2023 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2024 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2025 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2026 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2027 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2028 start_va = 0x1280000 end_va = 0x130afff monitored = 0 entry_point = 0x12f51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2029 start_va = 0x1b0000 end_va = 0x1b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2030 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2031 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2032 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2033 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2034 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2035 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2036 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2037 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2038 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2039 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2040 start_va = 0x4f0000 end_va = 0x509fff monitored = 1 entry_point = 0x4f1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2041 start_va = 0x1b0000 end_va = 0x1bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2042 start_va = 0x4f0000 end_va = 0x517fff monitored = 0 entry_point = 0x4f1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2043 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2044 start_va = 0x4f0000 end_va = 0x517fff monitored = 0 entry_point = 0x4f1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2045 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2046 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2047 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2048 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2049 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2050 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2051 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2052 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2053 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2054 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2055 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2056 start_va = 0x1b0000 end_va = 0x1bafff monitored = 0 entry_point = 0x1b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2057 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2058 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2059 start_va = 0x4f0000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2060 start_va = 0x1b0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2061 start_va = 0x4f0000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2062 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2063 start_va = 0x1280000 end_va = 0x2074fff monitored = 0 entry_point = 0x1363268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2064 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2065 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2066 start_va = 0x1280000 end_va = 0x1329fff monitored = 0 entry_point = 0x1294100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2067 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2068 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2069 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2070 start_va = 0xb20000 end_va = 0xb67fff monitored = 0 entry_point = 0xb5fd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2071 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2072 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2073 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2074 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2075 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2076 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2077 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2078 start_va = 0x1280000 end_va = 0x1368fff monitored = 0 entry_point = 0x135906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2079 start_va = 0x1b0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2080 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2081 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2082 start_va = 0x1280000 end_va = 0x13ccfff monitored = 0 entry_point = 0x1382a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2083 start_va = 0x1b0000 end_va = 0x1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2084 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2085 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2086 start_va = 0x1b0000 end_va = 0x1befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2087 start_va = 0xb20000 end_va = 0xb79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2088 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2089 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2090 start_va = 0x1b0000 end_va = 0x1bffff monitored = 0 entry_point = 0x1ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2091 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2092 start_va = 0x7fef9140000 end_va = 0x7fef914afff monitored = 0 entry_point = 0x7fef91446ec region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 2093 start_va = 0xe50000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 2094 start_va = 0x1280000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 2095 start_va = 0x1380000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 2196 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2197 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2198 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2199 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2200 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2201 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2202 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2203 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2204 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2205 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2206 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2207 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2208 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2209 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2210 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2211 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2212 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2213 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2214 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2215 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2216 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2217 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2218 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2219 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2220 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2221 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2222 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2223 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2224 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2225 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2226 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2227 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2228 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2229 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2230 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2231 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2232 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2233 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2234 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2235 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2236 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2237 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2238 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2239 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2240 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2241 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2242 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2243 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2244 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2245 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2246 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2247 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2248 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2249 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2250 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2251 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2252 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2253 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2254 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2255 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2256 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2257 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2258 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2259 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2260 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2261 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2262 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2263 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2264 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2265 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2266 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2267 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2268 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2269 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2270 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2271 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2272 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2273 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2274 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2275 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2276 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2277 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2278 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2279 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2280 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2281 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2282 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2283 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2284 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2285 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2286 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2287 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2288 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2289 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2290 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2291 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2292 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2293 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2294 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2295 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2296 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2297 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2298 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2299 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2300 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2301 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2302 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2303 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2304 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2305 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2306 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2307 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2308 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2309 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2310 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2311 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2312 start_va = 0x500000 end_va = 0x506fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2313 start_va = 0x4f0000 end_va = 0x4f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 2314 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2315 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2316 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2317 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2318 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2319 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2320 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2321 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2322 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2323 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2324 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2325 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2326 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2327 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2328 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2329 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2330 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2331 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2332 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2333 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2334 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2335 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2336 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2337 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2338 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2339 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2340 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2341 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2342 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2343 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2344 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2345 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2346 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2347 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2348 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2349 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2350 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2351 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2352 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2353 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2354 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2355 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2356 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2357 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2358 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2359 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2360 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2361 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2362 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2363 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2364 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2365 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2366 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2367 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2368 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2369 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2370 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2371 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2372 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2373 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2374 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2375 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2376 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2377 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2378 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2379 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2380 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2381 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2382 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2383 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2384 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2385 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2386 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2387 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2388 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2389 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2390 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2391 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2392 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2393 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2394 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2395 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2396 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2397 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2398 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2399 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2400 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2401 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2402 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2403 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2404 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2405 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2406 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2407 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2408 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2409 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2410 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2411 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2412 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2413 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2414 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2415 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2416 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2417 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2418 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2419 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2420 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2421 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2422 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2423 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2424 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2425 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2426 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2427 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2428 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2429 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2430 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2431 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2432 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2433 start_va = 0x510000 end_va = 0x516fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2434 start_va = 0x500000 end_va = 0x505fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2435 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2436 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2437 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2438 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2439 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2440 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2441 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2442 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2443 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2444 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2445 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2446 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2447 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2448 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2449 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2450 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2451 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2452 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2453 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2454 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2455 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2456 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2457 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2458 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2459 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2460 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2461 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2462 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2463 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2464 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2465 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2466 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2467 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2468 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2469 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2470 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2471 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2472 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2473 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2474 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2475 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2476 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2477 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2478 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2479 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2480 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2481 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2482 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2483 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2484 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2485 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2486 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2487 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2488 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2489 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2490 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2491 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2492 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2493 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2494 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2495 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2496 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2497 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2498 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2499 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2500 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2501 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2502 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2503 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2504 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2505 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2506 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2507 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2508 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2509 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2510 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2511 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2512 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2513 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2514 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2515 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2516 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2517 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2518 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2519 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2520 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2521 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2522 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2523 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2524 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2525 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2526 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2527 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2528 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2529 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2530 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2531 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2532 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2533 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2534 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2535 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2536 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2537 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2538 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2539 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2540 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2541 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2542 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2543 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2544 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2545 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2546 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2547 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2548 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2549 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2550 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2551 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2552 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2553 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2554 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2555 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2556 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2557 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2558 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2559 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2560 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2561 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2562 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2563 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2564 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2565 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2566 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2567 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2568 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2569 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2570 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2571 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2572 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2573 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2574 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2575 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2576 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2577 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2578 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2579 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2580 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2581 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2582 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2583 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2584 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2585 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2586 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2587 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2588 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2589 start_va = 0x510000 end_va = 0x510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 2590 start_va = 0xb20000 end_va = 0xb26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 2604 start_va = 0x1080000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Thread: id = 53 os_tid = 0xb4 Thread: id = 54 os_tid = 0x5d0 Thread: id = 55 os_tid = 0x53c Thread: id = 56 os_tid = 0x818 Thread: id = 57 os_tid = 0x804 Thread: id = 58 os_tid = 0x39c Thread: id = 59 os_tid = 0x738 Thread: id = 60 os_tid = 0xb58 Thread: id = 61 os_tid = 0xb20 Thread: id = 82 os_tid = 0xe3c Thread: id = 109 os_tid = 0xe84 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x66280000" os_pid = "0x4f4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x248" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d101" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2108 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2109 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2110 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2111 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2112 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2113 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2114 start_va = 0x140000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2115 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2116 start_va = 0x250000 end_va = 0x254fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2117 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2118 start_va = 0x270000 end_va = 0x270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 2119 start_va = 0x280000 end_va = 0x280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 2120 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2121 start_va = 0x390000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 2122 start_va = 0x470000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2123 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2124 start_va = 0x500000 end_va = 0x687fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2125 start_va = 0x690000 end_va = 0x810fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 2126 start_va = 0x820000 end_va = 0xaeefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2127 start_va = 0xb10000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 2128 start_va = 0xbd0000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 2129 start_va = 0xc60000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 2130 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 2131 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2132 start_va = 0x10f0000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 2133 start_va = 0x1170000 end_va = 0x126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 2134 start_va = 0x1320000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 2135 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2136 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2137 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2138 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2139 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2140 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2141 start_va = 0x13fa50000 end_va = 0x13fabbfff monitored = 0 entry_point = 0x13fa8b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2142 start_va = 0x7fef0d70000 end_va = 0x7fef0dbdfff monitored = 0 entry_point = 0x7fef0d71198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 2143 start_va = 0x7fef0dc0000 end_va = 0x7fef0de4fff monitored = 0 entry_point = 0x7fef0dd8d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 2144 start_va = 0x7fef4eb0000 end_va = 0x7fef4ec1fff monitored = 0 entry_point = 0x7fef4eb89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2145 start_va = 0x7fef5000000 end_va = 0x7fef5020fff monitored = 0 entry_point = 0x7fef50103b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2146 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2147 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2148 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2149 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2150 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2151 start_va = 0x7fef8290000 end_va = 0x7fef8315fff monitored = 0 entry_point = 0x7fef829ffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2152 start_va = 0x7fef8320000 end_va = 0x7fef835bfff monitored = 0 entry_point = 0x7fef8345aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 2153 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2154 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2155 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2156 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2157 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2158 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2159 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2160 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2161 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2162 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2163 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2164 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2165 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2166 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2167 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2168 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2169 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2170 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2171 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2172 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2173 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2174 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2175 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2176 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2177 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2178 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2179 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2180 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2181 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2182 start_va = 0x7fffffd6000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2183 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2184 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2185 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2602 start_va = 0xe80000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 2603 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Thread: id = 62 os_tid = 0x634 Thread: id = 63 os_tid = 0x4fc Thread: id = 64 os_tid = 0x354 Thread: id = 65 os_tid = 0x3c4 Thread: id = 66 os_tid = 0x34c Thread: id = 67 os_tid = 0x584 Thread: id = 68 os_tid = 0x268 Thread: id = 69 os_tid = 0x304 Thread: id = 80 os_tid = 0xe28 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xdb4d000" os_pid = "0x2c0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x1c8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7ac" [0xc000000f], "LOCAL" [0x7] Region: id = 2605 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2606 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2607 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2608 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2609 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2610 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2611 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2612 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2613 start_va = 0x160000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2614 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2615 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2616 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2617 start_va = 0x380000 end_va = 0x507fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2618 start_va = 0x510000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2619 start_va = 0x6a0000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2620 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2621 start_va = 0x7a0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 2622 start_va = 0x7c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2623 start_va = 0x840000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 2624 start_va = 0x860000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 2625 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 2626 start_va = 0x890000 end_va = 0x891fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2627 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 2628 start_va = 0x8b0000 end_va = 0x8b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 2629 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2630 start_va = 0xa80000 end_va = 0xd4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2631 start_va = 0xd50000 end_va = 0xdb1fff monitored = 0 entry_point = 0xd608d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2632 start_va = 0xdc0000 end_va = 0xdc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 2633 start_va = 0xdd0000 end_va = 0xdd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 2634 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 2635 start_va = 0xdf0000 end_va = 0xdf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 2636 start_va = 0xe00000 end_va = 0xe00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2637 start_va = 0xe10000 end_va = 0xe10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e10000" filename = "" Region: id = 2638 start_va = 0xe20000 end_va = 0xe27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 2639 start_va = 0xe30000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 2640 start_va = 0xf80000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 2641 start_va = 0x1030000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 2642 start_va = 0x10b0000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 2643 start_va = 0x1150000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 2644 start_va = 0x1220000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 2645 start_va = 0x1330000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 2646 start_va = 0x13e0000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 2647 start_va = 0x14d0000 end_va = 0x154ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 2648 start_va = 0x1550000 end_va = 0x174ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 2649 start_va = 0x1750000 end_va = 0x17cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 2650 start_va = 0x17e0000 end_va = 0x185ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017e0000" filename = "" Region: id = 2651 start_va = 0x1870000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 2652 start_va = 0x18f0000 end_va = 0x196ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 2653 start_va = 0x1990000 end_va = 0x1a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 2654 start_va = 0x1b10000 end_va = 0x1b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b10000" filename = "" Region: id = 2655 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 2656 start_va = 0x1c70000 end_va = 0x1ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2657 start_va = 0x1cf0000 end_va = 0x20f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 2658 start_va = 0x2100000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2659 start_va = 0x2500000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 2660 start_va = 0x25b0000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2661 start_va = 0x2670000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 2662 start_va = 0x2780000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 2663 start_va = 0x2a00000 end_va = 0x2a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2664 start_va = 0x2a80000 end_va = 0x2b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 2665 start_va = 0x2b80000 end_va = 0x337ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 2666 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2667 start_va = 0x776e0000 end_va = 0x777fefff monitored = 0 entry_point = 0x776f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2668 start_va = 0x77800000 end_va = 0x779a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2669 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2670 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2671 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2672 start_va = 0xff030000 end_va = 0xff082fff monitored = 0 entry_point = 0xff043310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 2673 start_va = 0xff300000 end_va = 0xff30afff monitored = 0 entry_point = 0xff30246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2674 start_va = 0xff430000 end_va = 0xff491fff monitored = 0 entry_point = 0xff4408d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2675 start_va = 0x7fef07c0000 end_va = 0x7fef08e4fff monitored = 0 entry_point = 0x7fef0811570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 2676 start_va = 0x7fef0990000 end_va = 0x7fef09abfff monitored = 0 entry_point = 0x7fef0991060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2677 start_va = 0x7fef0c50000 end_va = 0x7fef0cfdfff monitored = 0 entry_point = 0x7fef0c54104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2678 start_va = 0x7fef50a0000 end_va = 0x7fef50b2fff monitored = 0 entry_point = 0x7fef50a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2679 start_va = 0x7fef5310000 end_va = 0x7fef531dfff monitored = 0 entry_point = 0x7fef5315500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2680 start_va = 0x7fef5320000 end_va = 0x7fef5346fff monitored = 0 entry_point = 0x7fef53211a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2681 start_va = 0x7fef5350000 end_va = 0x7fef5422fff monitored = 0 entry_point = 0x7fef53c8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2682 start_va = 0x7fef56c0000 end_va = 0x7fef5736fff monitored = 0 entry_point = 0x7fef56fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2683 start_va = 0x7fef7f60000 end_va = 0x7fef7f7afff monitored = 0 entry_point = 0x7fef7f61198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2684 start_va = 0x7fef85d0000 end_va = 0x7fef861efff monitored = 0 entry_point = 0x7fef85d2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2685 start_va = 0x7fef9100000 end_va = 0x7fef9117fff monitored = 0 entry_point = 0x7fef9101bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2686 start_va = 0x7fef9120000 end_va = 0x7fef9130fff monitored = 0 entry_point = 0x7fef91216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2687 start_va = 0x7fef91e0000 end_va = 0x7fef921afff monitored = 0 entry_point = 0x7fef91e4520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2688 start_va = 0x7fef9220000 end_va = 0x7fef9270fff monitored = 0 entry_point = 0x7fef922f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2689 start_va = 0x7fef9290000 end_va = 0x7fef9297fff monitored = 0 entry_point = 0x7fef929284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2690 start_va = 0x7fef92a0000 end_va = 0x7fef92a9fff monitored = 0 entry_point = 0x7fef92a1adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2691 start_va = 0x7fefb230000 end_va = 0x7fefb23afff monitored = 0 entry_point = 0x7fefb231198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2692 start_va = 0x7fefb240000 end_va = 0x7fefb266fff monitored = 0 entry_point = 0x7fefb2498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2693 start_va = 0x7fefb6e0000 end_va = 0x7fefb6e8fff monitored = 0 entry_point = 0x7fefb6e1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2694 start_va = 0x7fefb6f0000 end_va = 0x7fefb71bfff monitored = 0 entry_point = 0x7fefb6f15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2695 start_va = 0x7fefb720000 end_va = 0x7fefb7cbfff monitored = 0 entry_point = 0x7fefb736acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2696 start_va = 0x7fefb940000 end_va = 0x7fefb954fff monitored = 0 entry_point = 0x7fefb941050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2697 start_va = 0x7fefb960000 end_va = 0x7fefb96bfff monitored = 0 entry_point = 0x7fefb9618a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2698 start_va = 0x7fefbc60000 end_va = 0x7fefbcaafff monitored = 0 entry_point = 0x7fefbc6efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2699 start_va = 0x7fefc0d0000 end_va = 0x7fefc1fbfff monitored = 0 entry_point = 0x7fefc0d94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2700 start_va = 0x7fefc740000 end_va = 0x7fefc76cfff monitored = 0 entry_point = 0x7fefc741010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2701 start_va = 0x7fefc770000 end_va = 0x7fefc905fff monitored = 0 entry_point = 0x7fefc7778e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2702 start_va = 0x7fefc910000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc911064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2703 start_va = 0x7fefc920000 end_va = 0x7fefc9dafff monitored = 0 entry_point = 0x7fefc926de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2704 start_va = 0x7fefc9e0000 end_va = 0x7fefc9e6fff monitored = 0 entry_point = 0x7fefc9e14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2705 start_va = 0x7fefcad0000 end_va = 0x7fefcaeafff monitored = 0 entry_point = 0x7fefcad2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2706 start_va = 0x7fefcaf0000 end_va = 0x7fefcb0dfff monitored = 0 entry_point = 0x7fefcaf13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2707 start_va = 0x7fefcc40000 end_va = 0x7fefcc49fff monitored = 0 entry_point = 0x7fefcc43cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2708 start_va = 0x7fefcd40000 end_va = 0x7fefcd86fff monitored = 0 entry_point = 0x7fefcd41064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2709 start_va = 0x7fefce60000 end_va = 0x7fefcebafff monitored = 0 entry_point = 0x7fefce66940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2710 start_va = 0x7fefcfd0000 end_va = 0x7fefcfd6fff monitored = 0 entry_point = 0x7fefcfd142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2711 start_va = 0x7fefcfe0000 end_va = 0x7fefd034fff monitored = 0 entry_point = 0x7fefcfe1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2712 start_va = 0x7fefd040000 end_va = 0x7fefd057fff monitored = 0 entry_point = 0x7fefd043b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2713 start_va = 0x7fefd190000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd195d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2714 start_va = 0x7fefd250000 end_va = 0x7fefd2bcfff monitored = 0 entry_point = 0x7fefd251010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2715 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff monitored = 0 entry_point = 0x7fefd5e1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2716 start_va = 0x7fefd610000 end_va = 0x7fefd634fff monitored = 0 entry_point = 0x7fefd619658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2717 start_va = 0x7fefd640000 end_va = 0x7fefd64efff monitored = 0 entry_point = 0x7fefd641010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2718 start_va = 0x7fefd6f0000 end_va = 0x7fefd72cfff monitored = 0 entry_point = 0x7fefd6f18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2719 start_va = 0x7fefd730000 end_va = 0x7fefd743fff monitored = 0 entry_point = 0x7fefd7310e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2720 start_va = 0x7fefd750000 end_va = 0x7fefd75efff monitored = 0 entry_point = 0x7fefd7519b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2721 start_va = 0x7fefd7f0000 end_va = 0x7fefd7fefff monitored = 0 entry_point = 0x7fefd7f1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2722 start_va = 0x7fefd800000 end_va = 0x7fefd96cfff monitored = 0 entry_point = 0x7fefd8010b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2723 start_va = 0x7fefd970000 end_va = 0x7fefd9dbfff monitored = 0 entry_point = 0x7fefd972780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2724 start_va = 0x7fefd9e0000 end_va = 0x7fefda1afff monitored = 0 entry_point = 0x7fefd9e1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2725 start_va = 0x7fefda20000 end_va = 0x7fefda55fff monitored = 0 entry_point = 0x7fefda21474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2726 start_va = 0x7fefda60000 end_va = 0x7fefda79fff monitored = 0 entry_point = 0x7fefda61558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2727 start_va = 0x7fefdca0000 end_va = 0x7fefdd38fff monitored = 0 entry_point = 0x7fefdca1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2728 start_va = 0x7fefdd40000 end_va = 0x7fefde6cfff monitored = 0 entry_point = 0x7fefdd8ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2729 start_va = 0x7fefde70000 end_va = 0x7fefded6fff monitored = 0 entry_point = 0x7fefde7b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2730 start_va = 0x7fefec70000 end_va = 0x7fefed78fff monitored = 0 entry_point = 0x7fefec71064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2731 start_va = 0x7fefef30000 end_va = 0x7fefefa0fff monitored = 0 entry_point = 0x7fefef41e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2732 start_va = 0x7fefefb0000 end_va = 0x7feff08afff monitored = 0 entry_point = 0x7fefefd0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2733 start_va = 0x7feff090000 end_va = 0x7feff12efff monitored = 0 entry_point = 0x7feff0925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2734 start_va = 0x7feff130000 end_va = 0x7feff137fff monitored = 0 entry_point = 0x7feff131504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2735 start_va = 0x7feff140000 end_va = 0x7feff15efff monitored = 0 entry_point = 0x7feff1460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2736 start_va = 0x7feff180000 end_va = 0x7feff1d1fff monitored = 0 entry_point = 0x7feff1810d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2737 start_va = 0x7feff1e0000 end_va = 0x7feff2b6fff monitored = 0 entry_point = 0x7feff1e3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2738 start_va = 0x7feff2c0000 end_va = 0x7feff2edfff monitored = 0 entry_point = 0x7feff2c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2739 start_va = 0x7feff2f0000 end_va = 0x7feff4f2fff monitored = 0 entry_point = 0x7feff313330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2740 start_va = 0x7feff5a0000 end_va = 0x7feff5adfff monitored = 0 entry_point = 0x7feff5a1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2741 start_va = 0x7feff5b0000 end_va = 0x7feff678fff monitored = 0 entry_point = 0x7feff62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2742 start_va = 0x7feff680000 end_va = 0x7feff856fff monitored = 0 entry_point = 0x7feff681010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2743 start_va = 0x7feffac0000 end_va = 0x7feffb0cfff monitored = 0 entry_point = 0x7feffac1070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2744 start_va = 0x7feffb20000 end_va = 0x7feffb20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2745 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 2746 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2747 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 2748 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 2749 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2750 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2751 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2752 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2753 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2754 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2755 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2756 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2757 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2758 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2759 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2760 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2761 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2762 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2763 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2764 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2765 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2766 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2767 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 84 os_tid = 0xe40 Thread: id = 85 os_tid = 0x7b0 Thread: id = 86 os_tid = 0x7c8 Thread: id = 87 os_tid = 0x254 Thread: id = 88 os_tid = 0x38c Thread: id = 89 os_tid = 0x128 Thread: id = 90 os_tid = 0x334 Thread: id = 91 os_tid = 0x5a4 Thread: id = 92 os_tid = 0x5fc Thread: id = 93 os_tid = 0x5f4 Thread: id = 94 os_tid = 0x5ec Thread: id = 95 os_tid = 0x558 Thread: id = 96 os_tid = 0x460 Thread: id = 97 os_tid = 0x448 Thread: id = 98 os_tid = 0x3b0 Thread: id = 99 os_tid = 0x3a8 Thread: id = 100 os_tid = 0x398 Thread: id = 101 os_tid = 0x2f8 Thread: id = 102 os_tid = 0x2f4 Thread: id = 103 os_tid = 0x2d8 Thread: id = 104 os_tid = 0x2d0 Thread: id = 105 os_tid = 0x2c4 Thread: id = 106 os_tid = 0xe60 Thread: id = 107 os_tid = 0xe7c