# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 26.07.2022 21:23:53.818 Process: id = "1" image_name = "18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" filename = "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" page_root = "0x442b3000" os_pid = "0xfbc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x788" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 114 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 115 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 116 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 117 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 118 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 119 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 120 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 121 start_va = 0x11e0000 end_va = 0x1281fff monitored = 1 entry_point = 0x127d84e region_type = mapped_file name = "18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") Region: id = 122 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 123 start_va = 0x77150000 end_va = 0x772cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 124 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 125 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 126 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 127 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 128 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 129 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 130 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 270 start_va = 0x70000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 271 start_va = 0x74a40000 end_va = 0x74a7efff monitored = 0 entry_point = 0x74a6e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 272 start_va = 0x749e0000 end_va = 0x74a3bfff monitored = 0 entry_point = 0x74a1f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 273 start_va = 0x749d0000 end_va = 0x749d7fff monitored = 0 entry_point = 0x749d20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 274 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 275 start_va = 0x75620000 end_va = 0x7572ffff monitored = 0 entry_point = 0x75633283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 276 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 277 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076e50000" filename = "" Region: id = 278 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 279 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076d50000" filename = "" Region: id = 280 start_va = 0x190000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 281 start_va = 0x74b40000 end_va = 0x74b89fff monitored = 1 entry_point = 0x74b42e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 282 start_va = 0x75620000 end_va = 0x7572ffff monitored = 0 entry_point = 0x75633283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 283 start_va = 0x74dc0000 end_va = 0x74e06fff monitored = 0 entry_point = 0x74dc74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 284 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 285 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 286 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 287 start_va = 0x440000 end_va = 0x4a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 288 start_va = 0x4b0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 289 start_va = 0x530000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 290 start_va = 0x767e0000 end_va = 0x7687ffff monitored = 0 entry_point = 0x767f49e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 291 start_va = 0x752c0000 end_va = 0x7536bfff monitored = 0 entry_point = 0x752ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 292 start_va = 0x74e10000 end_va = 0x74e28fff monitored = 0 entry_point = 0x74e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 293 start_va = 0x76450000 end_va = 0x7653ffff monitored = 0 entry_point = 0x76460569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 294 start_va = 0x74ca0000 end_va = 0x74cfffff monitored = 0 entry_point = 0x74cba3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 295 start_va = 0x74c90000 end_va = 0x74c9bfff monitored = 0 entry_point = 0x74c910e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 296 start_va = 0x660000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 297 start_va = 0x74ab0000 end_va = 0x74b3cfff monitored = 1 entry_point = 0x74ac2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 298 start_va = 0x72cc0000 end_va = 0x72cc2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 299 start_va = 0x76540000 end_va = 0x76596fff monitored = 0 entry_point = 0x76559ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 300 start_va = 0x76ae0000 end_va = 0x76b6ffff monitored = 0 entry_point = 0x76af6343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 301 start_va = 0x74f70000 end_va = 0x7506ffff monitored = 0 entry_point = 0x74f8b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 302 start_va = 0x77120000 end_va = 0x77129fff monitored = 0 entry_point = 0x771236a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 303 start_va = 0x76740000 end_va = 0x767dcfff monitored = 0 entry_point = 0x76773fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 304 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 305 start_va = 0x7d0000 end_va = 0x957fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 306 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 307 start_va = 0x769f0000 end_va = 0x76a4ffff monitored = 0 entry_point = 0x76a0158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 308 start_va = 0x76380000 end_va = 0x7644bfff monitored = 0 entry_point = 0x7638168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 309 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 310 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 311 start_va = 0x960000 end_va = 0xae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 312 start_va = 0x1290000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001290000" filename = "" Region: id = 313 start_va = 0x530000 end_va = 0x5ccfff monitored = 1 entry_point = 0x5cd84e region_type = mapped_file name = "18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") Region: id = 314 start_va = 0x620000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 315 start_va = 0x530000 end_va = 0x5ccfff monitored = 1 entry_point = 0x5cd84e region_type = mapped_file name = "18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") Region: id = 316 start_va = 0x73ca0000 end_va = 0x73ca8fff monitored = 0 entry_point = 0x73ca1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 317 start_va = 0x71c50000 end_va = 0x723fefff monitored = 1 entry_point = 0x71c6d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 318 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 319 start_va = 0x71c50000 end_va = 0x723fefff monitored = 1 entry_point = 0x71c6d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 320 start_va = 0x74a90000 end_va = 0x74aa3fff monitored = 0 entry_point = 0x74a9ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 321 start_va = 0x71ba0000 end_va = 0x71c4afff monitored = 0 entry_point = 0x71c35f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 324 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 325 start_va = 0xc0000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 326 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 327 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 328 start_va = 0xa0000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 329 start_va = 0xb0000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 330 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 331 start_va = 0x190000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 332 start_va = 0x1e0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 333 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 334 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 335 start_va = 0x660000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 336 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 337 start_va = 0x660000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 338 start_va = 0x780000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 339 start_va = 0x5c0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 340 start_va = 0xc50000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 341 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 342 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 343 start_va = 0x2690000 end_va = 0x468ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 344 start_va = 0x660000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 345 start_va = 0x730000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 346 start_va = 0xbc0000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 347 start_va = 0xf30000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 348 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 349 start_va = 0xda0000 end_va = 0xddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 350 start_va = 0x4750000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 351 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 352 start_va = 0x4850000 end_va = 0x4b1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 353 start_va = 0x70790000 end_va = 0x71b9afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 354 start_va = 0x75370000 end_va = 0x754cbfff monitored = 0 entry_point = 0x753bba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 355 start_va = 0x73bb0000 end_va = 0x73c2ffff monitored = 0 entry_point = 0x73bc37c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 356 start_va = 0xde0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 357 start_va = 0xde0000 end_va = 0xebefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 358 start_va = 0xef0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 359 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 360 start_va = 0x74a80000 end_va = 0x74a82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 361 start_va = 0x70700000 end_va = 0x70788fff monitored = 1 entry_point = 0x70701130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 362 start_va = 0x76a50000 end_va = 0x76adefff monitored = 0 entry_point = 0x76a53fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 363 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 364 start_va = 0x6fca0000 end_va = 0x706f4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 365 start_va = 0x6faf0000 end_va = 0x6fc92fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 366 start_va = 0x6ec80000 end_va = 0x6fae5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 367 start_va = 0x6e460000 end_va = 0x6ec77fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 368 start_va = 0x6e270000 end_va = 0x6e451fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 369 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 370 start_va = 0x2e0000 end_va = 0x2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 371 start_va = 0x6e160000 end_va = 0x6e264fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 372 start_va = 0x6d9e0000 end_va = 0x6e153fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 373 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 374 start_va = 0x6d9c0000 end_va = 0x6d9d2fff monitored = 1 entry_point = 0x6d9cd900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 375 start_va = 0x4b20000 end_va = 0x4df1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 376 start_va = 0x75730000 end_va = 0x76379fff monitored = 0 entry_point = 0x757b1601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 377 start_va = 0x310000 end_va = 0x310fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 378 start_va = 0x73d60000 end_va = 0x73d6afff monitored = 0 entry_point = 0x73d61992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 379 start_va = 0x4e00000 end_va = 0x501ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 380 start_va = 0x6d9a0000 end_va = 0x6d9b6fff monitored = 0 entry_point = 0x6d9a35fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 381 start_va = 0x73a30000 end_va = 0x73a46fff monitored = 0 entry_point = 0x73a33573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 382 start_va = 0x4b0000 end_va = 0x4ebfff monitored = 0 entry_point = 0x4b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 383 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 384 start_va = 0x4b0000 end_va = 0x4ebfff monitored = 0 entry_point = 0x4b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 385 start_va = 0x4b0000 end_va = 0x4ebfff monitored = 0 entry_point = 0x4b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 386 start_va = 0x4b0000 end_va = 0x4ebfff monitored = 0 entry_point = 0x4b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 387 start_va = 0x4b0000 end_va = 0x4ebfff monitored = 0 entry_point = 0x4b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 388 start_va = 0x739f0000 end_va = 0x73a2afff monitored = 0 entry_point = 0x739f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 389 start_va = 0x754e0000 end_va = 0x754e4fff monitored = 0 entry_point = 0x754e1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 390 start_va = 0x73ae0000 end_va = 0x73b31fff monitored = 0 entry_point = 0x73ae14be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 391 start_va = 0x73ac0000 end_va = 0x73ad4fff monitored = 0 entry_point = 0x73ac12de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 392 start_va = 0x76920000 end_va = 0x76954fff monitored = 0 entry_point = 0x7692145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 393 start_va = 0x754d0000 end_va = 0x754d5fff monitored = 0 entry_point = 0x754d1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 394 start_va = 0x73ab0000 end_va = 0x73abcfff monitored = 0 entry_point = 0x73ab1326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 395 start_va = 0x73c60000 end_va = 0x73c9bfff monitored = 0 entry_point = 0x73c6145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 396 start_va = 0x73c50000 end_va = 0x73c54fff monitored = 0 entry_point = 0x73c515df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 397 start_va = 0x73c40000 end_va = 0x73c45fff monitored = 0 entry_point = 0x73c41673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 398 start_va = 0xaf0000 end_va = 0xbaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 399 start_va = 0x1030000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 400 start_va = 0x4ea0000 end_va = 0x4f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 401 start_va = 0x4fe0000 end_va = 0x501ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 402 start_va = 0x6d940000 end_va = 0x6d997fff monitored = 0 entry_point = 0x6d9413b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 403 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 404 start_va = 0x6d8f0000 end_va = 0x6d93efff monitored = 0 entry_point = 0x6d8f1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 405 start_va = 0x10b0000 end_va = 0x10effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 406 start_va = 0x50a0000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 407 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 408 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 409 start_va = 0x5360000 end_va = 0x545ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 410 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 411 start_va = 0x320000 end_va = 0x320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 412 start_va = 0x6d8e0000 end_va = 0x6d8e7fff monitored = 0 entry_point = 0x6d8e34d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 413 start_va = 0x73cc0000 end_va = 0x73cdbfff monitored = 0 entry_point = 0x73cca431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 414 start_va = 0x73cb0000 end_va = 0x73cb6fff monitored = 0 entry_point = 0x73cb128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 415 start_va = 0x51a0000 end_va = 0x529ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 416 start_va = 0x6d8d0000 end_va = 0x6d8dcfff monitored = 0 entry_point = 0x6d8d2012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 417 start_va = 0x6d8b0000 end_va = 0x6d8c1fff monitored = 0 entry_point = 0x6d8b3271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 418 start_va = 0x530000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 419 start_va = 0x4e00000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 420 start_va = 0x5620000 end_va = 0x571ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005620000" filename = "" Region: id = 421 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 422 start_va = 0x73b60000 end_va = 0x73b6dfff monitored = 0 entry_point = 0x73b61235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 423 start_va = 0x1070000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 424 start_va = 0x57f0000 end_va = 0x58effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 425 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 426 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 427 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 428 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 429 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 430 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 431 start_va = 0x320000 end_va = 0x326fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 432 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 433 start_va = 0x320000 end_va = 0x326fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 434 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 435 start_va = 0x320000 end_va = 0x326fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 436 start_va = 0x73ce0000 end_va = 0x73d23fff monitored = 0 entry_point = 0x73cf63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 437 start_va = 0x5460000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 438 start_va = 0x73c30000 end_va = 0x73c35fff monitored = 0 entry_point = 0x73c314b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 439 start_va = 0x73b70000 end_va = 0x73ba7fff monitored = 0 entry_point = 0x73b7990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 440 start_va = 0x10f0000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 441 start_va = 0x6d8a0000 end_va = 0x6d8a7fff monitored = 0 entry_point = 0x6d8a10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 442 start_va = 0x6d860000 end_va = 0x6d89efff monitored = 0 entry_point = 0x6d862351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 443 start_va = 0x754f0000 end_va = 0x75610fff monitored = 0 entry_point = 0x754f158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 444 start_va = 0x74d50000 end_va = 0x74d5bfff monitored = 0 entry_point = 0x74d5238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 445 start_va = 0x320000 end_va = 0x321fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 446 start_va = 0x6d820000 end_va = 0x6d857fff monitored = 0 entry_point = 0x6d821489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 447 start_va = 0x6d7e0000 end_va = 0x6d81cfff monitored = 0 entry_point = 0x6d7e10f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 448 start_va = 0x5020000 end_va = 0x505ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 449 start_va = 0x5940000 end_va = 0x5a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005940000" filename = "" Region: id = 450 start_va = 0x6d7c0000 end_va = 0x6d7d6fff monitored = 0 entry_point = 0x6d7c1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 451 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 452 start_va = 0x5460000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 453 start_va = 0x5560000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 454 start_va = 0x5a40000 end_va = 0x5c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 455 start_va = 0x6d7a0000 end_va = 0x6d7b5fff monitored = 0 entry_point = 0x6d7a2061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 828 start_va = 0x320000 end_va = 0x329fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 829 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 830 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 831 start_va = 0x4f0000 end_va = 0x519fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 832 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 833 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 834 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 835 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 836 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 837 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 838 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 839 start_va = 0x4e60000 end_va = 0x4e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 840 start_va = 0x5da0000 end_va = 0x5e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005da0000" filename = "" Region: id = 841 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 842 start_va = 0x5ea0000 end_va = 0x6e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ea0000" filename = "" Region: id = 843 start_va = 0x5c40000 end_va = 0x5d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c40000" filename = "" Region: id = 844 start_va = 0x6ea0000 end_va = 0x7e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ea0000" filename = "" Region: id = 845 start_va = 0x7ea0000 end_va = 0x812ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ea0000" filename = "" Region: id = 846 start_va = 0x5a0000 end_va = 0x5b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 847 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 848 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 849 start_va = 0x8130000 end_va = 0x912ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008130000" filename = "" Region: id = 850 start_va = 0x9130000 end_va = 0xa12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009130000" filename = "" Region: id = 851 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 852 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 853 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 854 start_va = 0x52a0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052a0000" filename = "" Region: id = 855 start_va = 0xa230000 end_va = 0xa32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a230000" filename = "" Region: id = 856 start_va = 0x7ef95000 end_va = 0x7ef97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 857 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 858 start_va = 0x46c0000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 859 start_va = 0xa380000 end_va = 0xa47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a380000" filename = "" Region: id = 860 start_va = 0x7ef92000 end_va = 0x7ef94fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 861 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 862 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 863 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 864 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 865 start_va = 0x660000 end_va = 0x6e1fff monitored = 0 entry_point = 0x6619a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 866 start_va = 0x660000 end_va = 0x6e1fff monitored = 0 entry_point = 0x6619a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 867 start_va = 0x6d710000 end_va = 0x6d793fff monitored = 0 entry_point = 0x6d7119a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 868 start_va = 0xa480000 end_va = 0xa62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a480000" filename = "" Region: id = 869 start_va = 0x6d580000 end_va = 0x6d70ffff monitored = 0 entry_point = 0x6d61d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 870 start_va = 0x5ea0000 end_va = 0x607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ea0000" filename = "" Region: id = 871 start_va = 0x55c0000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 872 start_va = 0x6120000 end_va = 0x621ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006120000" filename = "" Region: id = 873 start_va = 0x6d570000 end_va = 0x6d574fff monitored = 0 entry_point = 0x6d5711d0 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 874 start_va = 0x7ef8f000 end_va = 0x7ef91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 875 start_va = 0x600000 end_va = 0x602fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 876 start_va = 0x610000 end_va = 0x616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 877 start_va = 0x610000 end_va = 0x616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 878 start_va = 0x660000 end_va = 0x71cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 879 start_va = 0x660000 end_va = 0x71cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 880 start_va = 0x5ea0000 end_va = 0x5f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ea0000" filename = "" Region: id = 881 start_va = 0x6070000 end_va = 0x607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006070000" filename = "" Region: id = 882 start_va = 0x660000 end_va = 0x6e7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 883 start_va = 0x660000 end_va = 0x6e7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 884 start_va = 0x660000 end_va = 0x716fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 885 start_va = 0x660000 end_va = 0x716fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 886 start_va = 0x660000 end_va = 0x6e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbi.ttf" filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf") Region: id = 887 start_va = 0x660000 end_va = 0x6e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbi.ttf" filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf") Region: id = 888 start_va = 0x6220000 end_va = 0x71a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 889 start_va = 0x6220000 end_va = 0x71a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 890 start_va = 0x6220000 end_va = 0x71a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 891 start_va = 0x71b0000 end_va = 0x73affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071b0000" filename = "" Region: id = 892 start_va = 0x6220000 end_va = 0x71a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 893 start_va = 0x6220000 end_va = 0x71a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 894 start_va = 0x660000 end_va = 0x70dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 895 start_va = 0x660000 end_va = 0x70dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 896 start_va = 0x660000 end_va = 0x6f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "couri.ttf" filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf") Region: id = 897 start_va = 0x660000 end_va = 0x6f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "couri.ttf" filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf") Region: id = 898 start_va = 0x660000 end_va = 0x70dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbd.ttf" filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf") Region: id = 899 start_va = 0x660000 end_va = 0x70dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbd.ttf" filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf") Region: id = 900 start_va = 0x660000 end_va = 0x6e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbi.ttf" filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf") Region: id = 901 start_va = 0x660000 end_va = 0x6e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbi.ttf" filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf") Region: id = 902 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "daunpenh.ttf" filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf") Region: id = 903 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "daunpenh.ttf" filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf") Region: id = 904 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dokchamp.ttf" filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf") Region: id = 905 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dokchamp.ttf" filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf") Region: id = 906 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "estre.ttf" filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf") Region: id = 907 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "estre.ttf" filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf") Region: id = 908 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "euphemia.ttf" filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf") Region: id = 909 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "euphemia.ttf" filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf") Region: id = 910 start_va = 0x660000 end_va = 0x69efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautami.ttf" filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf") Region: id = 911 start_va = 0x660000 end_va = 0x69efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautami.ttf" filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf") Region: id = 912 start_va = 0x660000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautamib.ttf" filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf") Region: id = 913 start_va = 0x660000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautamib.ttf" filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf") Region: id = 914 start_va = 0x660000 end_va = 0x6befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vani.ttf" filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf") Region: id = 915 start_va = 0x660000 end_va = 0x6befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vani.ttf" filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf") Region: id = 916 start_va = 0x660000 end_va = 0x6bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vanib.ttf" filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf") Region: id = 917 start_va = 0x660000 end_va = 0x6bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vanib.ttf" filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf") Region: id = 918 start_va = 0x6220000 end_va = 0x6f05fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 919 start_va = 0x6220000 end_va = 0x6f05fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 920 start_va = 0x6220000 end_va = 0x6f05fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 921 start_va = 0x6220000 end_va = 0x6f05fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 922 start_va = 0x73b0000 end_va = 0x77affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000073b0000" filename = "" Region: id = 923 start_va = 0x6220000 end_va = 0x6f05fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 924 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "impact.ttf" filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf") Region: id = 925 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "impact.ttf" filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf") Region: id = 926 start_va = 0x660000 end_va = 0x6e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpota.ttf" filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf") Region: id = 927 start_va = 0x660000 end_va = 0x6e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpota.ttf" filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf") Region: id = 928 start_va = 0x660000 end_va = 0x6bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpotab.ttf" filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf") Region: id = 929 start_va = 0x660000 end_va = 0x6bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpotab.ttf" filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf") Region: id = 930 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalinga.ttf" filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf") Region: id = 931 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalinga.ttf" filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf") Region: id = 932 start_va = 0x660000 end_va = 0x692fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalingab.ttf" filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf") Region: id = 933 start_va = 0x660000 end_va = 0x692fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalingab.ttf" filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf") Region: id = 934 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartika.ttf" filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf") Region: id = 935 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartika.ttf" filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf") Region: id = 936 start_va = 0x660000 end_va = 0x67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartikab.ttf" filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf") Region: id = 937 start_va = 0x660000 end_va = 0x67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartikab.ttf" filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf") Region: id = 938 start_va = 0x660000 end_va = 0x6b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmerui.ttf" filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf") Region: id = 939 start_va = 0x660000 end_va = 0x6b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmerui.ttf" filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf") Region: id = 940 start_va = 0x660000 end_va = 0x6a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmeruib.ttf" filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf") Region: id = 941 start_va = 0x660000 end_va = 0x6a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmeruib.ttf" filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf") Region: id = 942 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laoui.ttf" filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf") Region: id = 943 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laoui.ttf" filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf") Region: id = 944 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laouib.ttf" filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf") Region: id = 945 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laouib.ttf" filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf") Region: id = 946 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latha.ttf" filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf") Region: id = 947 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latha.ttf" filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf") Region: id = 948 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lathab.ttf" filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf") Region: id = 949 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lathab.ttf" filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf") Region: id = 950 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lucon.ttf" filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf") Region: id = 951 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lucon.ttf" filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf") Region: id = 952 start_va = 0x6220000 end_va = 0x6642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 953 start_va = 0x6220000 end_va = 0x6642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 954 start_va = 0x6220000 end_va = 0x666efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunbd.ttf" filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf") Region: id = 955 start_va = 0x6220000 end_va = 0x666efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunbd.ttf" filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf") Region: id = 956 start_va = 0x660000 end_va = 0x692fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangal.ttf" filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf") Region: id = 957 start_va = 0x660000 end_va = 0x692fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangal.ttf" filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf") Region: id = 958 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangalb.ttf" filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf") Region: id = 959 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangalb.ttf" filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf") Region: id = 960 start_va = 0x6220000 end_va = 0x6b37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 961 start_va = 0x6220000 end_va = 0x6b37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 962 start_va = 0x6220000 end_va = 0x6b37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 963 start_va = 0x6220000 end_va = 0x6b37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 964 start_va = 0x6220000 end_va = 0x6b37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 965 start_va = 0x6220000 end_va = 0x6b6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 966 start_va = 0x6220000 end_va = 0x6b6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 967 start_va = 0x6220000 end_va = 0x6b6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 968 start_va = 0x6220000 end_va = 0x6b6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 969 start_va = 0x6220000 end_va = 0x6b6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 970 start_va = 0x9130000 end_va = 0x992ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009130000" filename = "" Region: id = 971 start_va = 0x660000 end_va = 0x6f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "himalaya.ttf" filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf") Region: id = 972 start_va = 0x660000 end_va = 0x6f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "himalaya.ttf" filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf") Region: id = 973 start_va = 0xa630000 end_va = 0xbad8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 974 start_va = 0xa630000 end_va = 0xbad8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 975 start_va = 0x6220000 end_va = 0x6ff6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttf" filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf") Region: id = 976 start_va = 0x6220000 end_va = 0x6ff6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttf" filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf") Region: id = 977 start_va = 0xa630000 end_va = 0xbaf2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 978 start_va = 0xa630000 end_va = 0xbaf2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 979 start_va = 0x6220000 end_va = 0x700dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttf" filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf") Region: id = 980 start_va = 0x6220000 end_va = 0x700dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttf" filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf") Region: id = 981 start_va = 0xa630000 end_va = 0xc4e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 982 start_va = 0xa630000 end_va = 0xc4e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 983 start_va = 0xa630000 end_va = 0xc4e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 984 start_va = 0xa630000 end_va = 0xc4e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 985 start_va = 0xa630000 end_va = 0xc66dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 986 start_va = 0xa630000 end_va = 0xc66dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 987 start_va = 0xa630000 end_va = 0xc66dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 988 start_va = 0xa630000 end_va = 0xc66dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 989 start_va = 0x660000 end_va = 0x6b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "monbaiti.ttf" filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf") Region: id = 990 start_va = 0x660000 end_va = 0x6b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "monbaiti.ttf" filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf") Region: id = 991 start_va = 0x6220000 end_va = 0x6ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 992 start_va = 0x6220000 end_va = 0x6ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 993 start_va = 0x6220000 end_va = 0x6ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 994 start_va = 0x6220000 end_va = 0x6ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 995 start_va = 0x6220000 end_va = 0x6bb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 996 start_va = 0x6220000 end_va = 0x6bb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 997 start_va = 0x6220000 end_va = 0x6bb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 998 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mvboli.ttf" filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf") Region: id = 999 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mvboli.ttf" filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf") Region: id = 1000 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailu.ttf" filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf") Region: id = 1001 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailu.ttf" filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf") Region: id = 1002 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailub.ttf" filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf") Region: id = 1003 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailub.ttf" filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf") Region: id = 1004 start_va = 0x660000 end_va = 0x6cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nyala.ttf" filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf") Region: id = 1005 start_va = 0x660000 end_va = 0x6cafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nyala.ttf" filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf") Region: id = 1006 start_va = 0x660000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspa.ttf" filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf") Region: id = 1007 start_va = 0x660000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspa.ttf" filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf") Region: id = 1008 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspab.ttf" filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf") Region: id = 1009 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspab.ttf" filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf") Region: id = 1010 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "plantc.ttf" filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf") Region: id = 1011 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "plantc.ttf" filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf") Region: id = 1012 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavi.ttf" filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf") Region: id = 1013 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavi.ttf" filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf") Region: id = 1014 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavib.ttf" filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf") Region: id = 1015 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavib.ttf" filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf") Region: id = 1016 start_va = 0x660000 end_va = 0x6f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoesc.ttf" filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf") Region: id = 1017 start_va = 0x660000 end_va = 0x6f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoesc.ttf" filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf") Region: id = 1018 start_va = 0x660000 end_va = 0x6f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoescb.ttf" filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf") Region: id = 1019 start_va = 0x660000 end_va = 0x6f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoescb.ttf" filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf") Region: id = 1020 start_va = 0x660000 end_va = 0x6defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 1021 start_va = 0x660000 end_va = 0x6defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 1022 start_va = 0x660000 end_va = 0x6d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 1023 start_va = 0x660000 end_va = 0x6d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 1024 start_va = 0x660000 end_va = 0x6befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuii.ttf" filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf") Region: id = 1025 start_va = 0x660000 end_va = 0x6befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuii.ttf" filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf") Region: id = 1026 start_va = 0x660000 end_va = 0x6c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuiz.ttf" filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf") Region: id = 1027 start_va = 0x660000 end_va = 0x6c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuiz.ttf" filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf") Region: id = 1028 start_va = 0x660000 end_va = 0x6c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 1029 start_va = 0x660000 end_va = 0x6c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 1030 start_va = 0x660000 end_va = 0x6b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 1031 start_va = 0x660000 end_va = 0x6b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 1032 start_va = 0x660000 end_va = 0x6defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisym.ttf" filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf") Region: id = 1033 start_va = 0x660000 end_va = 0x6defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisym.ttf" filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf") Region: id = 1034 start_va = 0x660000 end_va = 0x6a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shruti.ttf" filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf") Region: id = 1035 start_va = 0x660000 end_va = 0x6a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shruti.ttf" filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf") Region: id = 1036 start_va = 0x660000 end_va = 0x699fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shrutib.ttf" filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf") Region: id = 1037 start_va = 0x660000 end_va = 0x699fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shrutib.ttf" filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf") Region: id = 1038 start_va = 0x6220000 end_va = 0x70bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 1039 start_va = 0x6220000 end_va = 0x70bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 1040 start_va = 0x6220000 end_va = 0x70bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 1041 start_va = 0x6220000 end_va = 0x70d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsunb.ttf" filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf") Region: id = 1042 start_va = 0x6220000 end_va = 0x70d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsunb.ttf" filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf") Region: id = 1043 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sylfaen.ttf" filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf") Region: id = 1044 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sylfaen.ttf" filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf") Region: id = 1045 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taile.ttf" filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf") Region: id = 1046 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taile.ttf" filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf") Region: id = 1047 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taileb.ttf" filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf") Region: id = 1048 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taileb.ttf" filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf") Region: id = 1049 start_va = 0x660000 end_va = 0x72bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 1050 start_va = 0x660000 end_va = 0x72bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 1051 start_va = 0x660000 end_va = 0x701fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesi.ttf" filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf") Region: id = 1052 start_va = 0x660000 end_va = 0x701fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesi.ttf" filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf") Region: id = 1053 start_va = 0x660000 end_va = 0x72dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 1054 start_va = 0x660000 end_va = 0x72dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 1055 start_va = 0x660000 end_va = 0x6f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbi.ttf" filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf") Region: id = 1056 start_va = 0x660000 end_va = 0x6f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbi.ttf" filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf") Region: id = 1057 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tunga.ttf" filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf") Region: id = 1058 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tunga.ttf" filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf") Region: id = 1059 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tungab.ttf" filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf") Region: id = 1060 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tungab.ttf" filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf") Region: id = 1061 start_va = 0x660000 end_va = 0x69ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrinda.ttf" filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf") Region: id = 1062 start_va = 0x660000 end_va = 0x69ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrinda.ttf" filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf") Region: id = 1063 start_va = 0x660000 end_va = 0x69efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrindab.ttf" filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf") Region: id = 1064 start_va = 0x660000 end_va = 0x69efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrindab.ttf" filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf") Region: id = 1065 start_va = 0x660000 end_va = 0x6b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonar.ttf" filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf") Region: id = 1066 start_va = 0x660000 end_va = 0x6b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonar.ttf" filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf") Region: id = 1067 start_va = 0x660000 end_va = 0x6a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonarb.ttf" filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf") Region: id = 1068 start_va = 0x660000 end_va = 0x6a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonarb.ttf" filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf") Region: id = 1069 start_va = 0x660000 end_va = 0x6b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyi.ttf" filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf") Region: id = 1070 start_va = 0x660000 end_va = 0x6b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyi.ttf" filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf") Region: id = 1071 start_va = 0x660000 end_va = 0x70afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 1072 start_va = 0x660000 end_va = 0x70afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 1073 start_va = 0x660000 end_va = 0x6fefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahomabd.ttf" filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf") Region: id = 1074 start_va = 0x660000 end_va = 0x6fefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahomabd.ttf" filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf") Region: id = 1075 start_va = 0x660000 end_va = 0x6fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 1076 start_va = 0x660000 end_va = 0x6fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 1077 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsa.ttf" filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf") Region: id = 1078 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsa.ttf" filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf") Region: id = 1079 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsai.ttf" filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf") Region: id = 1080 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsai.ttf" filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf") Region: id = 1081 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsab.ttf" filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf") Region: id = 1082 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsab.ttf" filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf") Region: id = 1083 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaz.ttf" filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf") Region: id = 1084 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaz.ttf" filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf") Region: id = 1085 start_va = 0x660000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaj.ttf" filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf") Region: id = 1086 start_va = 0x660000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaj.ttf" filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf") Region: id = 1087 start_va = 0x660000 end_va = 0x694fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajb.ttf" filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf") Region: id = 1088 start_va = 0x660000 end_va = 0x694fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajb.ttf" filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf") Region: id = 1089 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajbi.ttf" filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf") Region: id = 1090 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajbi.ttf" filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf") Region: id = 1091 start_va = 0x660000 end_va = 0x69afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaji.ttf" filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf") Region: id = 1092 start_va = 0x660000 end_va = 0x69afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaji.ttf" filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf") Region: id = 1093 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordia.ttf" filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf") Region: id = 1094 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordia.ttf" filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf") Region: id = 1095 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiai.ttf" filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf") Region: id = 1096 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiai.ttf" filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf") Region: id = 1097 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiab.ttf" filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf") Region: id = 1098 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiab.ttf" filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf") Region: id = 1099 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaz.ttf" filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf") Region: id = 1100 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaz.ttf" filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf") Region: id = 1101 start_va = 0x660000 end_va = 0x6aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrima.ttf" filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf") Region: id = 1102 start_va = 0x660000 end_va = 0x6aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrima.ttf" filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf") Region: id = 1103 start_va = 0x660000 end_va = 0x6a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrimabd.ttf" filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf") Region: id = 1104 start_va = 0x660000 end_va = 0x6a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrimabd.ttf" filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf") Region: id = 1105 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gisha.ttf" filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf") Region: id = 1106 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gisha.ttf" filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf") Region: id = 1107 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gishabd.ttf" filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf") Region: id = 1108 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gishabd.ttf" filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf") Region: id = 1109 start_va = 0x660000 end_va = 0x691fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokila.ttf" filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf") Region: id = 1110 start_va = 0x660000 end_va = 0x691fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokila.ttf" filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf") Region: id = 1111 start_va = 0x660000 end_va = 0x691fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilab.ttf" filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf") Region: id = 1112 start_va = 0x660000 end_va = 0x691fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilab.ttf" filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf") Region: id = 1113 start_va = 0x660000 end_va = 0x699fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilabi.ttf" filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf") Region: id = 1114 start_va = 0x660000 end_va = 0x699fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilabi.ttf" filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf") Region: id = 1115 start_va = 0x660000 end_va = 0x69bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilai.ttf" filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf") Region: id = 1116 start_va = 0x660000 end_va = 0x69bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilai.ttf" filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf") Region: id = 1117 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawad.ttf" filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf") Region: id = 1118 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawad.ttf" filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf") Region: id = 1119 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawdb.ttf" filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf") Region: id = 1120 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawdb.ttf" filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf") Region: id = 1121 start_va = 0x660000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighur.ttf" filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf") Region: id = 1122 start_va = 0x660000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighur.ttf" filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf") Region: id = 1123 start_va = 0x660000 end_va = 0x6b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "moolbor.ttf" filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf") Region: id = 1124 start_va = 0x660000 end_va = 0x6b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "moolbor.ttf" filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf") Region: id = 1125 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 1126 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 1127 start_va = 0x660000 end_va = 0x694fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaah.ttf" filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf") Region: id = 1128 start_va = 0x660000 end_va = 0x694fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaah.ttf" filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf") Region: id = 1129 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahb.ttf" filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf") Region: id = 1130 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahb.ttf" filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf") Region: id = 1131 start_va = 0x660000 end_va = 0x695fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahbi.ttf" filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf") Region: id = 1132 start_va = 0x660000 end_va = 0x695fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahbi.ttf" filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf") Region: id = 1133 start_va = 0x660000 end_va = 0x69afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahi.ttf" filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf") Region: id = 1134 start_va = 0x660000 end_va = 0x69afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahi.ttf" filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf") Region: id = 1135 start_va = 0x660000 end_va = 0x689fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijaya.ttf" filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf") Region: id = 1136 start_va = 0x660000 end_va = 0x689fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijaya.ttf" filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf") Region: id = 1137 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijayab.ttf" filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf") Region: id = 1138 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijayab.ttf" filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf") Region: id = 1139 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingding.ttf" filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf") Region: id = 1140 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingding.ttf" filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf") Region: id = 1141 start_va = 0x610000 end_va = 0x612fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "modern.fon" filename = "\\Windows\\Fonts\\modern.fon" (normalized: "c:\\windows\\fonts\\modern.fon") Region: id = 1142 start_va = 0x610000 end_va = 0x613fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roman.fon" filename = "\\Windows\\Fonts\\roman.fon" (normalized: "c:\\windows\\fonts\\roman.fon") Region: id = 1143 start_va = 0x610000 end_va = 0x612fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "script.fon" filename = "\\Windows\\Fonts\\script.fon" (normalized: "c:\\windows\\fonts\\script.fon") Region: id = 1144 start_va = 0x660000 end_va = 0x686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "andlso.ttf" filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf") Region: id = 1145 start_va = 0x660000 end_va = 0x686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "andlso.ttf" filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf") Region: id = 1146 start_va = 0x660000 end_va = 0x6f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arabtype.ttf" filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf") Region: id = 1147 start_va = 0x660000 end_va = 0x6f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arabtype.ttf" filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf") Region: id = 1148 start_va = 0x660000 end_va = 0x67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpo.ttf" filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf") Region: id = 1149 start_va = 0x660000 end_va = 0x67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpo.ttf" filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf") Region: id = 1150 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpbdo.ttf" filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf") Region: id = 1151 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpbdo.ttf" filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf") Region: id = 1152 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpfxo.ttf" filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf") Region: id = 1153 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpfxo.ttf" filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf") Region: id = 1154 start_va = 0x660000 end_va = 0x6bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majalla.ttf" filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf") Region: id = 1155 start_va = 0x660000 end_va = 0x6bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majalla.ttf" filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf") Region: id = 1156 start_va = 0x660000 end_va = 0x6bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majallab.ttf" filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf") Region: id = 1157 start_va = 0x660000 end_va = 0x6bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majallab.ttf" filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf") Region: id = 1158 start_va = 0x660000 end_va = 0x68bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trado.ttf" filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf") Region: id = 1159 start_va = 0x660000 end_va = 0x68bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trado.ttf" filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf") Region: id = 1160 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tradbdo.ttf" filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf") Region: id = 1161 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tradbdo.ttf" filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf") Region: id = 1162 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ahronbd.ttf" filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf") Region: id = 1163 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ahronbd.ttf" filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf") Region: id = 1164 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "david.ttf" filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf") Region: id = 1165 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "david.ttf" filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf") Region: id = 1166 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "davidbd.ttf" filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf") Region: id = 1167 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "davidbd.ttf" filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf") Region: id = 1168 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frank.ttf" filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf") Region: id = 1169 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frank.ttf" filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf") Region: id = 1170 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnm.ttf" filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf") Region: id = 1171 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnm.ttf" filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf") Region: id = 1172 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnmbd.ttf" filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf") Region: id = 1173 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnmbd.ttf" filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf") Region: id = 1174 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriam.ttf" filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf") Region: id = 1175 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriam.ttf" filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf") Region: id = 1176 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriamc.ttf" filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf") Region: id = 1177 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriamc.ttf" filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf") Region: id = 1178 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nrkis.ttf" filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf") Region: id = 1179 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nrkis.ttf" filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf") Region: id = 1180 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rod.ttf" filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf") Region: id = 1181 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rod.ttf" filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf") Region: id = 1182 start_va = 0x6220000 end_va = 0x6c36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simfang.ttf" filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf") Region: id = 1183 start_va = 0x6220000 end_va = 0x6c36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simfang.ttf" filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf") Region: id = 1184 start_va = 0x6220000 end_va = 0x6b6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simhei.ttf" filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf") Region: id = 1185 start_va = 0x6220000 end_va = 0x6b6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simhei.ttf" filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf") Region: id = 1186 start_va = 0xa630000 end_va = 0xb5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a630000" filename = "" Region: id = 1187 start_va = 0x6220000 end_va = 0x6d5dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simkai.ttf" filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf") Region: id = 1188 start_va = 0x6220000 end_va = 0x6d5dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simkai.ttf" filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf") Region: id = 1189 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsau.ttf" filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf") Region: id = 1190 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsau.ttf" filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf") Region: id = 1191 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaui.ttf" filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf") Region: id = 1192 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaui.ttf" filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf") Region: id = 1193 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaub.ttf" filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf") Region: id = 1194 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaub.ttf" filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf") Region: id = 1195 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsauz.ttf" filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf") Region: id = 1196 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsauz.ttf" filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf") Region: id = 1197 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browa.ttf" filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf") Region: id = 1198 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browa.ttf" filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf") Region: id = 1199 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browai.ttf" filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf") Region: id = 1200 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browai.ttf" filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf") Region: id = 1201 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browab.ttf" filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf") Region: id = 1202 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browab.ttf" filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf") Region: id = 1203 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaz.ttf" filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf") Region: id = 1204 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaz.ttf" filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf") Region: id = 1205 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browau.ttf" filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf") Region: id = 1206 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browau.ttf" filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf") Region: id = 1207 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaui.ttf" filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf") Region: id = 1208 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaui.ttf" filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf") Region: id = 1209 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaub.ttf" filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf") Region: id = 1210 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaub.ttf" filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf") Region: id = 1211 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browauz.ttf" filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf") Region: id = 1212 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browauz.ttf" filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf") Region: id = 1213 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiau.ttf" filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf") Region: id = 1214 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiau.ttf" filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf") Region: id = 1215 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaub.ttf" filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf") Region: id = 1216 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaub.ttf" filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf") Region: id = 1217 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiauz.ttf" filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf") Region: id = 1218 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiauz.ttf" filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf") Region: id = 1219 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaui.ttf" filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf") Region: id = 1220 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaui.ttf" filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf") Region: id = 1221 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdl.ttf" filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf") Region: id = 1222 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdl.ttf" filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf") Region: id = 1223 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdi.ttf" filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf") Region: id = 1224 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdi.ttf" filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf") Region: id = 1225 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdb.ttf" filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf") Region: id = 1226 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdb.ttf" filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf") Region: id = 1227 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdbi.ttf" filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf") Region: id = 1228 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdbi.ttf" filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf") Region: id = 1229 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcel.ttf" filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf") Region: id = 1230 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcel.ttf" filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf") Region: id = 1231 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcei.ttf" filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf") Region: id = 1232 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcei.ttf" filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf") Region: id = 1233 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upceb.ttf" filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf") Region: id = 1234 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upceb.ttf" filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf") Region: id = 1235 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcebi.ttf" filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf") Region: id = 1236 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcebi.ttf" filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf") Region: id = 1237 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfl.ttf" filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf") Region: id = 1238 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfl.ttf" filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf") Region: id = 1239 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfi.ttf" filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf") Region: id = 1240 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfi.ttf" filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf") Region: id = 1241 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfb.ttf" filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf") Region: id = 1242 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfb.ttf" filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf") Region: id = 1243 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfbi.ttf" filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf") Region: id = 1244 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfbi.ttf" filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf") Region: id = 1245 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcil.ttf" filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf") Region: id = 1246 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcil.ttf" filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf") Region: id = 1247 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcii.ttf" filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf") Region: id = 1248 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcii.ttf" filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf") Region: id = 1249 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcib.ttf" filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf") Region: id = 1250 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcib.ttf" filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf") Region: id = 1251 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcibi.ttf" filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf") Region: id = 1252 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcibi.ttf" filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf") Region: id = 1253 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjl.ttf" filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf") Region: id = 1254 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjl.ttf" filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf") Region: id = 1255 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcji.ttf" filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf") Region: id = 1256 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcji.ttf" filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf") Region: id = 1257 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjb.ttf" filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf") Region: id = 1258 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjb.ttf" filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf") Region: id = 1259 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjbi.ttf" filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf") Region: id = 1260 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjbi.ttf" filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf") Region: id = 1261 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckl.ttf" filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf") Region: id = 1262 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckl.ttf" filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf") Region: id = 1263 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcki.ttf" filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf") Region: id = 1264 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcki.ttf" filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf") Region: id = 1265 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckb.ttf" filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf") Region: id = 1266 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckb.ttf" filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf") Region: id = 1267 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckbi.ttf" filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf") Region: id = 1268 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckbi.ttf" filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf") Region: id = 1269 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcll.ttf" filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf") Region: id = 1270 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcll.ttf" filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf") Region: id = 1271 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcli.ttf" filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf") Region: id = 1272 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcli.ttf" filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf") Region: id = 1273 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclb.ttf" filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf") Region: id = 1274 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclb.ttf" filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf") Region: id = 1275 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclbi.ttf" filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf") Region: id = 1276 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclbi.ttf" filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf") Region: id = 1277 start_va = 0x6220000 end_va = 0x6710fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kaiu.ttf" filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf") Region: id = 1278 start_va = 0x6220000 end_va = 0x6710fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kaiu.ttf" filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf") Region: id = 1279 start_va = 0x660000 end_va = 0x6affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_10646.ttf" filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf") Region: id = 1280 start_va = 0x660000 end_va = 0x6affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_10646.ttf" filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf") Region: id = 1281 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariblk.ttf" filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf") Region: id = 1282 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariblk.ttf" filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf") Region: id = 1283 start_va = 0x660000 end_va = 0x726fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 1284 start_va = 0x660000 end_va = 0x726fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 1285 start_va = 0x6220000 end_va = 0x62f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 1286 start_va = 0x6220000 end_va = 0x62f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 1287 start_va = 0x660000 end_va = 0x72ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrib.ttf" filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf") Region: id = 1288 start_va = 0x660000 end_va = 0x72ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrib.ttf" filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf") Region: id = 1289 start_va = 0x6220000 end_va = 0x62fbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibriz.ttf" filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf") Region: id = 1290 start_va = 0x6220000 end_va = 0x62fbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibriz.ttf" filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf") Region: id = 1291 start_va = 0x6220000 end_va = 0x63acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1292 start_va = 0x6220000 end_va = 0x63acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1293 start_va = 0x6220000 end_va = 0x63acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1294 start_va = 0x660000 end_va = 0x729fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriai.ttf" filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf") Region: id = 1295 start_va = 0x660000 end_va = 0x729fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriai.ttf" filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf") Region: id = 1296 start_va = 0x660000 end_va = 0x721fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriab.ttf" filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf") Region: id = 1297 start_va = 0x660000 end_va = 0x721fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriab.ttf" filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf") Region: id = 1298 start_va = 0x660000 end_va = 0x724fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriaz.ttf" filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf") Region: id = 1299 start_va = 0x660000 end_va = 0x724fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriaz.ttf" filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf") Region: id = 1300 start_va = 0x660000 end_va = 0x695fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candara.ttf" filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf") Region: id = 1301 start_va = 0x660000 end_va = 0x695fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candara.ttf" filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf") Region: id = 1302 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarai.ttf" filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf") Region: id = 1303 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarai.ttf" filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf") Region: id = 1304 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarab.ttf" filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf") Region: id = 1305 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarab.ttf" filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf") Region: id = 1306 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candaraz.ttf" filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf") Region: id = 1307 start_va = 0x660000 end_va = 0x697fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candaraz.ttf" filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf") Region: id = 1308 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comic.ttf" filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf") Region: id = 1309 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comic.ttf" filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf") Region: id = 1310 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicbd.ttf" filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf") Region: id = 1311 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicbd.ttf" filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf") Region: id = 1312 start_va = 0x660000 end_va = 0x6b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 1313 start_va = 0x660000 end_va = 0x6b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 1314 start_va = 0x660000 end_va = 0x6b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 1315 start_va = 0x660000 end_va = 0x6b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 1316 start_va = 0x660000 end_va = 0x6b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 1317 start_va = 0x660000 end_va = 0x6b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 1318 start_va = 0x660000 end_va = 0x6bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolaz.ttf" filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf") Region: id = 1319 start_va = 0x660000 end_va = 0x6bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolaz.ttf" filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf") Region: id = 1320 start_va = 0x660000 end_va = 0x6cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constan.ttf" filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf") Region: id = 1321 start_va = 0x660000 end_va = 0x6cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constan.ttf" filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf") Region: id = 1322 start_va = 0x660000 end_va = 0x6cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constani.ttf" filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf") Region: id = 1323 start_va = 0x660000 end_va = 0x6cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constani.ttf" filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf") Region: id = 1324 start_va = 0x660000 end_va = 0x6cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanb.ttf" filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf") Region: id = 1325 start_va = 0x660000 end_va = 0x6cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanb.ttf" filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf") Region: id = 1326 start_va = 0x660000 end_va = 0x6cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanz.ttf" filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf") Region: id = 1327 start_va = 0x660000 end_va = 0x6cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanz.ttf" filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf") Region: id = 1328 start_va = 0x660000 end_va = 0x69ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbel.ttf" filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf") Region: id = 1329 start_va = 0x660000 end_va = 0x69ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbel.ttf" filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf") Region: id = 1330 start_va = 0x660000 end_va = 0x6a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbeli.ttf" filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf") Region: id = 1331 start_va = 0x660000 end_va = 0x6a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbeli.ttf" filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf") Region: id = 1332 start_va = 0x660000 end_va = 0x6a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelb.ttf" filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf") Region: id = 1333 start_va = 0x660000 end_va = 0x6a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelb.ttf" filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf") Region: id = 1334 start_va = 0x660000 end_va = 0x6a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelz.ttf" filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf") Region: id = 1335 start_va = 0x660000 end_va = 0x6a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelz.ttf" filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf") Region: id = 1336 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framd.ttf" filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf") Region: id = 1337 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framd.ttf" filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf") Region: id = 1338 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdit.ttf" filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf") Region: id = 1339 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdit.ttf" filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf") Region: id = 1340 start_va = 0x6220000 end_va = 0x63d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gabriola.ttf" filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf") Region: id = 1341 start_va = 0x6220000 end_va = 0x63d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gabriola.ttf" filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf") Region: id = 1342 start_va = 0x63e0000 end_va = 0x64bafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063e0000" filename = "" Region: id = 1343 start_va = 0x660000 end_va = 0x686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgia.ttf" filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf") Region: id = 1344 start_va = 0x660000 end_va = 0x686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgia.ttf" filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf") Region: id = 1345 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiai.ttf" filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf") Region: id = 1346 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiai.ttf" filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf") Region: id = 1347 start_va = 0x660000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiab.ttf" filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf") Region: id = 1348 start_va = 0x660000 end_va = 0x683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiab.ttf" filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf") Region: id = 1349 start_va = 0x660000 end_va = 0x688fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiaz.ttf" filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf") Region: id = 1350 start_va = 0x660000 end_va = 0x688fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiaz.ttf" filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf") Region: id = 1351 start_va = 0x660000 end_va = 0x6d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pala.ttf" filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf") Region: id = 1352 start_va = 0x660000 end_va = 0x6d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pala.ttf" filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf") Region: id = 1353 start_va = 0x660000 end_va = 0x6c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palai.ttf" filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf") Region: id = 1354 start_va = 0x660000 end_va = 0x6c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palai.ttf" filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf") Region: id = 1355 start_va = 0x660000 end_va = 0x6c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palab.ttf" filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf") Region: id = 1356 start_va = 0x660000 end_va = 0x6c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palab.ttf" filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf") Region: id = 1357 start_va = 0x660000 end_va = 0x6b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palabi.ttf" filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf") Region: id = 1358 start_va = 0x660000 end_va = 0x6b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palabi.ttf" filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf") Region: id = 1359 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoepr.ttf" filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf") Region: id = 1360 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoepr.ttf" filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf") Region: id = 1361 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeprb.ttf" filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf") Region: id = 1362 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeprb.ttf" filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf") Region: id = 1363 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebuc.ttf" filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf") Region: id = 1364 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebuc.ttf" filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf") Region: id = 1365 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucit.ttf" filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf") Region: id = 1366 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucit.ttf" filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf") Region: id = 1367 start_va = 0x660000 end_va = 0x67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbd.ttf" filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf") Region: id = 1368 start_va = 0x660000 end_va = 0x67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbd.ttf" filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf") Region: id = 1369 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbi.ttf" filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf") Region: id = 1370 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbi.ttf" filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf") Region: id = 1371 start_va = 0x660000 end_va = 0x68dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdana.ttf" filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf") Region: id = 1372 start_va = 0x660000 end_va = 0x68dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdana.ttf" filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf") Region: id = 1373 start_va = 0x660000 end_va = 0x68bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanai.ttf" filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf") Region: id = 1374 start_va = 0x660000 end_va = 0x68bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanai.ttf" filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf") Region: id = 1375 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanab.ttf" filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf") Region: id = 1376 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanab.ttf" filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf") Region: id = 1377 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanaz.ttf" filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf") Region: id = 1378 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanaz.ttf" filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf") Region: id = 1379 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "webdings.ttf" filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf") Region: id = 1380 start_va = 0x660000 end_va = 0x67dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "webdings.ttf" filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf") Region: id = 1381 start_va = 0x610000 end_va = 0x615fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coure.fon" filename = "\\Windows\\Fonts\\coure.fon" (normalized: "c:\\windows\\fonts\\coure.fon") Region: id = 1382 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "serife.fon" filename = "\\Windows\\Fonts\\serife.fon" (normalized: "c:\\windows\\fonts\\serife.fon") Region: id = 1383 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sserife.fon" filename = "\\Windows\\Fonts\\sserife.fon" (normalized: "c:\\windows\\fonts\\sserife.fon") Region: id = 1384 start_va = 0x610000 end_va = 0x616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "smalle.fon" filename = "\\Windows\\Fonts\\smalle.fon" (normalized: "c:\\windows\\fonts\\smalle.fon") Region: id = 1385 start_va = 0x610000 end_va = 0x615fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "smallf.fon" filename = "\\Windows\\Fonts\\smallf.fon" (normalized: "c:\\windows\\fonts\\smallf.fon") Region: id = 1386 start_va = 0x6220000 end_va = 0x6368fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmala.ttf" filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf") Region: id = 1387 start_va = 0x6220000 end_va = 0x6368fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmala.ttf" filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf") Region: id = 1388 start_va = 0x6220000 end_va = 0x635cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalab.ttf" filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf") Region: id = 1389 start_va = 0x6220000 end_va = 0x635cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalab.ttf" filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf") Region: id = 1390 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyb.ttf" filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf") Region: id = 1391 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyb.ttf" filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf") Region: id = 1392 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyr.ttf" filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf") Region: id = 1393 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyr.ttf" filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf") Region: id = 1394 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alger.ttf" filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf") Region: id = 1395 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alger.ttf" filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf") Region: id = 1396 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquab.ttf" filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf") Region: id = 1397 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquab.ttf" filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf") Region: id = 1398 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquabi.ttf" filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf") Region: id = 1399 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquabi.ttf" filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf") Region: id = 1400 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquai.ttf" filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf") Region: id = 1401 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquai.ttf" filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf") Region: id = 1402 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialn.ttf" filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf") Region: id = 1403 start_va = 0x660000 end_va = 0x68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialn.ttf" filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf") Region: id = 1404 start_va = 0x660000 end_va = 0x68cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnb.ttf" filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf") Region: id = 1405 start_va = 0x660000 end_va = 0x68cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnb.ttf" filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf") Region: id = 1406 start_va = 0x660000 end_va = 0x68bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnbi.ttf" filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf") Region: id = 1407 start_va = 0x660000 end_va = 0x68bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnbi.ttf" filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf") Region: id = 1408 start_va = 0x660000 end_va = 0x68cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialni.ttf" filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf") Region: id = 1409 start_va = 0x660000 end_va = 0x68cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialni.ttf" filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf") Region: id = 1410 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arlrdbd.ttf" filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf") Region: id = 1411 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arlrdbd.ttf" filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf") Region: id = 1412 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "baskvill.ttf" filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf") Region: id = 1413 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "baskvill.ttf" filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf") Region: id = 1414 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bauhs93.ttf" filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf") Region: id = 1415 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bauhs93.ttf" filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf") Region: id = 1416 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bell.ttf" filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf") Region: id = 1417 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bell.ttf" filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf") Region: id = 1418 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bellb.ttf" filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf") Region: id = 1419 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bellb.ttf" filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf") Region: id = 1420 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "belli.ttf" filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf") Region: id = 1421 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "belli.ttf" filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf") Region: id = 1422 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bernhc.ttf" filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf") Region: id = 1423 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bernhc.ttf" filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf") Region: id = 1424 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bkant.ttf" filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf") Region: id = 1425 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bkant.ttf" filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf") Region: id = 1426 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_b.ttf" filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf") Region: id = 1427 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_b.ttf" filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf") Region: id = 1428 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_bi.ttf" filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf") Region: id = 1429 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_bi.ttf" filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf") Region: id = 1430 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blai.ttf" filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf") Region: id = 1431 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blai.ttf" filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf") Region: id = 1432 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blar.ttf" filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf") Region: id = 1433 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blar.ttf" filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf") Region: id = 1434 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cb.ttf" filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf") Region: id = 1435 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cb.ttf" filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf") Region: id = 1436 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cbi.ttf" filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf") Region: id = 1437 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cbi.ttf" filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf") Region: id = 1438 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_ci.ttf" filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf") Region: id = 1439 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_ci.ttf" filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf") Region: id = 1440 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cr.ttf" filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf") Region: id = 1441 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cr.ttf" filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf") Region: id = 1442 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_i.ttf" filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf") Region: id = 1443 start_va = 0x660000 end_va = 0x675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_i.ttf" filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf") Region: id = 1444 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_pstc.ttf" filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf") Region: id = 1445 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_pstc.ttf" filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf") Region: id = 1446 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_r.ttf" filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf") Region: id = 1447 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_r.ttf" filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf") Region: id = 1448 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookos.ttf" filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf") Region: id = 1449 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookos.ttf" filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf") Region: id = 1450 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosb.ttf" filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf") Region: id = 1451 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosb.ttf" filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf") Region: id = 1452 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosbi.ttf" filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf") Region: id = 1453 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosbi.ttf" filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf") Region: id = 1454 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosi.ttf" filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf") Region: id = 1455 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosi.ttf" filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf") Region: id = 1456 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bradhitc.ttf" filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf") Region: id = 1457 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bradhitc.ttf" filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf") Region: id = 1458 start_va = 0x610000 end_va = 0x619fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "britanic.ttf" filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf") Region: id = 1459 start_va = 0x610000 end_va = 0x619fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "britanic.ttf" filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf") Region: id = 1460 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsb.ttf" filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf") Region: id = 1461 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsb.ttf" filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf") Region: id = 1462 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsdb.ttf" filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf") Region: id = 1463 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsdb.ttf" filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf") Region: id = 1464 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsr.ttf" filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf") Region: id = 1465 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsr.ttf" filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf") Region: id = 1466 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "broadw.ttf" filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf") Region: id = 1467 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "broadw.ttf" filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf") Region: id = 1468 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brushsci.ttf" filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf") Region: id = 1469 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brushsci.ttf" filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf") Region: id = 1470 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bssym7.ttf" filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf") Region: id = 1471 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bssym7.ttf" filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf") Region: id = 1472 start_va = 0x660000 end_va = 0x719fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 1473 start_va = 0x660000 end_va = 0x719fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 1474 start_va = 0x6220000 end_va = 0x62f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 1475 start_va = 0x6220000 end_va = 0x62f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 1476 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califb.ttf" filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf") Region: id = 1477 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califb.ttf" filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf") Region: id = 1478 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califi.ttf" filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf") Region: id = 1479 start_va = 0x660000 end_va = 0x678fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califi.ttf" filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf") Region: id = 1480 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califr.ttf" filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf") Region: id = 1481 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califr.ttf" filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf") Region: id = 1482 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calist.ttf" filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf") Region: id = 1483 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calist.ttf" filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf") Region: id = 1484 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistb.ttf" filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf") Region: id = 1485 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistb.ttf" filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf") Region: id = 1486 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistbi.ttf" filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf") Region: id = 1487 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistbi.ttf" filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf") Region: id = 1488 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calisti.ttf" filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf") Region: id = 1489 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calisti.ttf" filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf") Region: id = 1490 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "castelar.ttf" filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf") Region: id = 1491 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "castelar.ttf" filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf") Region: id = 1492 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "censcbk.ttf" filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf") Region: id = 1493 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "censcbk.ttf" filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf") Region: id = 1494 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "centaur.ttf" filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf") Region: id = 1495 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "centaur.ttf" filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf") Region: id = 1496 start_va = 0x660000 end_va = 0x688fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "century.ttf" filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf") Region: id = 1497 start_va = 0x660000 end_va = 0x688fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "century.ttf" filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf") Region: id = 1498 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "chiller.ttf" filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf") Region: id = 1499 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "chiller.ttf" filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf") Region: id = 1500 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "colonna.ttf" filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf") Region: id = 1501 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "colonna.ttf" filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf") Region: id = 1502 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coopbl.ttf" filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf") Region: id = 1503 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coopbl.ttf" filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf") Region: id = 1504 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtb.ttf" filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf") Region: id = 1505 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtb.ttf" filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf") Region: id = 1506 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtl.ttf" filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf") Region: id = 1507 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtl.ttf" filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf") Region: id = 1508 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "curlz___.ttf" filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf") Region: id = 1509 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "curlz___.ttf" filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf") Region: id = 1510 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnt.ttf" filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf") Region: id = 1511 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnt.ttf" filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf") Region: id = 1512 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnti.ttf" filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf") Region: id = 1513 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnti.ttf" filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf") Region: id = 1514 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "engr.ttf" filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf") Region: id = 1515 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "engr.ttf" filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf") Region: id = 1516 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasbd.ttf" filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf") Region: id = 1517 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasbd.ttf" filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf") Region: id = 1518 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasdemi.ttf" filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf") Region: id = 1519 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasdemi.ttf" filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf") Region: id = 1520 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eraslght.ttf" filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf") Region: id = 1521 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eraslght.ttf" filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf") Region: id = 1522 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasmd.ttf" filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf") Region: id = 1523 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasmd.ttf" filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf") Region: id = 1524 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "felixti.ttf" filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf") Region: id = 1525 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "felixti.ttf" filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf") Region: id = 1526 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "forte.ttf" filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf") Region: id = 1527 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "forte.ttf" filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf") Region: id = 1528 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabk.ttf" filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf") Region: id = 1529 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabk.ttf" filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf") Region: id = 1530 start_va = 0x660000 end_va = 0x689fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabkit.ttf" filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf") Region: id = 1531 start_va = 0x660000 end_va = 0x689fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabkit.ttf" filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf") Region: id = 1532 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradm.ttf" filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf") Region: id = 1533 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradm.ttf" filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf") Region: id = 1534 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmcn.ttf" filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf") Region: id = 1535 start_va = 0x660000 end_va = 0x67cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmcn.ttf" filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf") Region: id = 1536 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmit.ttf" filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf") Region: id = 1537 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmit.ttf" filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf") Region: id = 1538 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahv.ttf" filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf") Region: id = 1539 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahv.ttf" filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf") Region: id = 1540 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahvit.ttf" filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf") Region: id = 1541 start_va = 0x660000 end_va = 0x685fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahvit.ttf" filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf") Region: id = 1542 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdcn.ttf" filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf") Region: id = 1543 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdcn.ttf" filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf") Region: id = 1544 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "freescpt.ttf" filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf") Region: id = 1545 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "freescpt.ttf" filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf") Region: id = 1546 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frscript.ttf" filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf") Region: id = 1547 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frscript.ttf" filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf") Region: id = 1548 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ftltlt.ttf" filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf") Region: id = 1549 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ftltlt.ttf" filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf") Region: id = 1550 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugi.ttf" filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf") Region: id = 1551 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugi.ttf" filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf") Region: id = 1552 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugib.ttf" filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf") Region: id = 1553 start_va = 0x660000 end_va = 0x693fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugib.ttf" filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf") Region: id = 1554 start_va = 0x660000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gara.ttf" filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf") Region: id = 1555 start_va = 0x660000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gara.ttf" filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf") Region: id = 1556 start_va = 0x660000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garabd.ttf" filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf") Region: id = 1557 start_va = 0x660000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garabd.ttf" filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf") Region: id = 1558 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garait.ttf" filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf") Region: id = 1559 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garait.ttf" filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf") Region: id = 1560 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gigi.ttf" filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf") Region: id = 1561 start_va = 0x660000 end_va = 0x682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gigi.ttf" filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf") Region: id = 1562 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gil_____.ttf" filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf") Region: id = 1563 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gil_____.ttf" filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf") Region: id = 1564 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilb____.ttf" filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf") Region: id = 1565 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilb____.ttf" filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf") Region: id = 1566 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilbi___.ttf" filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf") Region: id = 1567 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilbi___.ttf" filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf") Region: id = 1568 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilc____.ttf" filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf") Region: id = 1569 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilc____.ttf" filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf") Region: id = 1570 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gili____.ttf" filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf") Region: id = 1571 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gili____.ttf" filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf") Region: id = 1572 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gillubcd.ttf" filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf") Region: id = 1573 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gillubcd.ttf" filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf") Region: id = 1574 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilsanub.ttf" filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf") Region: id = 1575 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilsanub.ttf" filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf") Region: id = 1576 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glecb.ttf" filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf") Region: id = 1577 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glecb.ttf" filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf") Region: id = 1578 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glsnecb.ttf" filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf") Region: id = 1579 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glsnecb.ttf" filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf") Region: id = 1580 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothic.ttf" filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf") Region: id = 1581 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothic.ttf" filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf") Region: id = 1582 start_va = 0x660000 end_va = 0x67ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicb.ttf" filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf") Region: id = 1583 start_va = 0x660000 end_va = 0x67ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicb.ttf" filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf") Region: id = 1584 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicbi.ttf" filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf") Region: id = 1585 start_va = 0x660000 end_va = 0x681fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicbi.ttf" filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf") Region: id = 1586 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothici.ttf" filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf") Region: id = 1587 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothici.ttf" filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf") Region: id = 1588 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudos.ttf" filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf") Region: id = 1589 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudos.ttf" filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf") Region: id = 1590 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosb.ttf" filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf") Region: id = 1591 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosb.ttf" filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf") Region: id = 1592 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosi.ttf" filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf") Region: id = 1593 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosi.ttf" filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf") Region: id = 1594 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudysto.ttf" filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf") Region: id = 1595 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudysto.ttf" filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf") Region: id = 1596 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harlowsi.ttf" filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf") Region: id = 1597 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harlowsi.ttf" filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf") Region: id = 1598 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harngton.ttf" filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf") Region: id = 1599 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harngton.ttf" filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf") Region: id = 1600 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hatten.ttf" filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf") Region: id = 1601 start_va = 0x660000 end_va = 0x67afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hatten.ttf" filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf") Region: id = 1602 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowert.ttf" filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf") Region: id = 1603 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowert.ttf" filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf") Region: id = 1604 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowerti.ttf" filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf") Region: id = 1605 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowerti.ttf" filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf") Region: id = 1606 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imprisha.ttf" filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf") Region: id = 1607 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imprisha.ttf" filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf") Region: id = 1608 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "infroman.ttf" filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf") Region: id = 1609 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "infroman.ttf" filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf") Region: id = 1610 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcblkad.ttf" filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf") Region: id = 1611 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcblkad.ttf" filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf") Region: id = 1612 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcedscr.ttf" filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf") Region: id = 1613 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcedscr.ttf" filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf") Region: id = 1614 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itckrist.ttf" filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf") Region: id = 1615 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itckrist.ttf" filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf") Region: id = 1616 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "jokerman.ttf" filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf") Region: id = 1617 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "jokerman.ttf" filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf") Region: id = 1618 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "juice___.ttf" filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf") Region: id = 1619 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "juice___.ttf" filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf") Region: id = 1620 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kunstler.ttf" filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf") Region: id = 1621 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kunstler.ttf" filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf") Region: id = 1622 start_va = 0x610000 end_va = 0x61afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latinwd.ttf" filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf") Region: id = 1623 start_va = 0x610000 end_va = 0x61afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latinwd.ttf" filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf") Region: id = 1624 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrite.ttf" filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf") Region: id = 1625 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrite.ttf" filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf") Region: id = 1626 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrited.ttf" filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf") Region: id = 1627 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrited.ttf" filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf") Region: id = 1628 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritedi.ttf" filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf") Region: id = 1629 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritedi.ttf" filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf") Region: id = 1630 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritei.ttf" filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf") Region: id = 1631 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritei.ttf" filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf") Region: id = 1632 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lcallig.ttf" filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf") Region: id = 1633 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lcallig.ttf" filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf") Region: id = 1634 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfax.ttf" filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf") Region: id = 1635 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfax.ttf" filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf") Region: id = 1636 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxd.ttf" filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf") Region: id = 1637 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxd.ttf" filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf") Region: id = 1638 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxdi.ttf" filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf") Region: id = 1639 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxdi.ttf" filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf") Region: id = 1640 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxi.ttf" filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf") Region: id = 1641 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxi.ttf" filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf") Region: id = 1642 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lhandw.ttf" filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf") Region: id = 1643 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lhandw.ttf" filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf") Region: id = 1644 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsans.ttf" filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf") Region: id = 1645 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsans.ttf" filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf") Region: id = 1646 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansd.ttf" filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf") Region: id = 1647 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansd.ttf" filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf") Region: id = 1648 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansdi.ttf" filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf") Region: id = 1649 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansdi.ttf" filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf") Region: id = 1650 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansi.ttf" filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf") Region: id = 1651 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansi.ttf" filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf") Region: id = 1652 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltype.ttf" filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf") Region: id = 1653 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltype.ttf" filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf") Region: id = 1654 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeb.ttf" filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf") Region: id = 1655 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeb.ttf" filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf") Region: id = 1656 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypebo.ttf" filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf") Region: id = 1657 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypebo.ttf" filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf") Region: id = 1658 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeo.ttf" filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf") Region: id = 1659 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeo.ttf" filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf") Region: id = 1660 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "magnetob.ttf" filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf") Region: id = 1661 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "magnetob.ttf" filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf") Region: id = 1662 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maian.ttf" filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf") Region: id = 1663 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maian.ttf" filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf") Region: id = 1664 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maturasc.ttf" filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf") Region: id = 1665 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maturasc.ttf" filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf") Region: id = 1666 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mistral.ttf" filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf") Region: id = 1667 start_va = 0x660000 end_va = 0x68efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mistral.ttf" filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf") Region: id = 1668 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mod20.ttf" filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf") Region: id = 1669 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mod20.ttf" filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf") Region: id = 1670 start_va = 0xb600000 end_va = 0xca50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1671 start_va = 0xb600000 end_va = 0xca50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1672 start_va = 0xb600000 end_va = 0xca50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1673 start_va = 0xb600000 end_va = 0xc3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1674 start_va = 0xb600000 end_va = 0xc3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1675 start_va = 0xb600000 end_va = 0xc3adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1676 start_va = 0x660000 end_va = 0x698fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighub.ttf" filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf") Region: id = 1677 start_va = 0x660000 end_va = 0x698fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighub.ttf" filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf") Region: id = 1678 start_va = 0xb600000 end_va = 0xca8bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1679 start_va = 0xb600000 end_va = 0xca8bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1680 start_va = 0xb600000 end_va = 0xca8bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1681 start_va = 0xb600000 end_va = 0xc3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1682 start_va = 0xb600000 end_va = 0xc3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1683 start_va = 0xb600000 end_va = 0xc3b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1684 start_va = 0x660000 end_va = 0x686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtcorsva.ttf" filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf") Region: id = 1685 start_va = 0x660000 end_va = 0x686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtcorsva.ttf" filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf") Region: id = 1686 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niageng.ttf" filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf") Region: id = 1687 start_va = 0x660000 end_va = 0x677fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niageng.ttf" filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf") Region: id = 1688 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niagsol.ttf" filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf") Region: id = 1689 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niagsol.ttf" filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf") Region: id = 1690 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ocraext.ttf" filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf") Region: id = 1691 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ocraext.ttf" filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf") Region: id = 1692 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oldengl.ttf" filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf") Region: id = 1693 start_va = 0x660000 end_va = 0x676fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oldengl.ttf" filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf") Region: id = 1694 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "onyx.ttf" filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf") Region: id = 1695 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "onyx.ttf" filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf") Region: id = 1696 start_va = 0x610000 end_va = 0x614fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "outlook.ttf" filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf") Region: id = 1697 start_va = 0x610000 end_va = 0x614fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "outlook.ttf" filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf") Region: id = 1698 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palscri.ttf" filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf") Region: id = 1699 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palscri.ttf" filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf") Region: id = 1700 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "papyrus.ttf" filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf") Region: id = 1701 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "papyrus.ttf" filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf") Region: id = 1702 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "parchm.ttf" filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf") Region: id = 1703 start_va = 0x660000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "parchm.ttf" filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf") Region: id = 1704 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "per_____.ttf" filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf") Region: id = 1705 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "per_____.ttf" filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf") Region: id = 1706 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perb____.ttf" filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf") Region: id = 1707 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perb____.ttf" filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf") Region: id = 1708 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perbi___.ttf" filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf") Region: id = 1709 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perbi___.ttf" filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf") Region: id = 1710 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peri____.ttf" filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf") Region: id = 1711 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peri____.ttf" filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf") Region: id = 1712 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertibd.ttf" filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf") Region: id = 1713 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertibd.ttf" filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf") Region: id = 1714 start_va = 0x610000 end_va = 0x61afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertili.ttf" filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf") Region: id = 1715 start_va = 0x610000 end_va = 0x61afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertili.ttf" filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf") Region: id = 1716 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "playbill.ttf" filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf") Region: id = 1717 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "playbill.ttf" filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf") Region: id = 1718 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "poorich.ttf" filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf") Region: id = 1719 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "poorich.ttf" filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf") Region: id = 1720 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pristina.ttf" filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf") Region: id = 1721 start_va = 0x660000 end_va = 0x674fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pristina.ttf" filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf") Region: id = 1722 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rage.ttf" filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf") Region: id = 1723 start_va = 0x660000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rage.ttf" filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf") Region: id = 1724 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ravie.ttf" filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf") Region: id = 1725 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ravie.ttf" filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf") Region: id = 1726 start_va = 0x660000 end_va = 0x695fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refsan.ttf" filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf") Region: id = 1727 start_va = 0x660000 end_va = 0x695fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refsan.ttf" filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf") Region: id = 1728 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refspcl.ttf" filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf") Region: id = 1729 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refspcl.ttf" filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf") Region: id = 1730 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocc____.ttf" filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf") Region: id = 1731 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocc____.ttf" filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf") Region: id = 1732 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roccb___.ttf" filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf") Region: id = 1733 start_va = 0x610000 end_va = 0x61efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roccb___.ttf" filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf") Region: id = 1734 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rock.ttf" filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf") Region: id = 1735 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rock.ttf" filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf") Region: id = 1736 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockb.ttf" filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf") Region: id = 1737 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockb.ttf" filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf") Region: id = 1738 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockbi.ttf" filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf") Region: id = 1739 start_va = 0x660000 end_va = 0x671fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockbi.ttf" filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf") Region: id = 1740 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockeb.ttf" filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf") Region: id = 1741 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockeb.ttf" filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf") Region: id = 1742 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocki.ttf" filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf") Region: id = 1743 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocki.ttf" filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf") Region: id = 1744 start_va = 0x660000 end_va = 0x689fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkb.ttf" filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf") Region: id = 1745 start_va = 0x660000 end_va = 0x689fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkb.ttf" filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf") Region: id = 1746 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkbi.ttf" filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf") Region: id = 1747 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkbi.ttf" filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf") Region: id = 1748 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbki.ttf" filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf") Region: id = 1749 start_va = 0x660000 end_va = 0x687fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbki.ttf" filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf") Region: id = 1750 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "scriptbl.ttf" filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf") Region: id = 1751 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "scriptbl.ttf" filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf") Region: id = 1752 start_va = 0x660000 end_va = 0x6f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuisl.ttf" filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf") Region: id = 1753 start_va = 0x660000 end_va = 0x6f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuisl.ttf" filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf") Region: id = 1754 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "showg.ttf" filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf") Region: id = 1755 start_va = 0x610000 end_va = 0x61cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "showg.ttf" filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf") Region: id = 1756 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "snap____.ttf" filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf") Region: id = 1757 start_va = 0x610000 end_va = 0x61ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "snap____.ttf" filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf") Region: id = 1758 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stencil.ttf" filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf") Region: id = 1759 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stencil.ttf" filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf") Region: id = 1760 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcb_____.ttf" filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf") Region: id = 1761 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcb_____.ttf" filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf") Region: id = 1762 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcbi____.ttf" filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf") Region: id = 1763 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcbi____.ttf" filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf") Region: id = 1764 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccb____.ttf" filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf") Region: id = 1765 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccb____.ttf" filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf") Region: id = 1766 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcceb.ttf" filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf") Region: id = 1767 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcceb.ttf" filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf") Region: id = 1768 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccm____.ttf" filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf") Region: id = 1769 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccm____.ttf" filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf") Region: id = 1770 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcm_____.ttf" filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf") Region: id = 1771 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcm_____.ttf" filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf") Region: id = 1772 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcmi____.ttf" filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf") Region: id = 1773 start_va = 0x660000 end_va = 0x673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcmi____.ttf" filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf") Region: id = 1774 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tempsitc.ttf" filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf") Region: id = 1775 start_va = 0x660000 end_va = 0x672fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tempsitc.ttf" filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf") Region: id = 1776 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vineritc.ttf" filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf") Region: id = 1777 start_va = 0x660000 end_va = 0x679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vineritc.ttf" filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf") Region: id = 1778 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vivaldii.ttf" filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf") Region: id = 1779 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vivaldii.ttf" filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf") Region: id = 1780 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vladimir.ttf" filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf") Region: id = 1781 start_va = 0x610000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vladimir.ttf" filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf") Region: id = 1782 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng2.ttf" filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf") Region: id = 1783 start_va = 0x660000 end_va = 0x670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng2.ttf" filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf") Region: id = 1784 start_va = 0x610000 end_va = 0x618fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng3.ttf" filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf") Region: id = 1785 start_va = 0x610000 end_va = 0x618fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng3.ttf" filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf") Region: id = 1786 start_va = 0x610000 end_va = 0x611fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtextra.ttf" filename = "\\Windows\\Fonts\\MTEXTRA.TTF" (normalized: "c:\\windows\\fonts\\mtextra.ttf") Region: id = 1787 start_va = 0x610000 end_va = 0x611fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtextra.ttf" filename = "\\Windows\\Fonts\\MTEXTRA.TTF" (normalized: "c:\\windows\\fonts\\mtextra.ttf") Region: id = 1788 start_va = 0x600000 end_va = 0x61bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 1789 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1790 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1791 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1792 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1793 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1794 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1795 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1796 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1797 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1798 start_va = 0x6d480000 end_va = 0x6d57afff monitored = 0 entry_point = 0x6d4917e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 1799 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1800 start_va = 0x660000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1801 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1802 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1803 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1804 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1805 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1806 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1807 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1808 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1809 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1810 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1811 start_va = 0xbb0000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 1812 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1813 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1814 start_va = 0x6c6b0000 end_va = 0x6d47cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.web.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll") Region: id = 1815 start_va = 0x73800000 end_va = 0x738f4fff monitored = 0 entry_point = 0x73810d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1816 start_va = 0x6f0000 end_va = 0x6f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 1817 start_va = 0x73d70000 end_va = 0x73f0dfff monitored = 0 entry_point = 0x73d9e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1818 start_va = 0x700000 end_va = 0x700fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1819 start_va = 0x710000 end_va = 0x711fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 1820 start_va = 0x700000 end_va = 0x700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1821 start_va = 0x76880000 end_va = 0x76902fff monitored = 0 entry_point = 0x768823d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1822 start_va = 0x720000 end_va = 0x720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1823 start_va = 0x73d30000 end_va = 0x73d50fff monitored = 0 entry_point = 0x73d3145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1824 start_va = 0x74d00000 end_va = 0x74d44fff monitored = 0 entry_point = 0x74d011e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1825 start_va = 0x770000 end_va = 0x773fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1826 start_va = 0xc00000 end_va = 0xc16fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db") Region: id = 1827 start_va = 0xbb0000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 1828 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1829 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1830 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1831 start_va = 0x770000 end_va = 0x773fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1832 start_va = 0xc20000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 1833 start_va = 0xd50000 end_va = 0xd53fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1834 start_va = 0x52e0000 end_va = 0x5345fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1835 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1836 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1837 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1838 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1839 start_va = 0x765a0000 end_va = 0x7673cfff monitored = 0 entry_point = 0x765a17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 1840 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1841 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1842 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1843 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1844 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1845 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1846 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1847 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1848 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1849 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1850 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1851 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1852 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1853 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1854 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1855 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1856 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1857 start_va = 0x75070000 end_va = 0x75096fff monitored = 0 entry_point = 0x750758b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1858 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1859 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1860 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1861 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1862 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1863 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1864 start_va = 0x6220000 end_va = 0x6320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 1865 start_va = 0x750a0000 end_va = 0x750b1fff monitored = 0 entry_point = 0x750a1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 1866 start_va = 0xd60000 end_va = 0xd6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 1867 start_va = 0x73970000 end_va = 0x739bbfff monitored = 0 entry_point = 0x73972c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1868 start_va = 0x6c680000 end_va = 0x6c6adfff monitored = 0 entry_point = 0x6c681bba region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 1869 start_va = 0x57b0000 end_va = 0x57effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057b0000" filename = "" Region: id = 1870 start_va = 0x6590000 end_va = 0x668ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006590000" filename = "" Region: id = 1871 start_va = 0x7ef8c000 end_va = 0x7ef8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 1872 start_va = 0xd70000 end_va = 0xd7dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 1873 start_va = 0x74e30000 end_va = 0x74f65fff monitored = 0 entry_point = 0x74e31b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1874 start_va = 0x76b70000 end_va = 0x76c64fff monitored = 0 entry_point = 0x76b71865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1875 start_va = 0x750c0000 end_va = 0x752bafff monitored = 0 entry_point = 0x750c22d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1876 start_va = 0xd80000 end_va = 0xd80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 1914 start_va = 0x10f0000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 1915 start_va = 0x1140000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1916 start_va = 0x6280000 end_va = 0x637ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006280000" filename = "" Region: id = 1917 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Thread: id = 1 os_tid = 0xfc0 [0060.472] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0063.544] GetACP () returned 0x4e4 [0065.044] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config", nBufferLength=0x105, lpBuffer=0x43ec80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config", lpFilePart=0x0) returned 0x66 [0065.057] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e978 | out: phkResult=0x43e978*=0x0) returned 0x2 [0065.058] RegCloseKey (hKey=0x80000002) returned 0x0 [0066.142] GetCurrentProcess () returned 0xffffffff [0066.142] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43efb8 | out: TokenHandle=0x43efb8*=0x40) returned 1 [0066.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x43ea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0067.031] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x43efb0 | out: lpFileInformation=0x43efb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0067.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x43ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0067.185] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x43efb8 | out: lpFileInformation=0x43efb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0067.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x43e9d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0067.368] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43eef0) returned 1 [0067.369] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0067.370] GetFileType (hFile=0x1f4) returned 0x1 [0067.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43eeec) returned 1 [0067.370] GetFileType (hFile=0x1f4) returned 0x1 [0070.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x43e228, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0070.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x43e28c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0070.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43e4cc) returned 1 [0070.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x43e790 | out: lpFileInformation=0x43e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0070.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43e4c8) returned 1 [0070.701] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x43e65c | out: pfEnabled=0x43e65c) returned 0x0 [0071.080] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ef3c | out: phkResult=0x43ef3c*=0x0) returned 0x2 [0071.080] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ef3c | out: phkResult=0x43ef3c*=0x0) returned 0x2 [0071.083] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x43efac | out: lpFileSizeHigh=0x43efac*=0x0) returned 0x8c8e [0071.084] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ef68, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43ef68*=0x1000, lpOverlapped=0x0) returned 1 [0071.108] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ee18, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43ee18*=0x1000, lpOverlapped=0x0) returned 1 [0071.110] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eccc, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43eccc*=0x1000, lpOverlapped=0x0) returned 1 [0071.111] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eccc, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43eccc*=0x1000, lpOverlapped=0x0) returned 1 [0071.111] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43eccc, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43eccc*=0x1000, lpOverlapped=0x0) returned 1 [0071.112] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ec04, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43ec04*=0x1000, lpOverlapped=0x0) returned 1 [0071.119] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ed70, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43ed70*=0x1000, lpOverlapped=0x0) returned 1 [0071.121] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ec64, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43ec64*=0x1000, lpOverlapped=0x0) returned 1 [0071.121] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ec64, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43ec64*=0xc8e, lpOverlapped=0x0) returned 1 [0071.122] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfd8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x43ed28, lpOverlapped=0x0 | out: lpBuffer=0x26bfd8c*, lpNumberOfBytesRead=0x43ed28*=0x0, lpOverlapped=0x0) returned 1 [0071.122] CloseHandle (hObject=0x1f4) returned 1 [0071.123] CloseHandle (hObject=0x40) returned 1 [0071.124] GetCurrentProcess () returned 0xffffffff [0071.124] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43f104 | out: TokenHandle=0x43f104*=0x40) returned 1 [0071.125] CloseHandle (hObject=0x40) returned 1 [0071.125] GetCurrentProcess () returned 0xffffffff [0071.126] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43f104 | out: TokenHandle=0x43f104*=0x40) returned 1 [0071.128] CloseHandle (hObject=0x40) returned 1 [0071.136] GetCurrentProcess () returned 0xffffffff [0071.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43efb8 | out: TokenHandle=0x43efb8*=0x40) returned 1 [0071.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x43efb0 | out: lpFileInformation=0x43efb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0071.137] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config", nBufferLength=0x105, lpBuffer=0x43ea3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config", lpFilePart=0x0) returned 0x66 [0071.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x43efb8 | out: lpFileInformation=0x43efb8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0071.138] CloseHandle (hObject=0x40) returned 1 [0071.138] GetCurrentProcess () returned 0xffffffff [0071.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43f104 | out: TokenHandle=0x43f104*=0x40) returned 1 [0071.140] CloseHandle (hObject=0x40) returned 1 [0071.141] GetCurrentProcess () returned 0xffffffff [0071.141] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43f104 | out: TokenHandle=0x43f104*=0x40) returned 1 [0071.142] CloseHandle (hObject=0x40) returned 1 [0071.177] GetCurrentProcess () returned 0xffffffff [0071.177] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef1c | out: TokenHandle=0x43ef1c*=0x40) returned 1 [0071.215] CloseHandle (hObject=0x40) returned 1 [0071.215] GetCurrentProcess () returned 0xffffffff [0071.215] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef34 | out: TokenHandle=0x43ef34*=0x40) returned 1 [0071.217] CloseHandle (hObject=0x40) returned 1 [0071.279] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40 [0071.280] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1f4 [0071.308] GetCurrentProcess () returned 0xffffffff [0071.308] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef3c | out: TokenHandle=0x43ef3c*=0x234) returned 1 [0071.323] CloseHandle (hObject=0x234) returned 1 [0071.323] GetCurrentProcess () returned 0xffffffff [0071.323] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef54 | out: TokenHandle=0x43ef54*=0x234) returned 1 [0071.324] CloseHandle (hObject=0x234) returned 1 [0071.364] GetCurrentProcess () returned 0xffffffff [0071.365] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef44 | out: TokenHandle=0x43ef44*=0x234) returned 1 [0071.378] CloseHandle (hObject=0x234) returned 1 [0071.378] GetCurrentProcess () returned 0xffffffff [0071.378] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef5c | out: TokenHandle=0x43ef5c*=0x234) returned 1 [0071.379] CloseHandle (hObject=0x234) returned 1 [0071.418] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x43e42c | out: phkResult=0x43e42c*=0x234) returned 0x0 [0071.421] RegQueryValueExW (in: hKey=0x234, lpValueName="InstallationType", lpReserved=0x0, lpType=0x43e44c, lpData=0x0, lpcbData=0x43e448*=0x0 | out: lpType=0x43e44c*=0x1, lpData=0x0, lpcbData=0x43e448*=0xe) returned 0x0 [0071.422] RegQueryValueExW (in: hKey=0x234, lpValueName="InstallationType", lpReserved=0x0, lpType=0x43e44c, lpData=0x26e0ff4, lpcbData=0x43e448*=0xe | out: lpType=0x43e44c*=0x1, lpData="Client", lpcbData=0x43e448*=0xe) returned 0x0 [0071.422] RegCloseKey (hKey=0x234) returned 0x0 [0071.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1f8 | out: phkResult=0x43f1f8*=0x234) returned 0x0 [0071.431] RegQueryValueExW (in: hKey=0x234, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x43f214, lpData=0x0, lpcbData=0x43f210*=0x0 | out: lpType=0x43f214*=0x0, lpData=0x0, lpcbData=0x43f210*=0x0) returned 0x2 [0071.431] RegCloseKey (hKey=0x234) returned 0x0 [0071.437] GetCurrentProcessId () returned 0xfbc [0071.447] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x43ea94 | out: lpLuid=0x43ea94*(LowPart=0x14, HighPart=0)) returned 1 [0071.452] GetCurrentProcess () returned 0xffffffff [0071.452] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x43ea90 | out: TokenHandle=0x43ea90*=0x230) returned 1 [0071.455] AdjustTokenPrivileges (in: TokenHandle=0x230, DisableAllPrivileges=0, NewState=0x26e2068*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0071.455] CloseHandle (hObject=0x230) returned 1 [0071.457] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.521] EnumProcessModules (in: hProcess=0x230, lphModule=0x26e20ac, cb=0x100, lpcbNeeded=0x43f204 | out: lphModule=0x26e20ac, lpcbNeeded=0x43f204) returned 1 [0071.525] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26e21ec, cb=0xc | out: lpmodinfo=0x26e21ec*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.527] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.527] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.528] CoTaskMemFree (pv=0x261b38) [0071.528] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.528] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.529] CoTaskMemFree (pv=0x261b38) [0071.529] CloseHandle (hObject=0x230) returned 1 [0071.531] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x0) returned 0x2 [0071.532] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.532] RegQueryValueExW (in: hKey=0x230, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.532] RegCloseKey (hKey=0x230) returned 0x0 [0071.533] GetCurrentProcessId () returned 0xfbc [0071.533] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.533] EnumProcessModules (in: hProcess=0x230, lphModule=0x26e4dac, cb=0x100, lpcbNeeded=0x43f204 | out: lphModule=0x26e4dac, lpcbNeeded=0x43f204) returned 1 [0071.534] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26e4eec, cb=0xc | out: lpmodinfo=0x26e4eec*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.534] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.534] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.534] CoTaskMemFree (pv=0x261b38) [0071.535] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.535] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.535] CoTaskMemFree (pv=0x261b38) [0071.535] CloseHandle (hObject=0x230) returned 1 [0071.535] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x0) returned 0x2 [0071.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.536] RegQueryValueExW (in: hKey=0x230, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.536] RegCloseKey (hKey=0x230) returned 0x0 [0071.537] GetCurrentProcessId () returned 0xfbc [0071.537] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.537] EnumProcessModules (in: hProcess=0x230, lphModule=0x26e7984, cb=0x100, lpcbNeeded=0x43f204 | out: lphModule=0x26e7984, lpcbNeeded=0x43f204) returned 1 [0071.538] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26e7ac4, cb=0xc | out: lpmodinfo=0x26e7ac4*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.539] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.539] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.539] CoTaskMemFree (pv=0x261b38) [0071.539] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.539] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.539] CoTaskMemFree (pv=0x261b38) [0071.539] CloseHandle (hObject=0x230) returned 1 [0071.540] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x0) returned 0x2 [0071.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.541] RegQueryValueExW (in: hKey=0x230, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.541] RegCloseKey (hKey=0x230) returned 0x0 [0071.541] GetCurrentProcessId () returned 0xfbc [0071.542] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.542] EnumProcessModules (in: hProcess=0x230, lphModule=0x26ea548, cb=0x100, lpcbNeeded=0x43f204 | out: lphModule=0x26ea548, lpcbNeeded=0x43f204) returned 1 [0071.543] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26ea688, cb=0xc | out: lpmodinfo=0x26ea688*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.543] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.543] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.543] CoTaskMemFree (pv=0x261b38) [0071.543] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.543] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.544] CoTaskMemFree (pv=0x261b38) [0071.544] CloseHandle (hObject=0x230) returned 1 [0071.545] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x0) returned 0x2 [0071.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.546] RegQueryValueExW (in: hKey=0x230, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.546] RegCloseKey (hKey=0x230) returned 0x0 [0071.547] GetCurrentProcessId () returned 0xfbc [0071.547] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.547] EnumProcessModules (in: hProcess=0x230, lphModule=0x26ed080, cb=0x100, lpcbNeeded=0x43f204 | out: lphModule=0x26ed080, lpcbNeeded=0x43f204) returned 1 [0071.548] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26ed1c0, cb=0xc | out: lpmodinfo=0x26ed1c0*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.549] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.549] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.549] CoTaskMemFree (pv=0x261b38) [0071.549] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.549] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.549] CoTaskMemFree (pv=0x261b38) [0071.549] CloseHandle (hObject=0x230) returned 1 [0071.550] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x0) returned 0x2 [0071.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.551] RegQueryValueExW (in: hKey=0x230, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.551] RegCloseKey (hKey=0x230) returned 0x0 [0071.551] GetCurrentProcessId () returned 0xfbc [0071.551] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.551] EnumProcessModules (in: hProcess=0x230, lphModule=0x26efb9c, cb=0x100, lpcbNeeded=0x43f204 | out: lphModule=0x26efb9c, lpcbNeeded=0x43f204) returned 1 [0071.552] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26efcdc, cb=0xc | out: lpmodinfo=0x26efcdc*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.553] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.553] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.553] CoTaskMemFree (pv=0x261b38) [0071.553] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.553] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.554] CoTaskMemFree (pv=0x261b38) [0071.554] CloseHandle (hObject=0x230) returned 1 [0071.554] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x0) returned 0x2 [0071.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.556] RegQueryValueExW (in: hKey=0x230, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.556] RegCloseKey (hKey=0x230) returned 0x0 [0071.575] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.576] RegQueryValueExW (in: hKey=0x230, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.576] RegCloseKey (hKey=0x230) returned 0x0 [0071.577] GetCurrentProcessId () returned 0xfbc [0071.577] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.577] EnumProcessModules (in: hProcess=0x230, lphModule=0x26f3670, cb=0x100, lpcbNeeded=0x43f200 | out: lphModule=0x26f3670, lpcbNeeded=0x43f200) returned 1 [0071.578] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26f37b0, cb=0xc | out: lpmodinfo=0x26f37b0*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.579] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.579] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.579] CoTaskMemFree (pv=0x261b38) [0071.579] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.579] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.579] CoTaskMemFree (pv=0x261b38) [0071.579] CloseHandle (hObject=0x230) returned 1 [0071.580] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1f8 | out: phkResult=0x43f1f8*=0x0) returned 0x2 [0071.581] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1f8 | out: phkResult=0x43f1f8*=0x230) returned 0x0 [0071.581] RegQueryValueExW (in: hKey=0x230, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x43f214, lpData=0x0, lpcbData=0x43f210*=0x0 | out: lpType=0x43f214*=0x0, lpData=0x0, lpcbData=0x43f210*=0x0) returned 0x2 [0071.581] RegCloseKey (hKey=0x230) returned 0x0 [0071.582] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1fc | out: phkResult=0x43f1fc*=0x230) returned 0x0 [0071.582] RegQueryValueExW (in: hKey=0x230, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x43f218, lpData=0x0, lpcbData=0x43f214*=0x0 | out: lpType=0x43f218*=0x0, lpData=0x0, lpcbData=0x43f214*=0x0) returned 0x2 [0071.582] RegCloseKey (hKey=0x230) returned 0x0 [0071.583] GetCurrentProcessId () returned 0xfbc [0071.583] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.583] EnumProcessModules (in: hProcess=0x230, lphModule=0x26f657c, cb=0x100, lpcbNeeded=0x43f200 | out: lphModule=0x26f657c, lpcbNeeded=0x43f200) returned 1 [0071.584] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26f66bc, cb=0xc | out: lpmodinfo=0x26f66bc*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.584] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.584] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.584] CoTaskMemFree (pv=0x261b38) [0071.584] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.584] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.585] CoTaskMemFree (pv=0x261b38) [0071.585] CloseHandle (hObject=0x230) returned 1 [0071.585] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.586] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1f8 | out: phkResult=0x43f1f8*=0x0) returned 0x2 [0071.586] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1f8 | out: phkResult=0x43f1f8*=0x230) returned 0x0 [0071.586] RegQueryValueExW (in: hKey=0x230, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x43f214, lpData=0x0, lpcbData=0x43f210*=0x0 | out: lpType=0x43f214*=0x0, lpData=0x0, lpcbData=0x43f210*=0x0) returned 0x2 [0071.586] RegCloseKey (hKey=0x230) returned 0x0 [0071.589] GetCurrentProcessId () returned 0xfbc [0071.589] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x230 [0071.589] EnumProcessModules (in: hProcess=0x230, lphModule=0x26f90ac, cb=0x100, lpcbNeeded=0x43f200 | out: lphModule=0x26f90ac, lpcbNeeded=0x43f200) returned 1 [0071.590] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26f91ec, cb=0xc | out: lpmodinfo=0x26f91ec*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0071.590] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.591] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x261b38, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0071.591] CoTaskMemFree (pv=0x261b38) [0071.591] CoTaskMemAlloc (cb=0x804) returned 0x261b38 [0071.591] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x261b38, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0071.591] CoTaskMemFree (pv=0x261b38) [0071.591] CloseHandle (hObject=0x230) returned 1 [0071.592] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0071.592] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1f8 | out: phkResult=0x43f1f8*=0x0) returned 0x2 [0071.595] QueryPerformanceFrequency (in: lpFrequency=0xb6220 | out: lpFrequency=0xb6220*=100000000) returned 1 [0071.595] QueryPerformanceCounter (in: lpPerformanceCount=0x43f304 | out: lpPerformanceCount=0x43f304*=1423550393931) returned 1 [0071.615] GetCurrentProcess () returned 0xffffffff [0071.615] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef18 | out: TokenHandle=0x43ef18*=0x230) returned 1 [0071.620] CloseHandle (hObject=0x230) returned 1 [0071.620] GetCurrentProcess () returned 0xffffffff [0071.621] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef30 | out: TokenHandle=0x43ef30*=0x230) returned 1 [0071.621] CloseHandle (hObject=0x230) returned 1 [0071.627] GetCurrentProcess () returned 0xffffffff [0071.627] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43f1e8 | out: TokenHandle=0x43f1e8*=0x230) returned 1 [0072.544] CoTaskMemAlloc (cb=0xcc0) returned 0x261b38 [0072.546] RasEnumConnectionsW (in: param_1=0x261b38, param_2=0x43f1f8, param_3=0x43f1fc | out: param_1=0x261b38, param_2=0x43f1f8, param_3=0x43f1fc) returned 0x0 [0072.803] CoTaskMemFree (pv=0x261b38) [0072.813] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x43efe0 | out: lpWSAData=0x43efe0) returned 0 [0072.826] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x27c [0073.268] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0073.268] closesocket (s=0x27c) returned 0 [0073.269] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x27c [0073.389] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0073.389] closesocket (s=0x27c) returned 0 [0073.390] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x27c [0073.391] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x280 [0073.392] ioctlsocket (in: s=0x27c, cmd=-2147195266, argp=0x43f200 | out: argp=0x43f200) returned 0 [0073.393] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x284 [0073.393] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x288 [0073.393] ioctlsocket (in: s=0x284, cmd=-2147195266, argp=0x43f200 | out: argp=0x43f200) returned 0 [0073.395] WSAIoctl (in: s=0x27c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43f1e8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43f1e8, lpOverlapped=0x0) returned -1 [0073.396] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43ef18, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0073.433] WSAEventSelect (s=0x27c, hEventObject=0x280, lNetworkEvents=512) returned 0 [0073.433] WSAIoctl (in: s=0x284, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43f1e8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43f1e8, lpOverlapped=0x0) returned -1 [0073.433] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43ef18, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0073.433] WSAEventSelect (s=0x284, hEventObject=0x288, lNetworkEvents=512) returned 0 [0073.433] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x290 [0073.434] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x290, param_3=0x3) returned 0x0 [0073.440] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x43f214 | out: phkResult=0x43f214*=0x2a8) returned 0x0 [0073.441] RegOpenKeyExW (in: hKey=0x2a8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1c8 | out: phkResult=0x43f1c8*=0x2ac) returned 0x0 [0073.442] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b0 [0073.442] RegNotifyChangeKeyValue (hKey=0x2ac, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2b0, fAsynchronous=1) returned 0x0 [0073.443] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1cc | out: phkResult=0x43f1cc*=0x2b4) returned 0x0 [0073.444] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8 [0073.444] RegNotifyChangeKeyValue (hKey=0x2b4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2b8, fAsynchronous=1) returned 0x0 [0073.444] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f1cc | out: phkResult=0x43f1cc*=0x2bc) returned 0x0 [0073.445] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c0 [0073.445] RegNotifyChangeKeyValue (hKey=0x2bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2c0, fAsynchronous=1) returned 0x0 [0073.445] GetCurrentProcess () returned 0xffffffff [0073.445] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43f1bc | out: TokenHandle=0x43f1bc*=0x2c4) returned 1 [0073.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x43eac0 | out: phkResult=0x43eac0*=0x2c8) returned 0x0 [0073.449] RegQueryValueExW (in: hKey=0x2c8, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x43eadc, lpData=0x0, lpcbData=0x43ead8*=0x0 | out: lpType=0x43eadc*=0x0, lpData=0x0, lpcbData=0x43ead8*=0x0) returned 0x2 [0073.449] RegCloseKey (hKey=0x2c8) returned 0x0 [0073.980] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x26b1e8 [0074.098] WinHttpSetTimeouts (hInternet=0x26b1e8, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0074.099] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x43f1c8 | out: pProxyConfig=0x43f1c8) returned 1 [0074.922] CloseHandle (hObject=0x230) returned 1 [0074.935] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x43ea18, nSize=0x90 | out: lpBuffer="") returned 0x0 [0074.935] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x43ea18, nSize=0x90 | out: lpBuffer="") returned 0x0 [0074.957] EtwEventRegister () returned 0x0 [0074.987] EtwEventRegister () returned 0x0 [0075.073] GetCurrentProcess () returned 0xffffffff [0075.073] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43eee0 | out: TokenHandle=0x43eee0*=0x31c) returned 1 [0075.077] CloseHandle (hObject=0x31c) returned 1 [0075.077] GetCurrentProcess () returned 0xffffffff [0075.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43eef8 | out: TokenHandle=0x43eef8*=0x31c) returned 1 [0075.078] CloseHandle (hObject=0x31c) returned 1 [0075.084] SetEvent (hEvent=0x40) returned 1 [0075.102] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x43f124*=0x290, lpdwindex=0x43ef48 | out: lpdwindex=0x43ef48) returned 0x80010115 [0075.363] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x43f104*=0x280, lpdwindex=0x43ef28 | out: lpdwindex=0x43ef28) returned 0x80010115 [0075.363] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x43f104*=0x288, lpdwindex=0x43ef28 | out: lpdwindex=0x43ef28) returned 0x80010115 [0075.363] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x43f158*=0x2b0, lpdwindex=0x43ef7c | out: lpdwindex=0x43ef7c) returned 0x80010115 [0075.363] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x43f158*=0x2b8, lpdwindex=0x43ef7c | out: lpdwindex=0x43ef7c) returned 0x80010115 [0075.363] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x43f158*=0x2c0, lpdwindex=0x43ef7c | out: lpdwindex=0x43ef7c) returned 0x80010115 [0075.369] GetCurrentProcess () returned 0xffffffff [0075.369] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ee60 | out: TokenHandle=0x43ee60*=0x350) returned 1 [0075.371] CloseHandle (hObject=0x350) returned 1 [0075.371] GetCurrentProcess () returned 0xffffffff [0075.371] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ee78 | out: TokenHandle=0x43ee78*=0x350) returned 1 [0075.372] CloseHandle (hObject=0x350) returned 1 [0075.374] GetTimeZoneInformation (in: lpTimeZoneInformation=0x43f028 | out: lpTimeZoneInformation=0x43f028) returned 0x2 [0075.432] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x43ee84 | out: pTimeZoneInformation=0x43ee84) returned 0x2 [0075.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x43ef68 | out: phkResult=0x43ef68*=0x350) returned 0x0 [0075.436] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x43ef84, lpData=0x0, lpcbData=0x43ef80*=0x0 | out: lpType=0x43ef84*=0x3, lpData=0x0, lpcbData=0x43ef80*=0x2c) returned 0x0 [0075.436] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x43ef84, lpData=0x270651c, lpcbData=0x43ef80*=0x2c | out: lpType=0x43ef84*=0x3, lpData=0x270651c*, lpcbData=0x43ef80*=0x2c) returned 0x0 [0075.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x43edbc | out: phkResult=0x43edbc*=0x0) returned 0x2 [0075.437] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x43ef5c, lpData=0x0, lpcbData=0x43ef58*=0x0 | out: lpType=0x43ef5c*=0x1, lpData=0x0, lpcbData=0x43ef58*=0x20) returned 0x0 [0075.438] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x43ef5c, lpData=0x2706940, lpcbData=0x43ef58*=0x20 | out: lpType=0x43ef5c*=0x1, lpData="@tzres.dll,-320", lpcbData=0x43ef58*=0x20) returned 0x0 [0075.438] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x43ef5c, lpData=0x0, lpcbData=0x43ef58*=0x0 | out: lpType=0x43ef5c*=0x1, lpData=0x0, lpcbData=0x43ef58*=0x20) returned 0x0 [0075.438] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x43ef5c, lpData=0x2706998, lpcbData=0x43ef58*=0x20 | out: lpType=0x43ef5c*=0x1, lpData="@tzres.dll,-322", lpcbData=0x43ef58*=0x20) returned 0x0 [0075.438] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x43ef5c, lpData=0x0, lpcbData=0x43ef58*=0x0 | out: lpType=0x43ef5c*=0x1, lpData=0x0, lpcbData=0x43ef58*=0x20) returned 0x0 [0075.438] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x43ef5c, lpData=0x27069f0, lpcbData=0x43ef58*=0x20 | out: lpType=0x43ef5c*=0x1, lpData="@tzres.dll,-321", lpcbData=0x43ef58*=0x20) returned 0x0 [0075.446] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.446] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x283b70 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0075.448] CoTaskMemFree (pv=0x283b70) [0075.448] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.448] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x43ef78, pwszFileMUIPath=0x283b70, pcchFileMUIPath=0x43ef7c, pululEnumerator=0x43ef70 | out: pwszLanguage=0x0, pcchLanguage=0x43ef78, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x43ef7c, pululEnumerator=0x43ef70) returned 1 [0075.457] CoTaskMemFree (pv=0x0) [0075.457] CoTaskMemFree (pv=0x283b70) [0075.458] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x320001 [0075.470] CoTaskMemAlloc (cb=0x3ec) returned 0x283b70 [0075.470] LoadStringW (in: hInstance=0x320001, uID=0x140, lpBuffer=0x283b70, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0075.471] CoTaskMemFree (pv=0x283b70) [0075.471] FreeLibrary (hLibModule=0x320001) returned 1 [0075.472] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.472] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x283b70 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0075.472] CoTaskMemFree (pv=0x283b70) [0075.472] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.472] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x43ef78, pwszFileMUIPath=0x283b70, pcchFileMUIPath=0x43ef7c, pululEnumerator=0x43ef70 | out: pwszLanguage=0x0, pcchLanguage=0x43ef78, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x43ef7c, pululEnumerator=0x43ef70) returned 1 [0075.475] CoTaskMemFree (pv=0x0) [0075.475] CoTaskMemFree (pv=0x283b70) [0075.476] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x320001 [0075.479] CoTaskMemAlloc (cb=0x3ec) returned 0x283b70 [0075.479] LoadStringW (in: hInstance=0x320001, uID=0x142, lpBuffer=0x283b70, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0075.479] CoTaskMemFree (pv=0x283b70) [0075.479] FreeLibrary (hLibModule=0x320001) returned 1 [0075.479] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.479] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x283b70 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0075.480] CoTaskMemFree (pv=0x283b70) [0075.480] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.480] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x43ef78, pwszFileMUIPath=0x283b70, pcchFileMUIPath=0x43ef7c, pululEnumerator=0x43ef70 | out: pwszLanguage=0x0, pcchLanguage=0x43ef78, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x43ef7c, pululEnumerator=0x43ef70) returned 1 [0075.482] CoTaskMemFree (pv=0x0) [0075.482] CoTaskMemFree (pv=0x283b70) [0075.483] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x320001 [0075.485] CoTaskMemAlloc (cb=0x3ec) returned 0x283b70 [0075.485] LoadStringW (in: hInstance=0x320001, uID=0x141, lpBuffer=0x283b70, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0075.486] CoTaskMemFree (pv=0x283b70) [0075.486] FreeLibrary (hLibModule=0x320001) returned 1 [0075.487] RegCloseKey (hKey=0x350) returned 0x0 [0075.488] SetEvent (hEvent=0x40) returned 1 [0075.504] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x43f184 | out: pFixedInfo=0x0, pOutBufLen=0x43f184) returned 0x6f [0075.911] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x283b70 [0075.911] GetNetworkParams (in: pFixedInfo=0x283b70, pOutBufLen=0x43f184 | out: pFixedInfo=0x283b70, pOutBufLen=0x43f184) returned 0x0 [0075.925] LocalFree (hMem=0x283b70) returned 0x0 [0075.927] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.927] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x283b70, nSize=0x104 | out: lpBuffer="") returned 0x0 [0075.927] CoTaskMemFree (pv=0x283b70) [0075.927] CoTaskMemAlloc (cb=0x20c) returned 0x283b70 [0075.927] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x283b70, nSize=0x104 | out: lpBuffer="") returned 0x0 [0075.927] CoTaskMemFree (pv=0x283b70) [0076.016] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x364 [0076.109] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x360 [0076.120] GetAddrInfoW (in: pNodeName="www.google.com", pServiceName=0x0, pHints=0x43f060*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x43f008 | out: ppResult=0x43f008*=0x278238*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x276e18*(sa_family=2, sin_port=0x0, sin_addr="142.250.185.68"), ai_next=0x0)) returned 0 [0076.467] FreeAddrInfoW (pAddrInfo=0x278238*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x276e18*(sa_family=2, sin_port=0x0, sin_addr="142.250.185.68"), ai_next=0x0)) [0076.468] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x36c [0076.468] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0076.468] ioctlsocket (in: s=0x36c, cmd=-2147195266, argp=0x43f038 | out: argp=0x43f038) returned 0 [0076.469] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x378 [0076.469] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0076.469] ioctlsocket (in: s=0x378, cmd=-2147195266, argp=0x43f038 | out: argp=0x43f038) returned 0 [0076.469] WSAIoctl (in: s=0x36c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43f020, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43f020, lpOverlapped=0x0) returned -1 [0076.469] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43ed50, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0076.469] WSAEventSelect (s=0x36c, hEventObject=0x374, lNetworkEvents=512) returned 0 [0076.470] WSAIoctl (in: s=0x378, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x43f020, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x43f020, lpOverlapped=0x0) returned -1 [0076.470] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x43ed50, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0076.470] WSAEventSelect (s=0x378, hEventObject=0x37c, lNetworkEvents=512) returned 0 [0076.470] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x43f01c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x43f01c*=0x7ec) returned 0x6f [0076.478] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x289368 [0076.478] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x289368, SizePointer=0x43f01c*=0x7ec | out: AdapterAddresses=0x289368*(Alignment=0x1000000178, Length=0x178, IfIndex=0x10, Next=0x289634, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x2895a8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x25, [2]=0x60, [3]=0xfd, [4]=0xb5, [5]=0x57, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x2894e0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x43f01c*=0x7ec) returned 0x0 [0076.494] LocalFree (hMem=0x289368) returned 0x0 [0076.497] WSAConnect (in: s=0x364, name=0x27125a0*(sa_family=2, sin_port=0x1bb, sin_addr="142.250.185.68"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0076.508] closesocket (s=0x360) returned 0 [0076.972] EnumerateSecurityPackagesW (in: pcPackages=0x43ef8c, ppPackageInfo=0x43ef20 | out: pcPackages=0x43ef8c, ppPackageInfo=0x43ef20) returned 0x0 [0076.985] FreeContextBuffer (in: pvContextBuffer=0x284d98 | out: pvContextBuffer=0x284d98) returned 0x0 [0077.011] GetCurrentProcess () returned 0xffffffff [0077.011] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ed48 | out: TokenHandle=0x43ed48*=0x360) returned 1 [0077.014] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x271381c, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x43ed9c, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2714eac, ptsExpiry=0x43ed20 | out: phCredential=0x2714eac, ptsExpiry=0x43ed20) returned 0x0 [0078.733] CloseHandle (hObject=0x360) returned 1 [0078.738] InitializeSecurityContextW (in: phCredential=0x43ed6c, phContext=0x0, pTargetName=0x2712694, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x27150b0, pOutput=0x2715048, pfContextAttr=0x27137e0, ptsExpiry=0x43ed64 | out: phNewContext=0x27150b0, pOutput=0x2715048, pfContextAttr=0x27137e0, ptsExpiry=0x43ed64) returned 0x90312 [0078.740] FreeContextBuffer (in: pvContextBuffer=0x284d98 | out: pvContextBuffer=0x284d98) returned 0x0 [0078.742] send (s=0x364, buf=0x27150c4*, len=152, flags=0) returned 152 [0078.744] recv (in: s=0x364, buf=0x27150c4, len=5, flags=0 | out: buf=0x27150c4*) returned 5 [0078.762] recv (in: s=0x364, buf=0x27150c9, len=87, flags=0 | out: buf=0x27150c9*) returned 87 [0078.763] InitializeSecurityContextW (in: phCredential=0x43ecc8, phContext=0x43ecb8, pTargetName=0x2712694, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x271531c, Reserved2=0x0, phNewContext=0x27150b0, pOutput=0x2715330, pfContextAttr=0x27137e0, ptsExpiry=0x43ecc0 | out: phNewContext=0x27150b0, pOutput=0x2715330, pfContextAttr=0x27137e0, ptsExpiry=0x43ecc0) returned 0x90312 [0078.770] recv (in: s=0x364, buf=0x27153c0, len=5, flags=0 | out: buf=0x27153c0*) returned 5 [0078.771] recv (in: s=0x364, buf=0x27153e5, len=3995, flags=0 | out: buf=0x27153e5*) returned 3995 [0078.771] InitializeSecurityContextW (in: phCredential=0x43ec28, phContext=0x43ec18, pTargetName=0x2712694, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x27163f0, Reserved2=0x0, phNewContext=0x27150b0, pOutput=0x2716404, pfContextAttr=0x27137e0, ptsExpiry=0x43ec20 | out: phNewContext=0x27150b0, pOutput=0x2716404, pfContextAttr=0x27137e0, ptsExpiry=0x43ec20) returned 0x90312 [0078.780] recv (in: s=0x364, buf=0x2716494, len=5, flags=0 | out: buf=0x2716494*) returned 5 [0078.781] recv (in: s=0x364, buf=0x27164ad, len=147, flags=0 | out: buf=0x27164ad*) returned 147 [0078.781] InitializeSecurityContextW (in: phCredential=0x43eb88, phContext=0x43eb78, pTargetName=0x2712694, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x27165b0, Reserved2=0x0, phNewContext=0x27150b0, pOutput=0x27165c4, pfContextAttr=0x27137e0, ptsExpiry=0x43eb80 | out: phNewContext=0x27150b0, pOutput=0x27165c4, pfContextAttr=0x27137e0, ptsExpiry=0x43eb80) returned 0x90312 [0078.781] recv (in: s=0x364, buf=0x2716654, len=5, flags=0 | out: buf=0x2716654*) returned 5 [0078.781] recv (in: s=0x364, buf=0x271666d, len=4, flags=0 | out: buf=0x271666d*) returned 4 [0078.781] InitializeSecurityContextW (in: phCredential=0x43eae8, phContext=0x43ead8, pTargetName=0x2712694, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x27166e4, Reserved2=0x0, phNewContext=0x27150b0, pOutput=0x27166f8, pfContextAttr=0x27137e0, ptsExpiry=0x43eae0 | out: phNewContext=0x27150b0, pOutput=0x27166f8, pfContextAttr=0x27137e0, ptsExpiry=0x43eae0) returned 0x90312 [0078.904] FreeContextBuffer (in: pvContextBuffer=0x2456f8 | out: pvContextBuffer=0x2456f8) returned 0x0 [0078.904] send (s=0x364, buf=0x2716774*, len=126, flags=0) returned 126 [0078.904] recv (in: s=0x364, buf=0x2716774, len=5, flags=0 | out: buf=0x2716774*) returned 5 [0078.914] recv (in: s=0x364, buf=0x2716779, len=1, flags=0 | out: buf=0x2716779*) returned 1 [0078.914] InitializeSecurityContextW (in: phCredential=0x43ea48, phContext=0x43ea38, pTargetName=0x2712694, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2716878, Reserved2=0x0, phNewContext=0x27150b0, pOutput=0x271688c, pfContextAttr=0x27137e0, ptsExpiry=0x43ea40 | out: phNewContext=0x27150b0, pOutput=0x271688c, pfContextAttr=0x27137e0, ptsExpiry=0x43ea40) returned 0x90312 [0078.914] recv (in: s=0x364, buf=0x271691c, len=5, flags=0 | out: buf=0x271691c*) returned 5 [0078.914] recv (in: s=0x364, buf=0x2716935, len=40, flags=0 | out: buf=0x2716935*) returned 40 [0078.915] InitializeSecurityContextW (in: phCredential=0x43e9a8, phContext=0x43e998, pTargetName=0x2712694, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x27169d0, Reserved2=0x0, phNewContext=0x27150b0, pOutput=0x27169e4, pfContextAttr=0x27137e0, ptsExpiry=0x43e9a0 | out: phNewContext=0x27150b0, pOutput=0x27169e4, pfContextAttr=0x27137e0, ptsExpiry=0x43e9a0) returned 0x0 [0079.684] QueryContextAttributesW (in: phContext=0x27150b0, ulAttribute=0x4, pBuffer=0x2716a90 | out: pBuffer=0x2716a90) returned 0x0 [0079.686] QueryContextAttributesW (in: phContext=0x27150b0, ulAttribute=0x5a, pBuffer=0x2716ae8 | out: pBuffer=0x2716ae8) returned 0x0 [0079.697] QueryContextAttributesW (in: phContext=0x27150b0, ulAttribute=0x53, pBuffer=0x2716b94 | out: pBuffer=0x2716b94) returned 0x0 [0079.718] CertDuplicateCRLContext (pCrlContext=0x28be00) returned 0x28be00 [0079.720] CertDuplicateStore (hCertStore=0x2847c0) returned 0x2847c0 [0079.720] CertEnumCertificatesInStore (hCertStore=0x2847c0, pPrevCertContext=0x0) returned 0x28bea0 [0079.721] CertDuplicateCRLContext (pCrlContext=0x28bea0) returned 0x28bea0 [0079.723] CertEnumCertificatesInStore (hCertStore=0x2847c0, pPrevCertContext=0x28bea0) returned 0x28be50 [0079.724] CertDuplicateCRLContext (pCrlContext=0x28be50) returned 0x28be50 [0079.724] CertEnumCertificatesInStore (hCertStore=0x2847c0, pPrevCertContext=0x28be50) returned 0x28be00 [0079.725] CertDuplicateCRLContext (pCrlContext=0x28be00) returned 0x28be00 [0079.725] CertEnumCertificatesInStore (hCertStore=0x2847c0, pPrevCertContext=0x28be00) returned 0x0 [0079.725] CertCloseStore (hCertStore=0x2847c0, dwFlags=0x0) returned 1 [0079.725] CertFreeCRLContext (pCrlContext=0x28be00) returned 1 [0079.745] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x26cdd0 [0079.748] CertAddCRLLinkToStore (in: hCertStore=0x26cdd0, pCrlContext=0x28bea0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0079.749] CertAddCRLLinkToStore (in: hCertStore=0x26cdd0, pCrlContext=0x28be50, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0079.749] CertAddCRLLinkToStore (in: hCertStore=0x26cdd0, pCrlContext=0x28be00, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0079.752] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x26d3c0 [0079.758] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x28be00, pTime=0x43e9b4, hAdditionalStore=0x26cdd0, pChainPara=0x43e8f4, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x43e8e8 | out: ppChainContext=0x43e8e8) returned 1 [0082.773] LocalFree (hMem=0x26d3c0) returned 0x0 [0082.774] CertDuplicateCertificateChain (pChainContext=0x54e1408) returned 0x54e1408 [0082.776] CertDuplicateCRLContext (pCrlContext=0x28be00) returned 0x28be00 [0082.776] CertDuplicateCRLContext (pCrlContext=0x555ae28) returned 0x555ae28 [0082.777] CertDuplicateCRLContext (pCrlContext=0x555aec8) returned 0x555aec8 [0082.777] CertDuplicateCRLContext (pCrlContext=0x555af18) returned 0x555af18 [0082.778] CertFreeCertificateChain (pChainContext=0x54e1408) [0082.778] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x54e1408, pPolicyPara=0x43ea94, pPolicyStatus=0x43ea80 | out: pPolicyStatus=0x43ea80) returned 1 [0082.779] SetLastError (dwErrCode=0x0) [0082.782] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x54e1408, pPolicyPara=0x43eaf4, pPolicyStatus=0x43eaa8 | out: pPolicyStatus=0x43eaa8) returned 1 [0082.787] CertFreeCertificateChain (pChainContext=0x54e1408) [0082.787] CertFreeCRLContext (pCrlContext=0x28be00) returned 1 [0082.792] CoTaskMemAlloc (cb=0x20c) returned 0x553d910 [0082.792] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x553d910, nSize=0x104 | out: lpBuffer="") returned 0x0 [0082.793] CoTaskMemFree (pv=0x553d910) [0082.793] CoTaskMemAlloc (cb=0x20c) returned 0x553d910 [0082.793] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x553d910, nSize=0x104 | out: lpBuffer="") returned 0x0 [0082.793] CoTaskMemFree (pv=0x553d910) [0082.793] CoTaskMemAlloc (cb=0x20c) returned 0x553d910 [0082.793] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x553d910, nSize=0x104 | out: lpBuffer="") returned 0x0 [0082.793] CoTaskMemFree (pv=0x553d910) [0082.793] CoTaskMemAlloc (cb=0x20c) returned 0x553d910 [0082.793] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x553d910, nSize=0x104 | out: lpBuffer="") returned 0x0 [0082.793] CoTaskMemFree (pv=0x553d910) [0082.795] EncryptMessage (in: phContext=0x27150b0, fQOP=0x0, pMessage=0x271ee7c, MessageSeqNo=0x0 | out: pMessage=0x271ee7c) returned 0x0 [0082.797] send (s=0x364, buf=0x271d954*, len=93, flags=0) returned 93 [0082.801] setsockopt (s=0x364, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0082.806] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.064] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.065] DecryptMessage (in: phContext=0x27150b0, pMessage=0x272f27c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x272f27c, pfQOP=0x0) returned 0x0 [0083.194] GetCurrentProcess () returned 0xffffffff [0083.194] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef60 | out: TokenHandle=0x43ef60*=0x550) returned 1 [0083.195] CloseHandle (hObject=0x550) returned 1 [0083.195] GetCurrentProcess () returned 0xffffffff [0083.196] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x43ef78 | out: TokenHandle=0x43ef78*=0x550) returned 1 [0083.197] CloseHandle (hObject=0x550) returned 1 [0083.198] setsockopt (s=0x364, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0083.198] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2f8 | out: lpPerformanceCount=0x43f2f8*=1424711473445) returned 1 [0083.206] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424711496249) returned 1 [0083.240] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.241] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.241] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2733a10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733a10, pfQOP=0x0) returned 0x0 [0083.241] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424714984811) returned 1 [0083.241] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.241] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.241] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2733b30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733b30, pfQOP=0x0) returned 0x0 [0083.242] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424715030920) returned 1 [0083.242] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.242] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.242] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2733c50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733c50, pfQOP=0x0) returned 0x0 [0083.242] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424715122299) returned 1 [0083.243] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.243] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.243] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2733d70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733d70, pfQOP=0x0) returned 0x0 [0083.243] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424715163476) returned 1 [0083.243] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.243] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.244] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2733e90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733e90, pfQOP=0x0) returned 0x0 [0083.244] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424715256225) returned 1 [0083.244] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.252] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.252] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2733fb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733fb0, pfQOP=0x0) returned 0x0 [0083.252] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716317993) returned 1 [0083.255] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.255] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.255] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27340dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27340dc, pfQOP=0x0) returned 0x0 [0083.255] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716369713) returned 1 [0083.255] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.255] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.255] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27341fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27341fc, pfQOP=0x0) returned 0x0 [0083.255] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716408303) returned 1 [0083.255] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.256] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.256] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273431c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273431c, pfQOP=0x0) returned 0x0 [0083.256] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716449518) returned 1 [0083.256] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.256] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.256] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273443c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273443c, pfQOP=0x0) returned 0x0 [0083.256] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716486825) returned 1 [0083.256] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.256] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.256] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273455c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273455c, pfQOP=0x0) returned 0x0 [0083.257] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716526300) returned 1 [0083.257] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.257] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.257] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273467c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273467c, pfQOP=0x0) returned 0x0 [0083.257] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716566075) returned 1 [0083.257] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.257] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.257] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273479c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273479c, pfQOP=0x0) returned 0x0 [0083.257] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716606475) returned 1 [0083.257] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.257] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.258] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27348bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27348bc, pfQOP=0x0) returned 0x0 [0083.258] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716644616) returned 1 [0083.258] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.258] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.258] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27349dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27349dc, pfQOP=0x0) returned 0x0 [0083.258] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716682002) returned 1 [0083.258] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.258] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.258] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2734afc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734afc, pfQOP=0x0) returned 0x0 [0083.258] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716719411) returned 1 [0083.259] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.259] recv (in: s=0x364, buf=0x272b1c1, len=1131, flags=0 | out: buf=0x272b1c1*) returned 1131 [0083.259] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2734c1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734c1c, pfQOP=0x0) returned 0x0 [0083.259] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716760695) returned 1 [0083.259] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.259] recv (in: s=0x364, buf=0x272b1c1, len=324, flags=0 | out: buf=0x272b1c1*) returned 324 [0083.259] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2734d3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734d3c, pfQOP=0x0) returned 0x0 [0083.260] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716829174) returned 1 [0083.260] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.260] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.260] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2734e5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734e5c, pfQOP=0x0) returned 0x0 [0083.260] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716895594) returned 1 [0083.260] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.260] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.260] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2734f7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734f7c, pfQOP=0x0) returned 0x0 [0083.261] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716933554) returned 1 [0083.261] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.261] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.261] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273509c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273509c, pfQOP=0x0) returned 0x0 [0083.261] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424716972727) returned 1 [0083.261] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.261] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.261] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27351bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27351bc, pfQOP=0x0) returned 0x0 [0083.261] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717012740) returned 1 [0083.261] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.262] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.262] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27352dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27352dc, pfQOP=0x0) returned 0x0 [0083.262] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717050584) returned 1 [0083.262] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.262] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.262] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27353fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27353fc, pfQOP=0x0) returned 0x0 [0083.262] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717087500) returned 1 [0083.262] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.262] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.262] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273551c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273551c, pfQOP=0x0) returned 0x0 [0083.263] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717123972) returned 1 [0083.263] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.263] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.263] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273563c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273563c, pfQOP=0x0) returned 0x0 [0083.263] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717161568) returned 1 [0083.263] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.263] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.263] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273575c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273575c, pfQOP=0x0) returned 0x0 [0083.263] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717197802) returned 1 [0083.263] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.263] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.263] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273587c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273587c, pfQOP=0x0) returned 0x0 [0083.264] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717235148) returned 1 [0083.264] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.264] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.264] DecryptMessage (in: phContext=0x27150b0, pMessage=0x273599c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273599c, pfQOP=0x0) returned 0x0 [0083.264] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717272659) returned 1 [0083.264] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.264] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.264] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2735abc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2735abc, pfQOP=0x0) returned 0x0 [0083.264] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717311339) returned 1 [0083.264] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.265] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.265] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2735bdc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2735bdc, pfQOP=0x0) returned 0x0 [0083.265] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717351267) returned 1 [0083.265] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.265] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.265] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2735cfc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2735cfc, pfQOP=0x0) returned 0x0 [0083.265] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717389926) returned 1 [0083.265] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.265] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.265] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2735e1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2735e1c, pfQOP=0x0) returned 0x0 [0083.266] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717426619) returned 1 [0083.266] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.266] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.266] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2735f3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2735f3c, pfQOP=0x0) returned 0x0 [0083.266] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717462819) returned 1 [0083.266] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.266] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.267] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2736068, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2736068, pfQOP=0x0) returned 0x0 [0083.267] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717538596) returned 1 [0083.267] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.267] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.267] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2736188, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2736188, pfQOP=0x0) returned 0x0 [0083.267] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717576844) returned 1 [0083.267] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.267] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.267] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27362a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27362a8, pfQOP=0x0) returned 0x0 [0083.267] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717613918) returned 1 [0083.267] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.268] recv (in: s=0x364, buf=0x272b1c1, len=1343, flags=0 | out: buf=0x272b1c1*) returned 1343 [0083.268] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27363c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27363c8, pfQOP=0x0) returned 0x0 [0083.268] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717651047) returned 1 [0083.268] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.268] recv (in: s=0x364, buf=0x272b1c1, len=1237, flags=0 | out: buf=0x272b1c1*) returned 1237 [0083.268] DecryptMessage (in: phContext=0x27150b0, pMessage=0x27364e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27364e8, pfQOP=0x0) returned 0x0 [0083.268] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2c0 | out: lpPerformanceCount=0x43f2c0*=1424717688234) returned 1 [0083.268] recv (in: s=0x364, buf=0x272b1bc, len=5, flags=0 | out: buf=0x272b1bc*) returned 5 [0083.268] recv (in: s=0x364, buf=0x272b1c1, len=29, flags=0 | out: buf=0x272b1c1*) returned 29 [0083.268] DecryptMessage (in: phContext=0x27150b0, pMessage=0x2736608, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2736608, pfQOP=0x0) returned 0x0 [0083.269] SetEvent (hEvent=0x40) returned 1 [0083.271] QueryPerformanceCounter (in: lpPerformanceCount=0x43f2e4 | out: lpPerformanceCount=0x43f2e4*=1424718006938) returned 1 [0083.291] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ee2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0083.293] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43ee34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0084.068] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x29400, lpName=0x0) returned 0x550 [0084.069] memcpy (in: _Dst=0x4f0000, _Src=0x36c2960, _Size=0x29400 | out: _Dst=0x4f0000) returned 0x4f0000 [0084.071] CloseHandle (hObject=0x550) returned 1 [0085.394] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12600, lpName=0x0) returned 0x558 [0085.395] memcpy (in: _Dst=0x5a0000, _Src=0x2708a00, _Size=0x12600 | out: _Dst=0x5a0000) returned 0x5a0000 [0085.396] CloseHandle (hObject=0x558) returned 1 [0086.142] CoTaskMemAlloc (cb=0x20c) returned 0x552fb68 [0086.142] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x552fb68, nSize=0x104 | out: lpBuffer="") returned 0x0 [0086.142] CoTaskMemFree (pv=0x552fb68) [0086.301] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cb [0086.301] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ca [0086.315] GetSystemMetrics (nIndex=75) returned 1 [0086.321] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0087.149] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75620000 [0087.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x43e2d4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0087.152] GetProcAddress (hModule=0x75620000, lpProcName="AddDllDirectory") returned 0x74dd1e91 [0087.153] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6d710000 [0087.187] AdjustWindowRectEx (in: lpRect=0x43e43c, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x43e43c) returned 1 [0087.195] GetCurrentProcess () returned 0xffffffff [0087.195] GetCurrentThread () returned 0xfffffffe [0087.195] GetCurrentProcess () returned 0xffffffff [0087.195] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x43e354, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x43e354*=0x598) returned 1 [0087.198] GetCurrentThreadId () returned 0xfc0 [0087.212] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74f70000 [0087.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x43e16c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWênÇ;G$DþÅq\x04êC", lpUsedDefaultChar=0x0) returned 14 [0087.212] GetProcAddress (hModule=0x74f70000, lpProcName="DefWindowProcW") returned 0x771825dd [0087.213] GetStockObject (i=5) returned 0x1900015 [0087.216] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0087.219] CoTaskMemAlloc (cb=0x5a) returned 0x551bbf0 [0087.219] RegisterClassW (lpWndClass=0x43e15c) returned 0xc12d [0087.220] CoTaskMemFree (pv=0x551bbf0) [0087.220] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0087.220] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x11e0000, lpParam=0x0) returned 0x701be [0087.222] SetWindowLongW (hWnd=0x701be, nIndex=-4, dwNewLong=1998071261) returned 83757030 [0087.223] GetWindowLongW (hWnd=0x701be, nIndex=-4) returned 1998071261 [0087.225] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x43da70 | out: phkResult=0x43da70*=0x59c) returned 0x0 [0087.226] RegQueryValueExW (in: hKey=0x59c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x43da90, lpData=0x0, lpcbData=0x43da8c*=0x0 | out: lpType=0x43da90*=0x0, lpData=0x0, lpcbData=0x43da8c*=0x0) returned 0x2 [0087.226] RegQueryValueExW (in: hKey=0x59c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x43da90, lpData=0x0, lpcbData=0x43da8c*=0x0 | out: lpType=0x43da90*=0x0, lpData=0x0, lpcbData=0x43da8c*=0x0) returned 0x2 [0087.226] RegCloseKey (hKey=0x59c) returned 0x0 [0087.231] SetWindowLongW (hWnd=0x701be, nIndex=-4, dwNewLong=83757070) returned 1998071261 [0087.231] GetWindowLongW (hWnd=0x701be, nIndex=-4) returned 83757070 [0087.231] GetWindowLongW (hWnd=0x701be, nIndex=-16) returned 113311744 [0087.232] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc079 [0087.233] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x701be, Msg=0x24, wParam=0x0, lParam=0x43dd48) returned 0x0 [0087.233] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc076 [0087.233] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x701be, Msg=0x81, wParam=0x0, lParam=0x43dd3c) returned 0x1 [0087.233] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x701be, Msg=0x83, wParam=0x0, lParam=0x43dd28) returned 0x0 [0087.234] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x701be, Msg=0x1, wParam=0x0, lParam=0x43dd3c) returned 0x0 [0087.234] GetClientRect (in: hWnd=0x701be, lpRect=0x43daa4 | out: lpRect=0x43daa4) returned 1 [0087.234] GetWindowRect (in: hWnd=0x701be, lpRect=0x43daa4 | out: lpRect=0x43daa4) returned 1 [0087.236] GetParent (hWnd=0x701be) returned 0x0 [0087.240] GetSystemMetrics (nIndex=59) returned 1460 [0087.240] GetSystemMetrics (nIndex=60) returned 920 [0087.240] GetSystemMetrics (nIndex=34) returned 132 [0087.240] GetSystemMetrics (nIndex=35) returned 38 [0087.240] AdjustWindowRectEx (in: lpRect=0x43e378, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x43e378) returned 1 [0087.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3eebda0, Length=0x20000, ResultLength=0x43e448 | out: SystemInformation=0x3eebda0, ResultLength=0x43e448*=0xeb38) returned 0x0 [0087.609] GetSystemDefaultLCID () returned 0x409 [0087.609] GetStockObject (i=17) returned 0x18a0025 [0087.611] GetObjectW (in: h=0x18a0025, c=92, pv=0x43e228 | out: pv=0x43e228) returned 92 [0087.612] GetDC (hWnd=0x0) returned 0x3a010b54 [0088.281] GdiplusStartup (in: token=0xb6678, input=0x43d7f0, output=0x43d840 | out: token=0xb6678, output=0x43d840) returned 0x0 [0088.317] CoTaskMemAlloc (cb=0x5c) returned 0x551bbf0 [0088.319] GdipCreateFontFromLogfontW (hdc=0x3a010b54, logfont=0x551bbf0, font=0x43e2f0) returned 0x0 [0098.206] CoTaskMemFree (pv=0x551bbf0) [0098.209] CoTaskMemAlloc (cb=0x5c) returned 0x551bbf0 [0098.210] CoTaskMemFree (pv=0x551bbf0) [0098.211] CoTaskMemAlloc (cb=0x5c) returned 0x551bbf0 [0098.211] CoTaskMemFree (pv=0x551bbf0) [0098.212] GdipGetFontUnit (font=0x6072230, unit=0x43e2b8) returned 0x0 [0098.212] GdipGetFontSize (font=0x6072230, size=0x43e2bc) returned 0x0 [0098.213] GdipGetFontStyle (font=0x6072230, style=0x43e2b4) returned 0x0 [0098.213] GdipGetFamily (font=0x6072230, family=0x43e2b0) returned 0x0 [0098.215] GdipGetFontSize (font=0x6072230, size=0x271bbb8) returned 0x0 [0098.215] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.216] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.219] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e2cc) returned 0x0 [0098.222] GdipGetDpiY (graphics=0xaf1b6d0, dpi=0x271bc94) returned 0x0 [0098.222] GdipGetFontHeight (font=0x6072230, graphics=0xaf1b6d0, height=0x43e2c4) returned 0x0 [0098.223] GdipGetEmHeight (family=0x77af6b0, style=0, EmHeight=0x43e2cc) returned 0x0 [0098.223] GdipGetLineSpacing (family=0x77af6b0, style=0, LineSpacing=0x43e2cc) returned 0x0 [0098.224] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.224] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.227] GdipCreateFont (fontFamily=0x77af6b0, emSize=0x41040000, style=0, unit=0x3, font=0x271bcb0) returned 0x0 [0098.227] GdipGetFontSize (font=0xad90e68, size=0x271bcb4) returned 0x0 [0098.227] GdipDeleteFont (font=0x6072230) returned 0x0 [0098.230] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.230] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.230] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.230] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.230] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.231] GetSystemMetrics (nIndex=5) returned 1 [0098.231] GetSystemMetrics (nIndex=6) returned 1 [0098.233] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.237] GetSystemMetrics (nIndex=5) returned 1 [0098.237] GetSystemMetrics (nIndex=6) returned 1 [0098.238] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.238] GetCurrentThreadId () returned 0xfc0 [0098.238] GetCurrentThreadId () returned 0xfc0 [0098.243] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.243] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.243] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.244] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.244] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.244] GetSystemMetrics (nIndex=5) returned 1 [0098.244] GetSystemMetrics (nIndex=6) returned 1 [0098.244] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.244] GetSystemMetrics (nIndex=5) returned 1 [0098.244] GetSystemMetrics (nIndex=6) returned 1 [0098.244] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.244] GetCurrentThreadId () returned 0xfc0 [0098.244] GetCurrentThreadId () returned 0xfc0 [0098.245] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.245] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.245] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.245] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.245] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.246] GetSystemMetrics (nIndex=5) returned 1 [0098.246] GetSystemMetrics (nIndex=6) returned 1 [0098.246] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.246] GetSystemMetrics (nIndex=5) returned 1 [0098.246] GetSystemMetrics (nIndex=6) returned 1 [0098.246] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.246] GetCurrentThreadId () returned 0xfc0 [0098.246] GetCurrentThreadId () returned 0xfc0 [0098.247] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.247] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.247] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.247] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.247] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.247] GetSystemMetrics (nIndex=5) returned 1 [0098.247] GetSystemMetrics (nIndex=6) returned 1 [0098.247] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.247] GetSystemMetrics (nIndex=5) returned 1 [0098.247] GetSystemMetrics (nIndex=6) returned 1 [0098.247] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.247] GetCurrentThreadId () returned 0xfc0 [0098.247] GetCurrentThreadId () returned 0xfc0 [0098.248] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.248] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.248] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.248] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.248] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.249] GetSystemMetrics (nIndex=5) returned 1 [0098.249] GetSystemMetrics (nIndex=6) returned 1 [0098.249] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.249] GetSystemMetrics (nIndex=5) returned 1 [0098.249] GetSystemMetrics (nIndex=6) returned 1 [0098.249] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.249] GetCurrentThreadId () returned 0xfc0 [0098.249] GetCurrentThreadId () returned 0xfc0 [0098.250] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.250] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.250] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.250] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.250] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.250] GetSystemMetrics (nIndex=5) returned 1 [0098.250] GetSystemMetrics (nIndex=6) returned 1 [0098.250] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.250] GetSystemMetrics (nIndex=5) returned 1 [0098.250] GetSystemMetrics (nIndex=6) returned 1 [0098.250] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.250] GetCurrentThreadId () returned 0xfc0 [0098.250] GetCurrentThreadId () returned 0xfc0 [0098.252] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.252] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.252] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.252] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.252] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.252] GetSystemMetrics (nIndex=5) returned 1 [0098.252] GetSystemMetrics (nIndex=6) returned 1 [0098.252] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.252] GetSystemMetrics (nIndex=5) returned 1 [0098.252] GetSystemMetrics (nIndex=6) returned 1 [0098.252] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.252] GetCurrentThreadId () returned 0xfc0 [0098.252] GetCurrentThreadId () returned 0xfc0 [0098.253] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.253] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.253] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.254] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.254] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.254] GetSystemMetrics (nIndex=5) returned 1 [0098.254] GetSystemMetrics (nIndex=6) returned 1 [0098.254] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.254] GetSystemMetrics (nIndex=5) returned 1 [0098.254] GetSystemMetrics (nIndex=6) returned 1 [0098.254] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.254] GetCurrentThreadId () returned 0xfc0 [0098.254] GetCurrentThreadId () returned 0xfc0 [0098.255] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.255] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.255] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.255] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.255] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.255] GetSystemMetrics (nIndex=5) returned 1 [0098.256] GetSystemMetrics (nIndex=6) returned 1 [0098.256] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.256] GetSystemMetrics (nIndex=5) returned 1 [0098.256] GetSystemMetrics (nIndex=6) returned 1 [0098.256] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.256] GetCurrentThreadId () returned 0xfc0 [0098.256] GetCurrentThreadId () returned 0xfc0 [0098.257] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.257] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.257] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.257] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.257] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.257] GetSystemMetrics (nIndex=5) returned 1 [0098.257] GetSystemMetrics (nIndex=6) returned 1 [0098.257] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.257] GetSystemMetrics (nIndex=5) returned 1 [0098.257] GetSystemMetrics (nIndex=6) returned 1 [0098.257] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.257] GetCurrentThreadId () returned 0xfc0 [0098.257] GetCurrentThreadId () returned 0xfc0 [0098.258] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.258] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.258] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.258] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.259] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.259] GetSystemMetrics (nIndex=5) returned 1 [0098.259] GetSystemMetrics (nIndex=6) returned 1 [0098.259] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.259] GetSystemMetrics (nIndex=5) returned 1 [0098.259] GetSystemMetrics (nIndex=6) returned 1 [0098.259] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.259] GetCurrentThreadId () returned 0xfc0 [0098.259] GetCurrentThreadId () returned 0xfc0 [0098.260] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.260] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.260] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.260] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.260] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.260] GetSystemMetrics (nIndex=5) returned 1 [0098.260] GetSystemMetrics (nIndex=6) returned 1 [0098.261] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.261] GetSystemMetrics (nIndex=5) returned 1 [0098.261] GetSystemMetrics (nIndex=6) returned 1 [0098.261] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.261] GetCurrentThreadId () returned 0xfc0 [0098.261] GetCurrentThreadId () returned 0xfc0 [0098.262] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.262] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.262] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.262] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.262] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.262] GetSystemMetrics (nIndex=5) returned 1 [0098.262] GetSystemMetrics (nIndex=6) returned 1 [0098.262] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.262] GetSystemMetrics (nIndex=5) returned 1 [0098.262] GetSystemMetrics (nIndex=6) returned 1 [0098.262] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.262] GetCurrentThreadId () returned 0xfc0 [0098.262] GetCurrentThreadId () returned 0xfc0 [0098.263] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.263] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.264] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.264] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.264] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.264] GetSystemMetrics (nIndex=5) returned 1 [0098.264] GetSystemMetrics (nIndex=6) returned 1 [0098.264] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.264] GetSystemMetrics (nIndex=5) returned 1 [0098.264] GetSystemMetrics (nIndex=6) returned 1 [0098.264] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.264] GetCurrentThreadId () returned 0xfc0 [0098.264] GetCurrentThreadId () returned 0xfc0 [0098.265] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.265] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.265] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.265] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.266] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.266] GetSystemMetrics (nIndex=5) returned 1 [0098.266] GetSystemMetrics (nIndex=6) returned 1 [0098.266] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.266] GetSystemMetrics (nIndex=5) returned 1 [0098.266] GetSystemMetrics (nIndex=6) returned 1 [0098.266] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.266] GetCurrentThreadId () returned 0xfc0 [0098.266] GetCurrentThreadId () returned 0xfc0 [0098.267] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.267] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.267] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.267] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.267] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.268] GetSystemMetrics (nIndex=5) returned 1 [0098.268] GetSystemMetrics (nIndex=6) returned 1 [0098.268] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.268] GetSystemMetrics (nIndex=5) returned 1 [0098.268] GetSystemMetrics (nIndex=6) returned 1 [0098.268] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.268] GetCurrentThreadId () returned 0xfc0 [0098.268] GetCurrentThreadId () returned 0xfc0 [0098.269] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.269] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.269] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.269] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.269] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.269] GetSystemMetrics (nIndex=5) returned 1 [0098.269] GetSystemMetrics (nIndex=6) returned 1 [0098.269] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.269] GetSystemMetrics (nIndex=5) returned 1 [0098.269] GetSystemMetrics (nIndex=6) returned 1 [0098.269] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.269] GetCurrentThreadId () returned 0xfc0 [0098.269] GetCurrentThreadId () returned 0xfc0 [0098.270] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.270] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.271] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.271] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.271] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.271] GetSystemMetrics (nIndex=5) returned 1 [0098.271] GetSystemMetrics (nIndex=6) returned 1 [0098.271] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.271] GetSystemMetrics (nIndex=5) returned 1 [0098.271] GetSystemMetrics (nIndex=6) returned 1 [0098.271] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.271] GetCurrentThreadId () returned 0xfc0 [0098.271] GetCurrentThreadId () returned 0xfc0 [0098.272] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.272] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.272] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.272] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.273] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.273] GetSystemMetrics (nIndex=5) returned 1 [0098.273] GetSystemMetrics (nIndex=6) returned 1 [0098.273] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.273] GetSystemMetrics (nIndex=5) returned 1 [0098.273] GetSystemMetrics (nIndex=6) returned 1 [0098.273] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.273] GetCurrentThreadId () returned 0xfc0 [0098.273] GetCurrentThreadId () returned 0xfc0 [0098.274] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.274] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.274] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.274] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.274] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.274] GetSystemMetrics (nIndex=5) returned 1 [0098.274] GetSystemMetrics (nIndex=6) returned 1 [0098.274] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.274] GetSystemMetrics (nIndex=5) returned 1 [0098.274] GetSystemMetrics (nIndex=6) returned 1 [0098.275] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.275] GetCurrentThreadId () returned 0xfc0 [0098.275] GetCurrentThreadId () returned 0xfc0 [0098.275] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.275] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.276] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.276] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.276] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.276] GetSystemMetrics (nIndex=5) returned 1 [0098.276] GetSystemMetrics (nIndex=6) returned 1 [0098.276] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.276] GetSystemMetrics (nIndex=5) returned 1 [0098.276] GetSystemMetrics (nIndex=6) returned 1 [0098.276] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.276] GetCurrentThreadId () returned 0xfc0 [0098.276] GetCurrentThreadId () returned 0xfc0 [0098.277] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.277] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.277] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.277] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.277] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.277] GetSystemMetrics (nIndex=5) returned 1 [0098.277] GetSystemMetrics (nIndex=6) returned 1 [0098.277] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.278] GetSystemMetrics (nIndex=5) returned 1 [0098.278] GetSystemMetrics (nIndex=6) returned 1 [0098.278] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.278] GetCurrentThreadId () returned 0xfc0 [0098.278] GetCurrentThreadId () returned 0xfc0 [0098.279] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.279] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.279] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.279] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.279] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.279] GetSystemMetrics (nIndex=5) returned 1 [0098.279] GetSystemMetrics (nIndex=6) returned 1 [0098.279] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.279] GetSystemMetrics (nIndex=5) returned 1 [0098.279] GetSystemMetrics (nIndex=6) returned 1 [0098.279] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.280] GetCurrentThreadId () returned 0xfc0 [0098.280] GetCurrentThreadId () returned 0xfc0 [0098.280] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.280] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.281] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.281] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.281] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.281] GetSystemMetrics (nIndex=5) returned 1 [0098.281] GetSystemMetrics (nIndex=6) returned 1 [0098.281] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.281] GetSystemMetrics (nIndex=5) returned 1 [0098.281] GetSystemMetrics (nIndex=6) returned 1 [0098.281] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.281] GetCurrentThreadId () returned 0xfc0 [0098.281] GetCurrentThreadId () returned 0xfc0 [0098.282] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.282] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.282] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.282] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.282] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.283] GetSystemMetrics (nIndex=5) returned 1 [0098.283] GetSystemMetrics (nIndex=6) returned 1 [0098.283] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.283] GetSystemMetrics (nIndex=5) returned 1 [0098.283] GetSystemMetrics (nIndex=6) returned 1 [0098.283] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.283] GetCurrentThreadId () returned 0xfc0 [0098.283] GetCurrentThreadId () returned 0xfc0 [0098.284] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.284] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.284] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.284] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.284] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.284] GetSystemMetrics (nIndex=5) returned 1 [0098.284] GetSystemMetrics (nIndex=6) returned 1 [0098.284] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.284] GetSystemMetrics (nIndex=5) returned 1 [0098.284] GetSystemMetrics (nIndex=6) returned 1 [0098.284] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.284] GetCurrentThreadId () returned 0xfc0 [0098.285] GetCurrentThreadId () returned 0xfc0 [0098.285] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.285] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.286] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.286] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.286] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.286] GetSystemMetrics (nIndex=5) returned 1 [0098.286] GetSystemMetrics (nIndex=6) returned 1 [0098.286] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.286] GetSystemMetrics (nIndex=5) returned 1 [0098.286] GetSystemMetrics (nIndex=6) returned 1 [0098.286] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.286] GetCurrentThreadId () returned 0xfc0 [0098.286] GetCurrentThreadId () returned 0xfc0 [0098.287] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.287] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.287] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.287] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.287] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.287] GetSystemMetrics (nIndex=5) returned 1 [0098.287] GetSystemMetrics (nIndex=6) returned 1 [0098.287] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.288] GetSystemMetrics (nIndex=5) returned 1 [0098.288] GetSystemMetrics (nIndex=6) returned 1 [0098.288] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.288] GetCurrentThreadId () returned 0xfc0 [0098.288] GetCurrentThreadId () returned 0xfc0 [0098.288] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.288] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.289] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.289] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.289] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.289] GetSystemMetrics (nIndex=5) returned 1 [0098.289] GetSystemMetrics (nIndex=6) returned 1 [0098.289] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.289] GetSystemMetrics (nIndex=5) returned 1 [0098.289] GetSystemMetrics (nIndex=6) returned 1 [0098.289] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.289] GetCurrentThreadId () returned 0xfc0 [0098.289] GetCurrentThreadId () returned 0xfc0 [0098.290] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.290] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.290] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.290] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.291] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.291] GetSystemMetrics (nIndex=5) returned 1 [0098.291] GetSystemMetrics (nIndex=6) returned 1 [0098.291] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.291] GetSystemMetrics (nIndex=5) returned 1 [0098.291] GetSystemMetrics (nIndex=6) returned 1 [0098.291] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.291] GetCurrentThreadId () returned 0xfc0 [0098.291] GetCurrentThreadId () returned 0xfc0 [0098.292] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.292] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.292] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.292] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.292] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.292] GetSystemMetrics (nIndex=5) returned 1 [0098.292] GetSystemMetrics (nIndex=6) returned 1 [0098.292] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.292] GetSystemMetrics (nIndex=5) returned 1 [0098.292] GetSystemMetrics (nIndex=6) returned 1 [0098.293] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.293] GetCurrentThreadId () returned 0xfc0 [0098.293] GetCurrentThreadId () returned 0xfc0 [0098.294] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.294] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.294] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.294] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.294] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.294] GetSystemMetrics (nIndex=5) returned 1 [0098.294] GetSystemMetrics (nIndex=6) returned 1 [0098.295] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.295] GetSystemMetrics (nIndex=5) returned 1 [0098.295] GetSystemMetrics (nIndex=6) returned 1 [0098.295] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.295] GetCurrentThreadId () returned 0xfc0 [0098.295] GetCurrentThreadId () returned 0xfc0 [0098.295] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.296] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.296] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.296] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.296] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.296] GetSystemMetrics (nIndex=5) returned 1 [0098.296] GetSystemMetrics (nIndex=6) returned 1 [0098.296] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.296] GetSystemMetrics (nIndex=5) returned 1 [0098.296] GetSystemMetrics (nIndex=6) returned 1 [0098.296] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.296] GetCurrentThreadId () returned 0xfc0 [0098.296] GetCurrentThreadId () returned 0xfc0 [0098.297] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.297] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.297] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.298] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.298] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.298] GetSystemMetrics (nIndex=5) returned 1 [0098.298] GetSystemMetrics (nIndex=6) returned 1 [0098.298] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.298] GetSystemMetrics (nIndex=5) returned 1 [0098.298] GetSystemMetrics (nIndex=6) returned 1 [0098.298] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.298] GetCurrentThreadId () returned 0xfc0 [0098.298] GetCurrentThreadId () returned 0xfc0 [0098.299] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.299] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.299] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.299] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.299] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.299] GetSystemMetrics (nIndex=5) returned 1 [0098.300] GetSystemMetrics (nIndex=6) returned 1 [0098.300] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.300] GetSystemMetrics (nIndex=5) returned 1 [0098.300] GetSystemMetrics (nIndex=6) returned 1 [0098.300] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.300] GetCurrentThreadId () returned 0xfc0 [0098.300] GetCurrentThreadId () returned 0xfc0 [0098.300] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.300] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.301] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.301] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.301] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.301] GetSystemMetrics (nIndex=5) returned 1 [0098.301] GetSystemMetrics (nIndex=6) returned 1 [0098.301] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.301] GetSystemMetrics (nIndex=5) returned 1 [0098.301] GetSystemMetrics (nIndex=6) returned 1 [0098.301] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.301] GetCurrentThreadId () returned 0xfc0 [0098.301] GetCurrentThreadId () returned 0xfc0 [0098.302] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.302] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.303] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.303] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.303] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.303] GetSystemMetrics (nIndex=5) returned 1 [0098.303] GetSystemMetrics (nIndex=6) returned 1 [0098.303] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.303] GetSystemMetrics (nIndex=5) returned 1 [0098.303] GetSystemMetrics (nIndex=6) returned 1 [0098.303] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.303] GetCurrentThreadId () returned 0xfc0 [0098.303] GetCurrentThreadId () returned 0xfc0 [0098.304] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.304] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.304] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.304] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.304] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.304] GetSystemMetrics (nIndex=5) returned 1 [0098.304] GetSystemMetrics (nIndex=6) returned 1 [0098.304] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.305] GetSystemMetrics (nIndex=5) returned 1 [0098.305] GetSystemMetrics (nIndex=6) returned 1 [0098.305] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.305] GetCurrentThreadId () returned 0xfc0 [0098.305] GetCurrentThreadId () returned 0xfc0 [0098.305] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.306] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.306] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.306] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.306] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.306] GetSystemMetrics (nIndex=5) returned 1 [0098.306] GetSystemMetrics (nIndex=6) returned 1 [0098.306] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.306] GetSystemMetrics (nIndex=5) returned 1 [0098.306] GetSystemMetrics (nIndex=6) returned 1 [0098.306] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.306] GetCurrentThreadId () returned 0xfc0 [0098.306] GetCurrentThreadId () returned 0xfc0 [0098.307] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.307] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.307] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.307] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.308] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.308] GetSystemMetrics (nIndex=5) returned 1 [0098.308] GetSystemMetrics (nIndex=6) returned 1 [0098.308] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.308] GetSystemMetrics (nIndex=5) returned 1 [0098.308] GetSystemMetrics (nIndex=6) returned 1 [0098.308] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.308] GetCurrentThreadId () returned 0xfc0 [0098.308] GetCurrentThreadId () returned 0xfc0 [0098.309] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.309] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.309] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.309] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.309] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.309] GetSystemMetrics (nIndex=5) returned 1 [0098.309] GetSystemMetrics (nIndex=6) returned 1 [0098.309] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.309] GetSystemMetrics (nIndex=5) returned 1 [0098.309] GetSystemMetrics (nIndex=6) returned 1 [0098.309] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.309] GetCurrentThreadId () returned 0xfc0 [0098.309] GetCurrentThreadId () returned 0xfc0 [0098.310] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.310] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.311] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.311] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.311] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.311] GetSystemMetrics (nIndex=5) returned 1 [0098.311] GetSystemMetrics (nIndex=6) returned 1 [0098.311] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.311] GetSystemMetrics (nIndex=5) returned 1 [0098.311] GetSystemMetrics (nIndex=6) returned 1 [0098.311] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.311] GetCurrentThreadId () returned 0xfc0 [0098.311] GetCurrentThreadId () returned 0xfc0 [0098.312] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.312] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.313] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.313] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.313] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.313] GetSystemMetrics (nIndex=5) returned 1 [0098.313] GetSystemMetrics (nIndex=6) returned 1 [0098.313] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.313] GetSystemMetrics (nIndex=5) returned 1 [0098.313] GetSystemMetrics (nIndex=6) returned 1 [0098.313] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.313] GetCurrentThreadId () returned 0xfc0 [0098.313] GetCurrentThreadId () returned 0xfc0 [0098.314] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.314] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.314] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.314] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.314] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.315] GetSystemMetrics (nIndex=5) returned 1 [0098.315] GetSystemMetrics (nIndex=6) returned 1 [0098.315] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.315] GetSystemMetrics (nIndex=5) returned 1 [0098.315] GetSystemMetrics (nIndex=6) returned 1 [0098.315] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.315] GetCurrentThreadId () returned 0xfc0 [0098.315] GetCurrentThreadId () returned 0xfc0 [0098.316] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.316] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.316] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.316] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.316] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.316] GetSystemMetrics (nIndex=5) returned 1 [0098.316] GetSystemMetrics (nIndex=6) returned 1 [0098.316] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.316] GetSystemMetrics (nIndex=5) returned 1 [0098.316] GetSystemMetrics (nIndex=6) returned 1 [0098.316] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.316] GetCurrentThreadId () returned 0xfc0 [0098.316] GetCurrentThreadId () returned 0xfc0 [0098.317] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.317] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.318] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.318] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.318] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.318] GetSystemMetrics (nIndex=5) returned 1 [0098.318] GetSystemMetrics (nIndex=6) returned 1 [0098.318] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.318] GetSystemMetrics (nIndex=5) returned 1 [0098.318] GetSystemMetrics (nIndex=6) returned 1 [0098.318] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.318] GetCurrentThreadId () returned 0xfc0 [0098.318] GetCurrentThreadId () returned 0xfc0 [0098.319] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.319] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.319] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.319] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.320] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.320] GetSystemMetrics (nIndex=5) returned 1 [0098.320] GetSystemMetrics (nIndex=6) returned 1 [0098.320] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.320] GetSystemMetrics (nIndex=5) returned 1 [0098.320] GetSystemMetrics (nIndex=6) returned 1 [0098.320] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.320] GetCurrentThreadId () returned 0xfc0 [0098.320] GetCurrentThreadId () returned 0xfc0 [0098.321] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.321] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.321] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.321] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.321] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.321] GetSystemMetrics (nIndex=5) returned 1 [0098.321] GetSystemMetrics (nIndex=6) returned 1 [0098.321] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.321] GetSystemMetrics (nIndex=5) returned 1 [0098.321] GetSystemMetrics (nIndex=6) returned 1 [0098.321] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.321] GetCurrentThreadId () returned 0xfc0 [0098.321] GetCurrentThreadId () returned 0xfc0 [0098.322] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.322] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.323] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.323] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.323] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.323] GetSystemMetrics (nIndex=5) returned 1 [0098.323] GetSystemMetrics (nIndex=6) returned 1 [0098.323] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.323] GetSystemMetrics (nIndex=5) returned 1 [0098.323] GetSystemMetrics (nIndex=6) returned 1 [0098.323] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.323] GetCurrentThreadId () returned 0xfc0 [0098.323] GetCurrentThreadId () returned 0xfc0 [0098.323] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.323] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.324] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.324] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.324] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.324] GetSystemMetrics (nIndex=5) returned 1 [0098.324] GetSystemMetrics (nIndex=6) returned 1 [0098.324] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.324] GetSystemMetrics (nIndex=5) returned 1 [0098.324] GetSystemMetrics (nIndex=6) returned 1 [0098.324] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.324] GetCurrentThreadId () returned 0xfc0 [0098.324] GetCurrentThreadId () returned 0xfc0 [0098.324] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.324] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.324] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.324] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.324] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.324] GetSystemMetrics (nIndex=5) returned 1 [0098.324] GetSystemMetrics (nIndex=6) returned 1 [0098.324] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.325] GetSystemMetrics (nIndex=5) returned 1 [0098.325] GetSystemMetrics (nIndex=6) returned 1 [0098.325] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.325] GetCurrentThreadId () returned 0xfc0 [0098.325] GetCurrentThreadId () returned 0xfc0 [0098.325] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.325] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.325] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.325] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.325] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.325] GetSystemMetrics (nIndex=5) returned 1 [0098.325] GetSystemMetrics (nIndex=6) returned 1 [0098.325] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.325] GetSystemMetrics (nIndex=5) returned 1 [0098.325] GetSystemMetrics (nIndex=6) returned 1 [0098.325] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.325] GetCurrentThreadId () returned 0xfc0 [0098.325] GetCurrentThreadId () returned 0xfc0 [0098.325] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.326] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.326] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.326] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.326] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.326] GetSystemMetrics (nIndex=5) returned 1 [0098.326] GetSystemMetrics (nIndex=6) returned 1 [0098.326] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.326] GetSystemMetrics (nIndex=5) returned 1 [0098.326] GetSystemMetrics (nIndex=6) returned 1 [0098.326] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.326] GetCurrentThreadId () returned 0xfc0 [0098.326] GetCurrentThreadId () returned 0xfc0 [0098.326] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.326] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.326] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.326] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.326] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.327] GetSystemMetrics (nIndex=5) returned 1 [0098.327] GetSystemMetrics (nIndex=6) returned 1 [0098.327] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.327] GetSystemMetrics (nIndex=5) returned 1 [0098.327] GetSystemMetrics (nIndex=6) returned 1 [0098.327] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.327] GetCurrentThreadId () returned 0xfc0 [0098.327] GetCurrentThreadId () returned 0xfc0 [0098.327] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.327] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.327] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.327] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.327] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.327] GetSystemMetrics (nIndex=5) returned 1 [0098.327] GetSystemMetrics (nIndex=6) returned 1 [0098.327] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.328] GetSystemMetrics (nIndex=5) returned 1 [0098.328] GetSystemMetrics (nIndex=6) returned 1 [0098.328] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.328] GetCurrentThreadId () returned 0xfc0 [0098.328] GetCurrentThreadId () returned 0xfc0 [0098.328] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.328] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.328] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.328] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.328] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.328] GetSystemMetrics (nIndex=5) returned 1 [0098.328] GetSystemMetrics (nIndex=6) returned 1 [0098.328] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.328] GetSystemMetrics (nIndex=5) returned 1 [0098.328] GetSystemMetrics (nIndex=6) returned 1 [0098.328] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.329] GetCurrentThreadId () returned 0xfc0 [0098.329] GetCurrentThreadId () returned 0xfc0 [0098.329] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.329] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.329] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.329] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.329] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.329] GetSystemMetrics (nIndex=5) returned 1 [0098.329] GetSystemMetrics (nIndex=6) returned 1 [0098.331] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.331] GetSystemMetrics (nIndex=5) returned 1 [0098.331] GetSystemMetrics (nIndex=6) returned 1 [0098.331] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.331] GetCurrentThreadId () returned 0xfc0 [0098.331] GetCurrentThreadId () returned 0xfc0 [0098.331] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.331] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.331] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.331] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.331] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.331] GetSystemMetrics (nIndex=5) returned 1 [0098.331] GetSystemMetrics (nIndex=6) returned 1 [0098.331] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.331] GetSystemMetrics (nIndex=5) returned 1 [0098.331] GetSystemMetrics (nIndex=6) returned 1 [0098.331] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.331] GetCurrentThreadId () returned 0xfc0 [0098.331] GetCurrentThreadId () returned 0xfc0 [0098.332] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.332] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.332] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.332] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.332] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.332] GetSystemMetrics (nIndex=5) returned 1 [0098.332] GetSystemMetrics (nIndex=6) returned 1 [0098.332] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.332] GetSystemMetrics (nIndex=5) returned 1 [0098.332] GetSystemMetrics (nIndex=6) returned 1 [0098.332] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.332] GetCurrentThreadId () returned 0xfc0 [0098.332] GetCurrentThreadId () returned 0xfc0 [0098.333] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.333] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.333] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.333] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.333] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.333] GetSystemMetrics (nIndex=5) returned 1 [0098.333] GetSystemMetrics (nIndex=6) returned 1 [0098.333] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.333] GetSystemMetrics (nIndex=5) returned 1 [0098.333] GetSystemMetrics (nIndex=6) returned 1 [0098.333] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.334] GetCurrentThreadId () returned 0xfc0 [0098.334] GetCurrentThreadId () returned 0xfc0 [0098.334] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.334] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.334] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.334] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.334] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.334] GetSystemMetrics (nIndex=5) returned 1 [0098.334] GetSystemMetrics (nIndex=6) returned 1 [0098.334] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.334] GetSystemMetrics (nIndex=5) returned 1 [0098.334] GetSystemMetrics (nIndex=6) returned 1 [0098.335] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.335] GetCurrentThreadId () returned 0xfc0 [0098.335] GetCurrentThreadId () returned 0xfc0 [0098.335] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.335] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.335] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.335] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.335] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.335] GetSystemMetrics (nIndex=5) returned 1 [0098.335] GetSystemMetrics (nIndex=6) returned 1 [0098.336] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.336] GetSystemMetrics (nIndex=5) returned 1 [0098.336] GetSystemMetrics (nIndex=6) returned 1 [0098.336] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.336] GetCurrentThreadId () returned 0xfc0 [0098.336] GetCurrentThreadId () returned 0xfc0 [0098.336] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.336] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.336] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.336] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.336] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.336] GetSystemMetrics (nIndex=5) returned 1 [0098.337] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.337] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.337] GetCurrentThreadId () returned 0xfc0 [0098.337] GetCurrentThreadId () returned 0xfc0 [0098.338] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.338] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.338] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.338] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.338] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.338] GetCurrentThreadId () returned 0xfc0 [0098.338] GetCurrentThreadId () returned 0xfc0 [0098.338] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.339] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.339] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.339] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.339] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.339] GetCurrentThreadId () returned 0xfc0 [0098.339] GetCurrentThreadId () returned 0xfc0 [0098.339] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.339] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.339] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.339] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.339] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.339] GetCurrentThreadId () returned 0xfc0 [0098.339] GetCurrentThreadId () returned 0xfc0 [0098.340] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.340] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.340] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.340] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.340] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.340] GetCurrentThreadId () returned 0xfc0 [0098.340] GetCurrentThreadId () returned 0xfc0 [0098.340] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.340] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.340] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.340] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.340] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.340] GetCurrentThreadId () returned 0xfc0 [0098.340] GetCurrentThreadId () returned 0xfc0 [0098.341] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.341] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.341] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.341] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.341] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.341] GetCurrentThreadId () returned 0xfc0 [0098.341] GetCurrentThreadId () returned 0xfc0 [0098.342] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.342] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.342] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.342] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.342] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.342] GetCurrentThreadId () returned 0xfc0 [0098.342] GetCurrentThreadId () returned 0xfc0 [0098.342] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.342] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.342] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.343] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.343] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.343] GetCurrentThreadId () returned 0xfc0 [0098.343] GetCurrentThreadId () returned 0xfc0 [0098.343] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.343] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.343] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.343] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.343] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.343] GetCurrentThreadId () returned 0xfc0 [0098.343] GetCurrentThreadId () returned 0xfc0 [0098.344] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.344] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.344] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.344] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.344] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.344] GetCurrentThreadId () returned 0xfc0 [0098.344] GetCurrentThreadId () returned 0xfc0 [0098.344] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.344] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.345] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.345] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.345] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.345] GetCurrentThreadId () returned 0xfc0 [0098.345] GetCurrentThreadId () returned 0xfc0 [0098.346] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.346] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.346] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.346] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.346] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.346] GetCurrentThreadId () returned 0xfc0 [0098.346] GetCurrentThreadId () returned 0xfc0 [0098.346] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.346] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.346] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.347] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.347] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.347] GetCurrentThreadId () returned 0xfc0 [0098.347] GetCurrentThreadId () returned 0xfc0 [0098.347] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.347] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.347] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.347] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.347] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.347] GetCurrentThreadId () returned 0xfc0 [0098.347] GetCurrentThreadId () returned 0xfc0 [0098.348] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.348] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.348] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.348] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.348] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.348] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.348] GetCurrentThreadId () returned 0xfc0 [0098.348] GetCurrentThreadId () returned 0xfc0 [0098.349] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.349] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.349] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.349] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.349] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.349] GetCurrentThreadId () returned 0xfc0 [0098.349] GetCurrentThreadId () returned 0xfc0 [0098.349] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.350] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.350] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.350] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.350] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.350] GetCurrentThreadId () returned 0xfc0 [0098.350] GetCurrentThreadId () returned 0xfc0 [0098.350] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.350] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.350] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.351] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.351] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.351] GetCurrentThreadId () returned 0xfc0 [0098.351] GetCurrentThreadId () returned 0xfc0 [0098.351] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.351] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.351] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.351] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.351] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.351] GetCurrentThreadId () returned 0xfc0 [0098.351] GetCurrentThreadId () returned 0xfc0 [0098.351] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.351] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.351] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.351] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.351] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.351] GetCurrentThreadId () returned 0xfc0 [0098.352] GetCurrentThreadId () returned 0xfc0 [0098.352] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.352] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.352] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.352] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.352] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.352] GetCurrentThreadId () returned 0xfc0 [0098.352] GetCurrentThreadId () returned 0xfc0 [0098.352] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.352] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.352] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.352] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.352] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.352] GetCurrentThreadId () returned 0xfc0 [0098.353] GetCurrentThreadId () returned 0xfc0 [0098.353] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.353] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.353] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.353] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.353] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.353] GetCurrentThreadId () returned 0xfc0 [0098.353] GetCurrentThreadId () returned 0xfc0 [0098.353] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.353] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.353] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.353] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.353] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.354] GetCurrentThreadId () returned 0xfc0 [0098.354] GetCurrentThreadId () returned 0xfc0 [0098.354] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.354] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.354] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.354] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.354] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.354] GetCurrentThreadId () returned 0xfc0 [0098.354] GetCurrentThreadId () returned 0xfc0 [0098.354] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.354] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.354] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.354] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.355] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.355] GetCurrentThreadId () returned 0xfc0 [0098.355] GetCurrentThreadId () returned 0xfc0 [0098.355] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.355] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.355] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.355] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.355] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.355] GetCurrentThreadId () returned 0xfc0 [0098.355] GetCurrentThreadId () returned 0xfc0 [0098.355] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.355] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.355] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.355] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.355] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.355] GetCurrentThreadId () returned 0xfc0 [0098.355] GetCurrentThreadId () returned 0xfc0 [0098.356] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.356] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.356] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.356] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.356] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.356] GetCurrentThreadId () returned 0xfc0 [0098.356] GetCurrentThreadId () returned 0xfc0 [0098.356] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.356] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.356] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.356] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.356] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.356] GetCurrentThreadId () returned 0xfc0 [0098.356] GetCurrentThreadId () returned 0xfc0 [0098.357] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.357] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.357] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.357] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.357] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.357] GetCurrentThreadId () returned 0xfc0 [0098.357] GetCurrentThreadId () returned 0xfc0 [0098.357] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.357] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.357] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.357] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.357] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.357] GetCurrentThreadId () returned 0xfc0 [0098.357] GetCurrentThreadId () returned 0xfc0 [0098.358] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e340) returned 0x0 [0098.358] GdipGetFontHeight (font=0xad90e68, graphics=0xaf1b6d0, height=0x43e338) returned 0x0 [0098.358] GdipDeleteGraphics (graphics=0xaf1b6d0) returned 0x0 [0098.358] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e468) returned 1 [0098.358] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x43e3cc) returned 1 [0098.358] GetCurrentThreadId () returned 0xfc0 [0098.358] GetCurrentThreadId () returned 0xfc0 [0098.381] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.381] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.389] GetProcessWindowStation () returned 0x60 [0098.390] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x274c928, nLength=0xc, lpnLengthNeeded=0x43e2a8 | out: pvInfo=0x274c928, lpnLengthNeeded=0x43e2a8) returned 1 [0098.393] SetConsoleCtrlHandler (HandlerRoutine=0x4fe0836, Add=1) returned 1 [0098.394] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0098.395] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0098.396] GetClassInfoW (in: hInstance=0x11e0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWndClass=0x274c98c | out: lpWndClass=0x274c98c) returned 0 [0098.399] CoTaskMemAlloc (cb=0x56) returned 0x54c6c58 [0098.399] RegisterClassW (lpWndClass=0x43e1f8) returned 0xc1cd [0098.399] CoTaskMemFree (pv=0x54c6c58) [0098.400] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x11e0000, lpParam=0x0) returned 0x40064 [0098.402] NtdllDefWindowProc_W () returned 0x1 [0098.405] NtdllDefWindowProc_W () returned 0x0 [0098.405] NtdllDefWindowProc_W () returned 0x0 [0098.405] NtdllDefWindowProc_W () returned 0x0 [0098.405] NtdllDefWindowProc_W () returned 0x0 [0098.408] GetSysColor (nIndex=10) returned 0xb4b4b4 [0098.408] GetSysColor (nIndex=2) returned 0xd1b499 [0098.408] GetSysColor (nIndex=9) returned 0x0 [0098.409] GetSysColor (nIndex=12) returned 0xababab [0098.409] GetSysColor (nIndex=15) returned 0xf0f0f0 [0098.409] GetSysColor (nIndex=20) returned 0xffffff [0098.409] GetSysColor (nIndex=16) returned 0xa0a0a0 [0098.409] GetSysColor (nIndex=15) returned 0xf0f0f0 [0098.409] GetSysColor (nIndex=16) returned 0xa0a0a0 [0098.409] GetSysColor (nIndex=21) returned 0x696969 [0098.409] GetSysColor (nIndex=22) returned 0xe3e3e3 [0098.409] GetSysColor (nIndex=20) returned 0xffffff [0098.409] GetSysColor (nIndex=18) returned 0x0 [0098.409] GetSysColor (nIndex=1) returned 0x0 [0098.409] GetSysColor (nIndex=27) returned 0xead1b9 [0098.409] GetSysColor (nIndex=28) returned 0xf2e4d7 [0098.409] GetSysColor (nIndex=17) returned 0x6d6d6d [0098.409] GetSysColor (nIndex=13) returned 0xff9933 [0098.409] GetSysColor (nIndex=14) returned 0xffffff [0098.409] GetSysColor (nIndex=26) returned 0xcc6600 [0098.410] GetSysColor (nIndex=11) returned 0xfcf7f4 [0098.410] GetSysColor (nIndex=3) returned 0xdbcdbf [0098.410] GetSysColor (nIndex=19) returned 0x544e43 [0098.410] GetSysColor (nIndex=24) returned 0xe1ffff [0098.410] GetSysColor (nIndex=23) returned 0x0 [0098.410] GetSysColor (nIndex=4) returned 0xf0f0f0 [0098.410] GetSysColor (nIndex=30) returned 0xf0f0f0 [0098.410] GetSysColor (nIndex=29) returned 0xff9933 [0098.410] GetSysColor (nIndex=7) returned 0x0 [0098.410] GetSysColor (nIndex=0) returned 0xc8c8c8 [0098.410] GetSysColor (nIndex=5) returned 0xffffff [0098.410] GetSysColor (nIndex=6) returned 0x646464 [0098.410] GetSysColor (nIndex=8) returned 0x0 [0098.410] GetCurrentThreadId () returned 0xfc0 [0098.410] GetCurrentThreadId () returned 0xfc0 [0098.412] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.412] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.413] GetCurrentThreadId () returned 0xfc0 [0098.413] GetCurrentThreadId () returned 0xfc0 [0098.414] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.414] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.414] GetCurrentThreadId () returned 0xfc0 [0098.414] GetCurrentThreadId () returned 0xfc0 [0098.415] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.415] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.415] GetCurrentThreadId () returned 0xfc0 [0098.415] GetCurrentThreadId () returned 0xfc0 [0098.416] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.416] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.416] GetCurrentThreadId () returned 0xfc0 [0098.416] GetCurrentThreadId () returned 0xfc0 [0098.416] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.417] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.417] GetCurrentThreadId () returned 0xfc0 [0098.417] GetCurrentThreadId () returned 0xfc0 [0098.417] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.417] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.417] GetCurrentThreadId () returned 0xfc0 [0098.417] GetCurrentThreadId () returned 0xfc0 [0098.418] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.418] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.418] GetCurrentThreadId () returned 0xfc0 [0098.418] GetCurrentThreadId () returned 0xfc0 [0098.420] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.420] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.420] GetCurrentThreadId () returned 0xfc0 [0098.420] GetCurrentThreadId () returned 0xfc0 [0098.421] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.421] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.421] GetCurrentThreadId () returned 0xfc0 [0098.421] GetCurrentThreadId () returned 0xfc0 [0098.422] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.422] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.422] GetCurrentThreadId () returned 0xfc0 [0098.422] GetCurrentThreadId () returned 0xfc0 [0098.422] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.422] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.422] GetCurrentThreadId () returned 0xfc0 [0098.423] GetCurrentThreadId () returned 0xfc0 [0098.424] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.424] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.424] GetCurrentThreadId () returned 0xfc0 [0098.424] GetCurrentThreadId () returned 0xfc0 [0098.425] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.425] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.425] GetCurrentThreadId () returned 0xfc0 [0098.425] GetCurrentThreadId () returned 0xfc0 [0098.426] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.426] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.426] GetCurrentThreadId () returned 0xfc0 [0098.426] GetCurrentThreadId () returned 0xfc0 [0098.427] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.427] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.427] GetCurrentThreadId () returned 0xfc0 [0098.427] GetCurrentThreadId () returned 0xfc0 [0098.428] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.428] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.428] GetCurrentThreadId () returned 0xfc0 [0098.428] GetCurrentThreadId () returned 0xfc0 [0098.429] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.429] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.429] GetCurrentThreadId () returned 0xfc0 [0098.429] GetCurrentThreadId () returned 0xfc0 [0098.430] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.430] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.430] GetCurrentThreadId () returned 0xfc0 [0098.430] GetCurrentThreadId () returned 0xfc0 [0098.430] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.431] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.431] GetCurrentThreadId () returned 0xfc0 [0098.431] GetCurrentThreadId () returned 0xfc0 [0098.431] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.431] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.432] GetCurrentThreadId () returned 0xfc0 [0098.432] GetCurrentThreadId () returned 0xfc0 [0098.432] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.432] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.432] GetCurrentThreadId () returned 0xfc0 [0098.432] GetCurrentThreadId () returned 0xfc0 [0098.433] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.433] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.433] GetCurrentThreadId () returned 0xfc0 [0098.433] GetCurrentThreadId () returned 0xfc0 [0098.434] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.434] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.434] GetCurrentThreadId () returned 0xfc0 [0098.434] GetCurrentThreadId () returned 0xfc0 [0098.435] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.435] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.435] GetCurrentThreadId () returned 0xfc0 [0098.435] GetCurrentThreadId () returned 0xfc0 [0098.436] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.436] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.436] GetCurrentThreadId () returned 0xfc0 [0098.436] GetCurrentThreadId () returned 0xfc0 [0098.437] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.437] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.437] GetCurrentThreadId () returned 0xfc0 [0098.437] GetCurrentThreadId () returned 0xfc0 [0098.438] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.438] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.438] GetCurrentThreadId () returned 0xfc0 [0098.438] GetCurrentThreadId () returned 0xfc0 [0098.440] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.440] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.440] GetCurrentThreadId () returned 0xfc0 [0098.440] GetCurrentThreadId () returned 0xfc0 [0098.441] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.441] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.441] GetCurrentThreadId () returned 0xfc0 [0098.441] GetCurrentThreadId () returned 0xfc0 [0098.442] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.442] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.442] GetCurrentThreadId () returned 0xfc0 [0098.442] GetCurrentThreadId () returned 0xfc0 [0098.443] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.443] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.443] GetCurrentThreadId () returned 0xfc0 [0098.443] GetCurrentThreadId () returned 0xfc0 [0098.444] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.444] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.444] GetCurrentThreadId () returned 0xfc0 [0098.444] GetCurrentThreadId () returned 0xfc0 [0098.445] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.445] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.445] GetCurrentThreadId () returned 0xfc0 [0098.445] GetCurrentThreadId () returned 0xfc0 [0098.446] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.446] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.446] GetCurrentThreadId () returned 0xfc0 [0098.446] GetCurrentThreadId () returned 0xfc0 [0098.447] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.447] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.447] GetCurrentThreadId () returned 0xfc0 [0098.447] GetCurrentThreadId () returned 0xfc0 [0098.447] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.448] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.448] GetCurrentThreadId () returned 0xfc0 [0098.448] GetCurrentThreadId () returned 0xfc0 [0098.448] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.448] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.448] GetCurrentThreadId () returned 0xfc0 [0098.449] GetCurrentThreadId () returned 0xfc0 [0098.449] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.449] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.449] GetCurrentThreadId () returned 0xfc0 [0098.449] GetCurrentThreadId () returned 0xfc0 [0098.450] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.450] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.450] GetCurrentThreadId () returned 0xfc0 [0098.450] GetCurrentThreadId () returned 0xfc0 [0098.451] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.451] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.451] GetCurrentThreadId () returned 0xfc0 [0098.451] GetCurrentThreadId () returned 0xfc0 [0098.452] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.452] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.452] GetCurrentThreadId () returned 0xfc0 [0098.452] GetCurrentThreadId () returned 0xfc0 [0098.453] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.453] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.453] GetCurrentThreadId () returned 0xfc0 [0098.453] GetCurrentThreadId () returned 0xfc0 [0098.454] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.454] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.454] GetCurrentThreadId () returned 0xfc0 [0098.454] GetCurrentThreadId () returned 0xfc0 [0098.455] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.455] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.455] GetCurrentThreadId () returned 0xfc0 [0098.455] GetCurrentThreadId () returned 0xfc0 [0098.456] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.456] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.456] GetCurrentThreadId () returned 0xfc0 [0098.456] GetCurrentThreadId () returned 0xfc0 [0098.456] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.456] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.457] GetCurrentThreadId () returned 0xfc0 [0098.457] GetCurrentThreadId () returned 0xfc0 [0098.458] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.458] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.458] GetCurrentThreadId () returned 0xfc0 [0098.458] GetCurrentThreadId () returned 0xfc0 [0098.458] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.459] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.459] GetCurrentThreadId () returned 0xfc0 [0098.459] GetCurrentThreadId () returned 0xfc0 [0098.459] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.459] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.459] GetCurrentThreadId () returned 0xfc0 [0098.459] GetCurrentThreadId () returned 0xfc0 [0098.460] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.460] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.460] GetCurrentThreadId () returned 0xfc0 [0098.460] GetCurrentThreadId () returned 0xfc0 [0098.462] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.462] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.462] GetCurrentThreadId () returned 0xfc0 [0098.462] GetCurrentThreadId () returned 0xfc0 [0098.463] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.463] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.463] GetCurrentThreadId () returned 0xfc0 [0098.463] GetCurrentThreadId () returned 0xfc0 [0098.464] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.464] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.464] GetCurrentThreadId () returned 0xfc0 [0098.464] GetCurrentThreadId () returned 0xfc0 [0098.465] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.465] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.465] GetCurrentThreadId () returned 0xfc0 [0098.465] GetCurrentThreadId () returned 0xfc0 [0098.466] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.466] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.466] GetCurrentThreadId () returned 0xfc0 [0098.466] GetCurrentThreadId () returned 0xfc0 [0098.466] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.467] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.467] GetCurrentThreadId () returned 0xfc0 [0098.467] GetCurrentThreadId () returned 0xfc0 [0098.467] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.468] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.468] GetCurrentThreadId () returned 0xfc0 [0098.468] GetCurrentThreadId () returned 0xfc0 [0098.468] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.468] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.468] GetCurrentThreadId () returned 0xfc0 [0098.468] GetCurrentThreadId () returned 0xfc0 [0098.469] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.469] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.469] GetCurrentThreadId () returned 0xfc0 [0098.469] GetCurrentThreadId () returned 0xfc0 [0098.472] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.472] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.472] GetCurrentThreadId () returned 0xfc0 [0098.472] GetCurrentThreadId () returned 0xfc0 [0098.473] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.473] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.473] GetCurrentThreadId () returned 0xfc0 [0098.473] GetCurrentThreadId () returned 0xfc0 [0098.473] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.474] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.474] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.474] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.474] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.474] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.474] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.474] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.474] GetCurrentThreadId () returned 0xfc0 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.475] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.475] GetCurrentThreadId () returned 0xfc0 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.476] GetCurrentThreadId () returned 0xfc0 [0098.476] GetCurrentThreadId () returned 0xfc0 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.476] GetCurrentThreadId () returned 0xfc0 [0098.476] GetCurrentThreadId () returned 0xfc0 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.476] GetCurrentThreadId () returned 0xfc0 [0098.476] GetCurrentThreadId () returned 0xfc0 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.476] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.477] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.477] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.477] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.477] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.477] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.477] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.477] GetCurrentThreadId () returned 0xfc0 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.478] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.478] GetCurrentThreadId () returned 0xfc0 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.479] GetCurrentThreadId () returned 0xfc0 [0098.479] GetCurrentThreadId () returned 0xfc0 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.479] GetCurrentThreadId () returned 0xfc0 [0098.479] GetCurrentThreadId () returned 0xfc0 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.479] GetCurrentThreadId () returned 0xfc0 [0098.479] GetCurrentThreadId () returned 0xfc0 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.479] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.479] GetCurrentThreadId () returned 0xfc0 [0098.480] GetCurrentThreadId () returned 0xfc0 [0098.480] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.480] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.480] GetCurrentThreadId () returned 0xfc0 [0098.480] GetCurrentThreadId () returned 0xfc0 [0098.480] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.480] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.480] GetCurrentThreadId () returned 0xfc0 [0098.480] GetCurrentThreadId () returned 0xfc0 [0098.480] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.480] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.480] GetCurrentThreadId () returned 0xfc0 [0098.480] GetCurrentThreadId () returned 0xfc0 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.481] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.481] GetCurrentThreadId () returned 0xfc0 [0098.482] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.482] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.482] GetCurrentThreadId () returned 0xfc0 [0098.482] GetCurrentThreadId () returned 0xfc0 [0098.482] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.482] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.482] GetCurrentThreadId () returned 0xfc0 [0098.482] GetCurrentThreadId () returned 0xfc0 [0098.482] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.482] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.482] GetCurrentThreadId () returned 0xfc0 [0098.482] GetCurrentThreadId () returned 0xfc0 [0098.482] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.483] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.483] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.483] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.483] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.483] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.483] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.483] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.483] GetCurrentThreadId () returned 0xfc0 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.484] GetCurrentThreadId () returned 0xfc0 [0098.484] GetCurrentThreadId () returned 0xfc0 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.484] GetCurrentThreadId () returned 0xfc0 [0098.484] GetCurrentThreadId () returned 0xfc0 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.484] GetCurrentThreadId () returned 0xfc0 [0098.484] GetCurrentThreadId () returned 0xfc0 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.484] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.485] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.485] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.485] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.485] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.485] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.485] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.485] GetCurrentThreadId () returned 0xfc0 [0098.486] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.486] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.486] GetCurrentThreadId () returned 0xfc0 [0098.486] GetCurrentThreadId () returned 0xfc0 [0098.486] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.486] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.486] GetCurrentThreadId () returned 0xfc0 [0098.486] GetCurrentThreadId () returned 0xfc0 [0098.486] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.486] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.486] GetCurrentThreadId () returned 0xfc0 [0098.486] GetCurrentThreadId () returned 0xfc0 [0098.486] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.487] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.487] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.487] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.487] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.487] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.487] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.487] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.487] GetCurrentThreadId () returned 0xfc0 [0098.488] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.488] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.488] GetCurrentThreadId () returned 0xfc0 [0098.488] GetCurrentThreadId () returned 0xfc0 [0098.488] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.488] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.488] GetCurrentThreadId () returned 0xfc0 [0098.488] GetCurrentThreadId () returned 0xfc0 [0098.488] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.488] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.488] GetCurrentThreadId () returned 0xfc0 [0098.488] GetCurrentThreadId () returned 0xfc0 [0098.488] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.489] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.489] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.489] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.489] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.489] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.489] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.489] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.489] GetCurrentThreadId () returned 0xfc0 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.490] GetCurrentThreadId () returned 0xfc0 [0098.490] GetCurrentThreadId () returned 0xfc0 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.490] GetCurrentThreadId () returned 0xfc0 [0098.490] GetCurrentThreadId () returned 0xfc0 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.490] GetCurrentThreadId () returned 0xfc0 [0098.490] GetCurrentThreadId () returned 0xfc0 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.490] AdjustWindowRectEx (in: lpRect=0x43e3f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3f8) returned 1 [0098.490] GetCurrentThreadId () returned 0xfc0 [0098.491] GetCurrentThreadId () returned 0xfc0 [0098.491] AdjustWindowRectEx (in: lpRect=0x43e46c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e46c) returned 1 [0098.491] AdjustWindowRectEx (in: lpRect=0x43e3cc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3cc) returned 1 [0098.491] GetCurrentThreadId () returned 0xfc0 [0098.491] AdjustWindowRectEx (in: lpRect=0x43e468, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e468) returned 1 [0098.517] GdipCreateSolidFill (color=0xffababab, brush=0x43e394) returned 0x0 [0098.675] GetSystemMetrics (nIndex=3) returned 17 [0098.675] AdjustWindowRectEx (in: lpRect=0x43e3c0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3c0) returned 1 [0098.676] GetSystemMetrics (nIndex=2) returned 17 [0098.676] AdjustWindowRectEx (in: lpRect=0x43e3c0, dwStyle=0x56010001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3c0) returned 1 [0098.677] AdjustWindowRectEx (in: lpRect=0x43e3d0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3d0) returned 1 [0098.681] GdipCreatePen1 (color=0xffa0a0a0, width=0x3f800000, unit=0x0, pen=0x43e3c0) returned 0x0 [0098.689] GetSystemMetrics (nIndex=68) returned 4 [0098.689] GetSystemMetrics (nIndex=69) returned 4 [0098.718] AdjustWindowRectEx (in: lpRect=0x43e34c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e34c) returned 1 [0098.724] GetCurrentThreadId () returned 0xfc0 [0098.724] GetCurrentThreadId () returned 0xfc0 [0098.728] AdjustWindowRectEx (in: lpRect=0x43e350, dwStyle=0x56000001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e350) returned 1 [0098.728] GetCurrentThreadId () returned 0xfc0 [0098.728] GetCurrentThreadId () returned 0xfc0 [0098.729] AdjustWindowRectEx (in: lpRect=0x43e3c0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x43e3c0) returned 1 [0098.949] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.949] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e398) returned 0x0 [0098.949] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e390) returned 0x0 [0098.949] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.949] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.952] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.952] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e384) returned 0x0 [0098.952] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e37c) returned 0x0 [0098.952] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.952] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.989] GetCurrentThreadId () returned 0xfc0 [0098.989] GetCurrentThreadId () returned 0xfc0 [0098.990] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.990] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.991] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.991] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.991] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.992] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.992] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.993] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.993] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.993] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.993] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.993] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.994] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.994] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.994] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.994] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.994] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.994] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.995] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.995] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.995] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.995] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.995] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.996] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.996] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.996] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.996] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.996] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.997] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.997] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.997] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.997] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.997] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.997] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.998] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.998] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.998] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0098.999] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0098.999] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0098.999] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0098.999] GetDC (hWnd=0x0) returned 0x3a010b54 [0098.999] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.000] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.000] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.000] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.000] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.000] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.001] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.001] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.001] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.001] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.001] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.001] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.001] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.002] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.002] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.002] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.002] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.002] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.002] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.003] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.003] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.003] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.003] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.003] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.004] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.004] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.004] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.004] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.004] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.004] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.004] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.005] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.005] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.005] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.005] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.005] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.006] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.006] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.006] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.006] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.006] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.007] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.007] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.007] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.007] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.007] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.008] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.008] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.008] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.008] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.008] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.009] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.009] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.009] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.009] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.009] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.009] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.010] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.010] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.010] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.010] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.010] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.010] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.011] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.011] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.011] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.011] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.011] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.011] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.012] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.012] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.012] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.012] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.012] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.013] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.013] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.013] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.014] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.014] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.014] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.014] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.014] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.014] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.015] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.015] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.015] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.015] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.015] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.015] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.016] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.016] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.016] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.017] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.017] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.017] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.017] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.017] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.017] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.018] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.018] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.018] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.018] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.018] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.018] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.019] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.019] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e3d8) returned 0x0 [0099.019] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e3d0) returned 0x0 [0099.019] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.019] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.073] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.073] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.073] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.073] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.073] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.092] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.092] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.092] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.092] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.092] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.108] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.108] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.109] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.109] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.109] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.109] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.109] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.110] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.110] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.110] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.111] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.111] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.111] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.111] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.111] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.111] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.111] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.112] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.112] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.112] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.112] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.112] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.112] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.112] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.113] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.113] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.113] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.113] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.113] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.113] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.114] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.114] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.114] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.114] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.114] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.114] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.114] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.115] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.115] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.115] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.115] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.115] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.115] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.115] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.115] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.116] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.116] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.116] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.116] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.116] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.117] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.117] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.117] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.117] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.117] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.117] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.117] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.117] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.118] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.118] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.118] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.118] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.118] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.118] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.118] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.119] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.119] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.119] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.119] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.119] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.119] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.119] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.120] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.120] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.120] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.120] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.120] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.120] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.120] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.120] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.121] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.121] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.121] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.121] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.121] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.122] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.122] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.122] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.122] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.122] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.122] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.122] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.122] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.122] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.123] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.123] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.123] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.123] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.123] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.123] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.124] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.124] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.124] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.124] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.124] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.124] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.124] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.125] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.125] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.125] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.125] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.125] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.125] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.125] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.126] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.126] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.126] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.126] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.126] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.126] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.127] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.127] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.127] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.127] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.127] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.127] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.127] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.128] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.128] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.128] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.128] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.128] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.128] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.128] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.128] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.129] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.129] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.129] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.129] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.129] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.130] GetDC (hWnd=0x0) returned 0x3a010b54 [0099.130] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x43e174) returned 0x0 [0099.130] GdipGetFontHeight (font=0xad90e68, graphics=0xacc4d48, height=0x43e16c) returned 0x0 [0099.130] GdipDeleteGraphics (graphics=0xacc4d48) returned 0x0 [0099.130] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0099.135] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43dc30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0099.171] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe\\:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe\\:zone.identifier")) returned 0 [0099.224] GetCurrentProcessId () returned 0xfbc [0099.225] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x5ac [0099.225] EnumProcessModules (in: hProcess=0x5ac, lphModule=0x27746a4, cb=0x100, lpcbNeeded=0x43dff8 | out: lphModule=0x27746a4, lpcbNeeded=0x43dff8) returned 1 [0099.227] EnumProcessModules (in: hProcess=0x5ac, lphModule=0x27747b0, cb=0x200, lpcbNeeded=0x43dff8 | out: lphModule=0x27747b0, lpcbNeeded=0x43dff8) returned 1 [0099.228] GetModuleInformation (in: hProcess=0x5ac, hModule=0x11e0000, lpmodinfo=0x27749f0, cb=0xc | out: lpmodinfo=0x27749f0*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0099.229] CoTaskMemAlloc (cb=0x804) returned 0x5a81718 [0099.229] GetModuleBaseNameW (in: hProcess=0x5ac, hModule=0x11e0000, lpBaseName=0x5a81718, nSize=0x800 | out: lpBaseName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") returned 0x44 [0099.229] CoTaskMemFree (pv=0x5a81718) [0099.229] CoTaskMemAlloc (cb=0x804) returned 0x5a81718 [0099.229] GetModuleFileNameExW (in: hProcess=0x5ac, hModule=0x11e0000, lpFilename=0x5a81718, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe")) returned 0x5f [0099.230] CoTaskMemFree (pv=0x5a81718) [0099.230] CloseHandle (hObject=0x5ac) returned 1 [0099.453] GdipLoadImageFromStream (stream=0x610030, image=0x43daa0) returned 0x0 [0099.791] GdipImageForceValidation (image=0xacc4d48) returned 0x0 [0099.806] GdipGetImageType (image=0xacc4d48, type=0x43da9c) returned 0x0 [0099.806] GdipGetImageRawFormat (image=0xacc4d48, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0099.818] GdipLoadImageFromStream (stream=0x610010, image=0x43daa0) returned 0x0 [0099.820] GdipImageForceValidation (image=0xacc5610) returned 0x0 [0099.832] GdipGetImageType (image=0xacc5610, type=0x43da9c) returned 0x0 [0099.832] GdipGetImageRawFormat (image=0xacc5610, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0099.849] GdipLoadImageFromStream (stream=0x61fff0, image=0x43daa0) returned 0x0 [0099.850] GdipImageForceValidation (image=0xaf6b780) returned 0x0 [0099.863] GdipGetImageType (image=0xaf6b780, type=0x43da9c) returned 0x0 [0099.863] GdipGetImageRawFormat (image=0xaf6b780, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0099.881] GdipLoadImageFromStream (stream=0x61ffd0, image=0x43daa0) returned 0x0 [0099.882] GdipImageForceValidation (image=0xaf71808) returned 0x0 [0099.894] GdipGetImageType (image=0xaf71808, type=0x43da9c) returned 0x0 [0099.894] GdipGetImageRawFormat (image=0xaf71808, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0099.910] GdipLoadImageFromStream (stream=0x61ffb0, image=0x43daa0) returned 0x0 [0099.912] GdipImageForceValidation (image=0xaf77890) returned 0x0 [0099.923] GdipGetImageType (image=0xaf77890, type=0x43da9c) returned 0x0 [0099.923] GdipGetImageRawFormat (image=0xaf77890, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0099.939] GdipLoadImageFromStream (stream=0x61ff90, image=0x43daa0) returned 0x0 [0099.940] GdipImageForceValidation (image=0xaf7d918) returned 0x0 [0099.951] GdipGetImageType (image=0xaf7d918, type=0x43da9c) returned 0x0 [0099.951] GdipGetImageRawFormat (image=0xaf7d918, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0099.967] GdipLoadImageFromStream (stream=0x61ff70, image=0x43daa0) returned 0x0 [0099.970] GdipImageForceValidation (image=0xaf839a0) returned 0x0 [0099.982] GdipGetImageType (image=0xaf839a0, type=0x43da9c) returned 0x0 [0099.982] GdipGetImageRawFormat (image=0xaf839a0, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0099.997] GdipLoadImageFromStream (stream=0x61ff50, image=0x43daa0) returned 0x0 [0100.010] GdipImageForceValidation (image=0xaf89a28) returned 0x0 [0100.021] GdipGetImageType (image=0xaf89a28, type=0x43da9c) returned 0x0 [0100.021] GdipGetImageRawFormat (image=0xaf89a28, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.036] GdipLoadImageFromStream (stream=0x61ff30, image=0x43daa0) returned 0x0 [0100.037] GdipImageForceValidation (image=0xaf8fab0) returned 0x0 [0100.048] GdipGetImageType (image=0xaf8fab0, type=0x43da9c) returned 0x0 [0100.048] GdipGetImageRawFormat (image=0xaf8fab0, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.065] GdipLoadImageFromStream (stream=0x61ff10, image=0x43daa0) returned 0x0 [0100.066] GdipImageForceValidation (image=0xaf95b38) returned 0x0 [0100.078] GdipGetImageType (image=0xaf95b38, type=0x43da9c) returned 0x0 [0100.078] GdipGetImageRawFormat (image=0xaf95b38, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.093] GdipLoadImageFromStream (stream=0x61fef0, image=0x43daa0) returned 0x0 [0100.095] GdipImageForceValidation (image=0xaf9c3c0) returned 0x0 [0100.106] GdipGetImageType (image=0xaf9c3c0, type=0x43da9c) returned 0x0 [0100.106] GdipGetImageRawFormat (image=0xaf9c3c0, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.123] GdipLoadImageFromStream (stream=0x61fed0, image=0x43daa0) returned 0x0 [0100.124] GdipImageForceValidation (image=0xafa2448) returned 0x0 [0100.137] GdipGetImageType (image=0xafa2448, type=0x43da9c) returned 0x0 [0100.137] GdipGetImageRawFormat (image=0xafa2448, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.162] GdipLoadImageFromStream (stream=0x61feb0, image=0x43daa0) returned 0x0 [0100.164] GdipImageForceValidation (image=0xafaa440) returned 0x0 [0100.176] GdipGetImageType (image=0xafaa440, type=0x43da9c) returned 0x0 [0100.176] GdipGetImageRawFormat (image=0xafaa440, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.192] GdipLoadImageFromStream (stream=0x61fe90, image=0x43daa0) returned 0x0 [0100.194] GdipImageForceValidation (image=0xafb0438) returned 0x0 [0100.206] GdipGetImageType (image=0xafb0438, type=0x43da9c) returned 0x0 [0100.206] GdipGetImageRawFormat (image=0xafb0438, format=0x43da10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.256] GdipGetImageWidth (image=0xacc4d48, width=0x43dfd8) returned 0x0 [0100.256] GdipGetImageHeight (image=0xacc4d48, height=0x43dfd8) returned 0x0 [0100.270] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.271] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5a90b80 [0100.271] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5a90b80 | out: encoders=0x5a90b80) returned 0x0 [0100.282] LocalFree (hMem=0x5a90b80) returned 0x0 [0100.294] GdipSaveImageToStream (image=0xacc4d48, stream=0x61fe70, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.347] GdipCreateBitmapFromStream (stream=0x61fe50, bitmap=0x43dfe0) returned 0x0 [0100.351] GdipImageForceValidation (image=0xafb8300) returned 0x0 [0100.352] GdipGetImageRawFormat (image=0xafb8300, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.359] GdipBitmapLockBits (bitmap=0xafb8300, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x2850314) returned 0x0 [0100.375] GdipBitmapUnlockBits (bitmap=0xafb8300, lockedBitmapData=0x2850314) returned 0x0 [0100.375] GdipGetImageWidth (image=0xacc5610, width=0x43dfd8) returned 0x0 [0100.375] GdipGetImageHeight (image=0xacc5610, height=0x43dfd8) returned 0x0 [0100.375] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.375] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aa19d8 [0100.376] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aa19d8 | out: encoders=0x5aa19d8) returned 0x0 [0100.376] LocalFree (hMem=0x5aa19d8) returned 0x0 [0100.377] GdipSaveImageToStream (image=0xacc5610, stream=0x61fe30, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.403] GdipCreateBitmapFromStream (stream=0x61fe10, bitmap=0x43dfe0) returned 0x0 [0100.405] GdipImageForceValidation (image=0xafbe1c8) returned 0x0 [0100.407] GdipGetImageRawFormat (image=0xafbe1c8, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.407] GdipBitmapLockBits (bitmap=0xafbe1c8, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x2869e1c) returned 0x0 [0100.419] GdipBitmapUnlockBits (bitmap=0xafbe1c8, lockedBitmapData=0x2869e1c) returned 0x0 [0100.419] GdipGetImageWidth (image=0xaf6b780, width=0x43dfd8) returned 0x0 [0100.419] GdipGetImageHeight (image=0xaf6b780, height=0x43dfd8) returned 0x0 [0100.419] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.419] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5abbc10 [0100.420] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5abbc10 | out: encoders=0x5abbc10) returned 0x0 [0100.422] LocalFree (hMem=0x5abbc10) returned 0x0 [0100.422] GdipSaveImageToStream (image=0xaf6b780, stream=0x61fdf0, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.460] GdipCreateBitmapFromStream (stream=0x61fdd0, bitmap=0x43dfe0) returned 0x0 [0100.462] GdipImageForceValidation (image=0xafc5fc0) returned 0x0 [0100.463] GdipGetImageRawFormat (image=0xafc5fc0, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.463] GdipBitmapLockBits (bitmap=0xafc5fc0, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x288757c) returned 0x0 [0100.476] GdipBitmapUnlockBits (bitmap=0xafc5fc0, lockedBitmapData=0x288757c) returned 0x0 [0100.477] GdipGetImageWidth (image=0xaf71808, width=0x43dfd8) returned 0x0 [0100.477] GdipGetImageHeight (image=0xaf71808, height=0x43dfd8) returned 0x0 [0100.477] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.477] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5acbd58 [0100.477] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5acbd58 | out: encoders=0x5acbd58) returned 0x0 [0100.478] LocalFree (hMem=0x5acbd58) returned 0x0 [0100.478] GdipSaveImageToStream (image=0xaf71808, stream=0x61fdb0, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.504] GdipCreateBitmapFromStream (stream=0x61fd90, bitmap=0x43dfe0) returned 0x0 [0100.506] GdipImageForceValidation (image=0xafcbdd0) returned 0x0 [0100.509] GdipGetImageRawFormat (image=0xafcbdd0, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.509] GdipBitmapLockBits (bitmap=0xafcbdd0, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x28ac418) returned 0x0 [0100.522] GdipBitmapUnlockBits (bitmap=0xafcbdd0, lockedBitmapData=0x28ac418) returned 0x0 [0100.522] GdipGetImageWidth (image=0xaf77890, width=0x43dfd8) returned 0x0 [0100.522] GdipGetImageHeight (image=0xaf77890, height=0x43dfd8) returned 0x0 [0100.522] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.522] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5adc038 [0100.522] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5adc038 | out: encoders=0x5adc038) returned 0x0 [0100.523] LocalFree (hMem=0x5adc038) returned 0x0 [0100.524] GdipSaveImageToStream (image=0xaf77890, stream=0x61fd70, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.551] GdipCreateBitmapFromStream (stream=0x61fd50, bitmap=0x43dfe0) returned 0x0 [0100.553] GdipImageForceValidation (image=0xafcc118) returned 0x0 [0100.554] GdipGetImageRawFormat (image=0xafcc118, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.554] GdipBitmapLockBits (bitmap=0xafcc118, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x28c1ef0) returned 0x0 [0100.567] GdipBitmapUnlockBits (bitmap=0xafcc118, lockedBitmapData=0x28c1ef0) returned 0x0 [0100.568] GdipGetImageWidth (image=0xaf7d918, width=0x43dfd8) returned 0x0 [0100.568] GdipGetImageHeight (image=0xaf7d918, height=0x43dfd8) returned 0x0 [0100.568] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.568] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aec288 [0100.569] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aec288 | out: encoders=0x5aec288) returned 0x0 [0100.569] LocalFree (hMem=0x5aec288) returned 0x0 [0100.570] GdipSaveImageToStream (image=0xaf7d918, stream=0x61fd30, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.596] GdipCreateBitmapFromStream (stream=0x61fd10, bitmap=0x43dfe0) returned 0x0 [0100.598] GdipImageForceValidation (image=0xafcc460) returned 0x0 [0100.601] GdipGetImageRawFormat (image=0xafcc460, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.601] GdipBitmapLockBits (bitmap=0xafcc460, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x28d7dc4) returned 0x0 [0100.613] GdipBitmapUnlockBits (bitmap=0xafcc460, lockedBitmapData=0x28d7dc4) returned 0x0 [0100.613] GdipGetImageWidth (image=0xaf839a0, width=0x43dfd8) returned 0x0 [0100.613] GdipGetImageHeight (image=0xaf839a0, height=0x43dfd8) returned 0x0 [0100.613] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.613] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5afc628 [0100.613] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5afc628 | out: encoders=0x5afc628) returned 0x0 [0100.614] LocalFree (hMem=0x5afc628) returned 0x0 [0100.615] GdipSaveImageToStream (image=0xaf839a0, stream=0x61fcf0, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.641] GdipCreateBitmapFromStream (stream=0x61fcd0, bitmap=0x43dfe0) returned 0x0 [0100.643] GdipImageForceValidation (image=0xafcc7a8) returned 0x0 [0100.644] GdipGetImageRawFormat (image=0xafcc7a8, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.644] GdipBitmapLockBits (bitmap=0xafcc7a8, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x28edb60) returned 0x0 [0100.656] GdipBitmapUnlockBits (bitmap=0xafcc7a8, lockedBitmapData=0x28edb60) returned 0x0 [0100.656] GdipGetImageWidth (image=0xaf89a28, width=0x43dfd8) returned 0x0 [0100.656] GdipGetImageHeight (image=0xaf89a28, height=0x43dfd8) returned 0x0 [0100.656] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.656] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5b0c960 [0100.657] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5b0c960 | out: encoders=0x5b0c960) returned 0x0 [0100.657] LocalFree (hMem=0x5b0c960) returned 0x0 [0100.658] GdipSaveImageToStream (image=0xaf89a28, stream=0x61fcb0, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.682] GdipCreateBitmapFromStream (stream=0x61fc90, bitmap=0x43dfe0) returned 0x0 [0100.683] GdipImageForceValidation (image=0xafccaf0) returned 0x0 [0100.687] GdipGetImageRawFormat (image=0xafccaf0, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.687] GdipBitmapLockBits (bitmap=0xafccaf0, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x29038fc) returned 0x0 [0100.698] GdipBitmapUnlockBits (bitmap=0xafccaf0, lockedBitmapData=0x29038fc) returned 0x0 [0100.698] GdipGetImageWidth (image=0xaf8fab0, width=0x43dfd8) returned 0x0 [0100.699] GdipGetImageHeight (image=0xaf8fab0, height=0x43dfd8) returned 0x0 [0100.699] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.699] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5b1d188 [0100.699] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5b1d188 | out: encoders=0x5b1d188) returned 0x0 [0100.700] LocalFree (hMem=0x5b1d188) returned 0x0 [0100.700] GdipSaveImageToStream (image=0xaf8fab0, stream=0x61fc70, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.723] GdipCreateBitmapFromStream (stream=0x61fc50, bitmap=0x43dfe0) returned 0x0 [0100.725] GdipImageForceValidation (image=0xafcce38) returned 0x0 [0100.726] GdipGetImageRawFormat (image=0xafcce38, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.726] GdipBitmapLockBits (bitmap=0xafcce38, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x291977c) returned 0x0 [0100.740] GdipBitmapUnlockBits (bitmap=0xafcce38, lockedBitmapData=0x291977c) returned 0x0 [0100.743] GdipGetImageWidth (image=0xaf95b38, width=0x43dfd8) returned 0x0 [0100.743] GdipGetImageHeight (image=0xaf95b38, height=0x43dfd8) returned 0x0 [0100.743] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.743] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5b2d048 [0100.743] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5b2d048 | out: encoders=0x5b2d048) returned 0x0 [0100.783] LocalFree (hMem=0x5b2d048) returned 0x0 [0100.783] GdipSaveImageToStream (image=0xaf95b38, stream=0x61fc30, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.849] GdipCreateBitmapFromStream (stream=0x61fe70, bitmap=0x43dfe0) returned 0x0 [0100.851] GdipImageForceValidation (image=0xafccaf0) returned 0x0 [0100.852] GdipGetImageRawFormat (image=0xafccaf0, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.852] GdipBitmapLockBits (bitmap=0xafccaf0, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x27a8c7c) returned 0x0 [0100.864] GdipBitmapUnlockBits (bitmap=0xafccaf0, lockedBitmapData=0x27a8c7c) returned 0x0 [0100.864] GdipGetImageWidth (image=0xaf9c3c0, width=0x43dfd8) returned 0x0 [0100.864] GdipGetImageHeight (image=0xaf9c3c0, height=0x43dfd8) returned 0x0 [0100.864] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.864] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5b2d048 [0100.864] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5b2d048 | out: encoders=0x5b2d048) returned 0x0 [0100.865] LocalFree (hMem=0x5b2d048) returned 0x0 [0100.865] GdipSaveImageToStream (image=0xaf9c3c0, stream=0x61fe30, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.890] GdipCreateBitmapFromStream (stream=0x61fdf0, bitmap=0x43dfe0) returned 0x0 [0100.893] GdipImageForceValidation (image=0xafcbdd0) returned 0x0 [0100.894] GdipGetImageRawFormat (image=0xafcbdd0, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.894] GdipBitmapLockBits (bitmap=0xafcbdd0, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x27beb2c) returned 0x0 [0100.905] GdipBitmapUnlockBits (bitmap=0xafcbdd0, lockedBitmapData=0x27beb2c) returned 0x0 [0100.906] GdipGetImageWidth (image=0xafa2448, width=0x43dfd8) returned 0x0 [0100.906] GdipGetImageHeight (image=0xafa2448, height=0x43dfd8) returned 0x0 [0100.906] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.906] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aa1ce8 [0100.906] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aa1ce8 | out: encoders=0x5aa1ce8) returned 0x0 [0100.907] LocalFree (hMem=0x5aa1ce8) returned 0x0 [0100.907] GdipSaveImageToStream (image=0xafa2448, stream=0x61fdb0, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.932] GdipCreateBitmapFromStream (stream=0x61fd70, bitmap=0x43dfe0) returned 0x0 [0100.933] GdipImageForceValidation (image=0xafcc118) returned 0x0 [0100.934] GdipGetImageRawFormat (image=0xafcc118, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.934] GdipBitmapLockBits (bitmap=0xafcc118, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x27d4a00) returned 0x0 [0100.946] GdipBitmapUnlockBits (bitmap=0xafcc118, lockedBitmapData=0x27d4a00) returned 0x0 [0100.947] GdipGetImageWidth (image=0xafaa440, width=0x43dfd8) returned 0x0 [0100.947] GdipGetImageHeight (image=0xafaa440, height=0x43dfd8) returned 0x0 [0100.947] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.947] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aa1f88 [0100.947] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aa1f88 | out: encoders=0x5aa1f88) returned 0x0 [0100.948] LocalFree (hMem=0x5aa1f88) returned 0x0 [0100.948] GdipSaveImageToStream (image=0xafaa440, stream=0x61fd30, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0100.975] GdipCreateBitmapFromStream (stream=0x61fcf0, bitmap=0x43dfe0) returned 0x0 [0100.976] GdipImageForceValidation (image=0xafcc460) returned 0x0 [0100.977] GdipGetImageRawFormat (image=0xafcc460, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0100.977] GdipBitmapLockBits (bitmap=0xafcc460, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x27ea8c8) returned 0x0 [0100.989] GdipBitmapUnlockBits (bitmap=0xafcc460, lockedBitmapData=0x27ea8c8) returned 0x0 [0100.990] GdipGetImageWidth (image=0xafb0438, width=0x43dfd8) returned 0x0 [0100.990] GdipGetImageHeight (image=0xafb0438, height=0x43dfd8) returned 0x0 [0100.990] GdipGetImageEncodersSize (numEncoders=0x43df8c, size=0x43df88) returned 0x0 [0100.990] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aa2228 [0100.990] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aa2228 | out: encoders=0x5aa2228) returned 0x0 [0100.991] LocalFree (hMem=0x5aa2228) returned 0x0 [0100.991] GdipSaveImageToStream (image=0xafb0438, stream=0x61fcb0, clsidEncoder=0x43df9c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0101.018] GdipCreateBitmapFromStream (stream=0x61fc70, bitmap=0x43dfe0) returned 0x0 [0101.019] GdipImageForceValidation (image=0xafcc7a8) returned 0x0 [0101.020] GdipGetImageRawFormat (image=0xafcc7a8, format=0x43df54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0101.020] GdipBitmapLockBits (bitmap=0xafcc7a8, rect=0x43df74, flags=0x3, format=0x21808, lockedBitmapData=0x27febb8) returned 0x0 [0101.032] GdipBitmapUnlockBits (bitmap=0xafcc7a8, lockedBitmapData=0x27febb8) returned 0x0 [0101.361] CoTaskMemAlloc (cb=0x20c) returned 0x5aa63b0 [0101.361] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x5aa63b0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0101.361] CoTaskMemFree (pv=0x5aa63b0) [0101.361] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x43d630, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0101.363] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x43d644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26 [0101.471] CoCreateGuid (in: pguid=0x43d378 | out: pguid=0x43d378*(Data1=0x758f5838, Data2=0xcb42, Data3=0x4d03, Data4=([0]=0x9b, [1]=0x4c, [2]=0xe0, [3]=0xd1, [4]=0x34, [5]=0x8c, [6]=0xd8, [7]=0x72))) returned 0x0 [0101.474] CoCreateGuid (in: pguid=0x43d378 | out: pguid=0x43d378*(Data1=0xa6716029, Data2=0x82e2, Data3=0x4418, Data4=([0]=0xb3, [1]=0x44, [2]=0xcb, [3]=0x91, [4]=0x3d, [5]=0x47, [6]=0xf7, [7]=0xb))) returned 0x0 [0101.474] CoCreateGuid (in: pguid=0x43d378 | out: pguid=0x43d378*(Data1=0xa344f417, Data2=0x69fd, Data3=0x437d, Data4=([0]=0xb6, [1]=0xdf, [2]=0x1, [3]=0x4e, [4]=0x1f, [5]=0x52, [6]=0x36, [7]=0xb6))) returned 0x0 [0101.477] CoCreateGuid (in: pguid=0x43d378 | out: pguid=0x43d378*(Data1=0x554b4351, Data2=0xbc41, Data3=0x4dbd, Data4=([0]=0xbd, [1]=0x4c, [2]=0x1a, [3]=0x75, [4]=0xa9, [5]=0xbe, [6]=0xfc, [7]=0x7f))) returned 0x0 [0102.054] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43d59c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0102.055] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43d560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0102.056] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43d554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0102.056] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43d554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0102.056] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43d794) returned 1 [0102.056] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe"), fInfoLevelId=0x0, lpFileInformation=0x43da58 | out: lpFileInformation=0x43da58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600)) returned 1 [0102.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d790) returned 1 [0102.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43da30) returned 1 [0102.057] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x43d510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0102.058] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe"), lpFindFileData=0x43d7e0 | out: lpFindFileData=0x43d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", cAlternateFileName="18F7C9~1.EXE")) returned 0x5531ad8 [0102.060] FindNextFileW (in: hFindFile=0x5531ad8, lpFindFileData=0x43d7e8 | out: lpFindFileData=0x43d7e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.060] FindClose (in: hFindFile=0x5531ad8 | out: hFindFile=0x5531ad8) returned 1 [0102.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d7a0) returned 1 [0102.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43da00) returned 1 [0102.061] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x43d59c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0102.061] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x43d560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0102.061] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x43d554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0102.061] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x43d554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0102.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43d794) returned 1 [0102.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), fInfoLevelId=0x0, lpFileInformation=0x43da58 | out: lpFileInformation=0x43da58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0102.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d790) returned 1 [0102.061] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x43d54c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0102.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43d788) returned 1 [0102.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), fInfoLevelId=0x0, lpFileInformation=0x43da4c | out: lpFileInformation=0x43da4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0102.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d784) returned 1 [0102.062] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43d52c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0102.062] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x43d52c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0102.062] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", nBufferLength=0x105, lpBuffer=0x43d590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe", lpFilePart=0x0) returned 0x5f [0102.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43d7d0) returned 1 [0102.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe"), fInfoLevelId=0x0, lpFileInformation=0x43da94 | out: lpFileInformation=0x43da94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600)) returned 1 [0102.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d7cc) returned 1 [0102.062] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x43d588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0102.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43d7c4) returned 1 [0102.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), fInfoLevelId=0x0, lpFileInformation=0x43da88 | out: lpFileInformation=0x43da88*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0102.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d7c0) returned 1 [0102.063] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x43d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0102.063] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x43d590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0102.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x43d758) returned 1 [0102.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp"), fInfoLevelId=0x0, lpFileInformation=0x43da1c | out: lpFileInformation=0x43da1c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x18d27020, ftLastAccessTime.dwHighDateTime=0x1d8a136, ftLastWriteTime.dwLowDateTime=0x18d27020, ftLastWriteTime.dwHighDateTime=0x1d8a136, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0102.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x43d754) returned 1 [0102.067] MoveFileExW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\18f7c9fcf55206644996038b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), dwFlags=0xb) returned 1 [0102.092] LocalAlloc (uFlags=0x0, uBytes=0x62) returned 0x5494598 [0102.094] ShellExecuteExW (in: pExecInfo=0x2809de8*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2809de8*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x6f8)) returned 1 [0108.729] LocalFree (hMem=0x5494598) returned 0x0 [0108.747] CoGetContextToken (in: pToken=0x43d9c4 | out: pToken=0x43d9c4) returned 0x0 [0108.747] CObjectContext::QueryInterface () returned 0x0 [0108.747] CObjectContext::GetCurrentThreadType () returned 0x0 [0108.747] Release () returned 0x0 [0108.795] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x1f4180*=0xac, lpdwindex=0x43d874 | out: lpdwindex=0x43d874) returned 0x0 Thread: id = 2 os_tid = 0xfc4 Thread: id = 3 os_tid = 0xfc8 [0061.076] CoGetContextToken (in: pToken=0x102f98c | out: pToken=0x102f98c) returned 0x800401f0 [0061.076] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0083.783] CertCloseStore (hCertStore=0x26cdd0, dwFlags=0x0) returned 1 [0083.783] CertFreeCRLContext (pCrlContext=0x28be00) returned 1 [0083.783] CertFreeCRLContext (pCrlContext=0x555aec8) returned 1 [0083.784] CertFreeCRLContext (pCrlContext=0x28be00) returned 1 [0083.784] CertFreeCRLContext (pCrlContext=0x28be50) returned 1 [0083.784] CertFreeCRLContext (pCrlContext=0x28bea0) returned 1 [0083.785] CertFreeCRLContext (pCrlContext=0x555af18) returned 1 [0083.785] CertFreeCRLContext (pCrlContext=0x555ae28) returned 1 [0100.797] GdipDisposeImage (image=0xafcc7a8) returned 0x0 [0100.799] GdipDisposeImage (image=0xafcc460) returned 0x0 [0100.800] GdipDisposeImage (image=0xafcc118) returned 0x0 [0100.800] GdipDisposeImage (image=0xafcbdd0) returned 0x0 [0100.801] GdipDisposeImage (image=0xafc5fc0) returned 0x0 [0100.801] GdipDisposeImage (image=0xafbe1c8) returned 0x0 [0100.807] GdipDisposeImage (image=0xafb8300) returned 0x0 [0100.810] GdipDisposeImage (image=0xafccaf0) returned 0x0 [0108.973] EtwEventUnregister () returned 0x0 [0108.973] EtwEventUnregister () returned 0x0 [0108.974] SetWindowLongW (hWnd=0x701be, nIndex=-4, dwNewLong=1998071261) returned 83757070 [0108.976] SetClassLongW (hWnd=0x701be, nIndex=-24, dwNewLong=1998071261) returned 0x4fe07e6 [0108.977] PostMessageW (hWnd=0x701be, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0108.978] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0108.979] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", hInstance=0x11e0000) returned 0 [0108.982] IsWindow (hWnd=0x40064) returned 1 [0108.983] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74f70000 [0108.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x102f70c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWíoÇ;G$DþÅq\x8cù\x02\x01\x01", lpUsedDefaultChar=0x0) returned 14 [0108.984] GetProcAddress (hModule=0x74f70000, lpProcName="DefWindowProcW") returned 0x771825dd [0108.986] SetWindowLongW (hWnd=0x40064, nIndex=-4, dwNewLong=1998071261) returned 83757150 [0108.987] SetClassLongW (hWnd=0x40064, nIndex=-24, dwNewLong=1998071261) returned 0x4fe085e [0108.987] IsWindow (hWnd=0x40064) returned 1 [0108.987] DestroyWindow (hWnd=0x40064) returned 0 [0108.987] PostMessageW (hWnd=0x40064, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0108.987] SetConsoleCtrlHandler (HandlerRoutine=0x4fe0836, Add=0) returned 1 [0108.994] GdipDisposeImage (image=0xafcc7a8) returned 0x0 [0108.996] GdipDisposeImage (image=0xafcc460) returned 0x0 [0108.996] GdipDisposeImage (image=0xafcc118) returned 0x0 [0109.006] GdipDisposeImage (image=0xafcbdd0) returned 0x0 [0109.007] GdipDisposeImage (image=0xafccaf0) returned 0x0 [0109.028] GdipDisposeImage (image=0xacc4d48) returned 0x0 [0109.030] GdipDisposeImage (image=0xafcce38) returned 0x0 [0109.036] GdipDisposeImage (image=0xafb0438) returned 0x0 [0109.038] GdipDisposeImage (image=0xafaa440) returned 0x0 [0109.040] GdipDisposeImage (image=0xafa2448) returned 0x0 [0109.044] GdipDisposeImage (image=0xaf9c3c0) returned 0x0 [0109.047] GdipDisposeImage (image=0xaf95b38) returned 0x0 [0109.051] GdipDisposeImage (image=0xaf8fab0) returned 0x0 [0109.054] GdipDisposeImage (image=0xaf89a28) returned 0x0 [0109.057] GdipDisposeImage (image=0xaf839a0) returned 0x0 [0109.059] GdipDisposeImage (image=0xaf7d918) returned 0x0 [0109.060] GdipDisposeImage (image=0xaf77890) returned 0x0 [0109.061] GdipDisposeImage (image=0xaf71808) returned 0x0 [0109.064] GdipDisposeImage (image=0xaf6b780) returned 0x0 [0109.065] GdipDisposeImage (image=0xacc5610) returned 0x0 [0109.071] GdipDeletePen (pen=0xacb4f80) returned 0x0 [0109.083] GdipDeleteBrush (brush=0xaf1b6d0) returned 0x0 [0109.084] GdipDeleteFont (font=0xad90e68) returned 0x0 [0109.092] CloseHandle (hObject=0x598) returned 1 [0109.101] setsockopt (s=0x364, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0109.102] closesocket (s=0x364) returned 0 [0109.107] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0109.107] closesocket (s=0x27c) returned 0 [0109.107] CloseHandle (hObject=0x280) returned 1 [0109.108] setsockopt (s=0x378, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0109.108] closesocket (s=0x378) returned 0 [0109.109] CloseHandle (hObject=0x37c) returned 1 [0109.109] WinHttpCloseHandle (hInternet=0x26b1e8) returned 1 [0109.110] setsockopt (s=0x36c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0109.110] closesocket (s=0x36c) returned 0 [0109.111] CloseHandle (hObject=0x374) returned 1 [0109.111] CloseHandle (hObject=0x2c4) returned 1 [0109.111] CloseHandle (hObject=0x2c0) returned 1 [0109.112] RegCloseKey (hKey=0x2bc) returned 0x0 [0109.112] CloseHandle (hObject=0x2b8) returned 1 [0109.112] RegCloseKey (hKey=0x2b4) returned 0x0 [0109.113] CloseHandle (hObject=0x2b0) returned 1 [0109.113] RegCloseKey (hKey=0x80000004) returned 0x0 [0109.114] RegCloseKey (hKey=0x2ac) returned 0x0 [0109.114] RegCloseKey (hKey=0x2a8) returned 0x0 [0109.115] CloseHandle (hObject=0x290) returned 1 [0109.116] FreeCredentialsHandle (phCredential=0x26c42e8) returned 0x0 [0109.117] DeleteSecurityContext (phContext=0x26c4494) returned 0x0 [0109.118] CloseHandle (hObject=0x6f8) returned 1 [0109.119] CloseHandle (hObject=0x1f0) returned 1 [0109.119] UnmapViewOfFile (lpBaseAddress=0x2e0000) returned 1 [0109.120] setsockopt (s=0x284, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0109.120] closesocket (s=0x284) returned 0 [0109.121] CloseHandle (hObject=0x288) returned 1 Thread: id = 4 os_tid = 0xfcc Thread: id = 5 os_tid = 0xfd8 Thread: id = 6 os_tid = 0xfdc Thread: id = 7 os_tid = 0xfe0 Thread: id = 8 os_tid = 0xfe4 [0075.092] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0075.109] ResetEvent (hEvent=0x40) returned 1 Thread: id = 9 os_tid = 0xfe8 Thread: id = 10 os_tid = 0xfec Thread: id = 66 os_tid = 0xff0 Thread: id = 67 os_tid = 0xff4 [0086.150] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 68 os_tid = 0xff8 [0086.179] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 69 os_tid = 0xffc Thread: id = 70 os_tid = 0xa8c Thread: id = 72 os_tid = 0xa98 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6d3a000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1c4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d8ed" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 456 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 457 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 458 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 459 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 460 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 461 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 462 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 463 start_va = 0x80000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 464 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 465 start_va = 0x190000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 466 start_va = 0x210000 end_va = 0x276fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 467 start_va = 0x280000 end_va = 0x280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 468 start_va = 0x290000 end_va = 0x290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 469 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 470 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 471 start_va = 0x2c0000 end_va = 0x2c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 472 start_va = 0x2d0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 473 start_va = 0x2e0000 end_va = 0x2f9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 474 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 475 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 476 start_va = 0x320000 end_va = 0x32cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 477 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 478 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 479 start_va = 0x440000 end_va = 0x5c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 480 start_va = 0x5d0000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 481 start_va = 0x760000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 482 start_va = 0x820000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 483 start_va = 0x8a0000 end_va = 0x8a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 484 start_va = 0x8b0000 end_va = 0x8b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 485 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 486 start_va = 0x8d0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 487 start_va = 0x8e0000 end_va = 0x8e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 488 start_va = 0x8f0000 end_va = 0x8f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 489 start_va = 0x900000 end_va = 0x901fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 490 start_va = 0x910000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 491 start_va = 0x990000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 492 start_va = 0x9c0000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 493 start_va = 0xa40000 end_va = 0xa43fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 494 start_va = 0xa50000 end_va = 0xab5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 495 start_va = 0xac0000 end_va = 0xacdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 496 start_va = 0xad0000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 497 start_va = 0xb50000 end_va = 0xe1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 498 start_va = 0xe20000 end_va = 0xe27fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 499 start_va = 0xe30000 end_va = 0xe30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 500 start_va = 0xe40000 end_va = 0xe5bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 501 start_va = 0xe60000 end_va = 0xe60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e60000" filename = "" Region: id = 502 start_va = 0xe70000 end_va = 0xe70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 503 start_va = 0xe80000 end_va = 0xe80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e80000" filename = "" Region: id = 504 start_va = 0xe90000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 505 start_va = 0xf10000 end_va = 0xf17fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 506 start_va = 0xf20000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 507 start_va = 0xf30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 508 start_va = 0xf40000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 509 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 510 start_va = 0xfd0000 end_va = 0xfd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 511 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 512 start_va = 0x1060000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 513 start_va = 0x1070000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001070000" filename = "" Region: id = 514 start_va = 0x1080000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001080000" filename = "" Region: id = 515 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001090000" filename = "" Region: id = 516 start_va = 0x10a0000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010a0000" filename = "" Region: id = 517 start_va = 0x10b0000 end_va = 0x10bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010b0000" filename = "" Region: id = 518 start_va = 0x10c0000 end_va = 0x10c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 519 start_va = 0x10d0000 end_va = 0x10d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 520 start_va = 0x10e0000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 521 start_va = 0x1160000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 522 start_va = 0x1170000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 523 start_va = 0x11f0000 end_va = 0x11f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 524 start_va = 0x1200000 end_va = 0x120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 525 start_va = 0x1210000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 526 start_va = 0x1290000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001290000" filename = "" Region: id = 527 start_va = 0x12a0000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 528 start_va = 0x1320000 end_va = 0x132ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 529 start_va = 0x1330000 end_va = 0x133ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 530 start_va = 0x1340000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 531 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 532 start_va = 0x13d0000 end_va = 0x13d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 533 start_va = 0x13e0000 end_va = 0x13effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 534 start_va = 0x13f0000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 535 start_va = 0x1400000 end_va = 0x1407fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 536 start_va = 0x1410000 end_va = 0x148ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 537 start_va = 0x1490000 end_va = 0x149ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001490000" filename = "" Region: id = 538 start_va = 0x14a0000 end_va = 0x14affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014a0000" filename = "" Region: id = 539 start_va = 0x14b0000 end_va = 0x14bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014b0000" filename = "" Region: id = 540 start_va = 0x14c0000 end_va = 0x14cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014c0000" filename = "" Region: id = 541 start_va = 0x14d0000 end_va = 0x14dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014d0000" filename = "" Region: id = 542 start_va = 0x14e0000 end_va = 0x14effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014e0000" filename = "" Region: id = 543 start_va = 0x14f0000 end_va = 0x156ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 544 start_va = 0x1570000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001570000" filename = "" Region: id = 545 start_va = 0x1580000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 546 start_va = 0x1600000 end_va = 0x167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 547 start_va = 0x16f0000 end_va = 0x176ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016f0000" filename = "" Region: id = 548 start_va = 0x1770000 end_va = 0x17affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001770000" filename = "" Region: id = 549 start_va = 0x17b0000 end_va = 0x17effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017b0000" filename = "" Region: id = 550 start_va = 0x1800000 end_va = 0x187ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 551 start_va = 0x1890000 end_va = 0x190ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001890000" filename = "" Region: id = 552 start_va = 0x1930000 end_va = 0x19affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001930000" filename = "" Region: id = 553 start_va = 0x19c0000 end_va = 0x1a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019c0000" filename = "" Region: id = 554 start_va = 0x1ab0000 end_va = 0x1b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ab0000" filename = "" Region: id = 555 start_va = 0x1b30000 end_va = 0x1baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 556 start_va = 0x1bb0000 end_va = 0x1caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 557 start_va = 0x1cb0000 end_va = 0x1daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 558 start_va = 0x1e20000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 559 start_va = 0x1ea0000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 560 start_va = 0x1f30000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 561 start_va = 0x1fd0000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 562 start_va = 0x2070000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 563 start_va = 0x2120000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 564 start_va = 0x21e0000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 565 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 566 start_va = 0x22f0000 end_va = 0x23effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022f0000" filename = "" Region: id = 567 start_va = 0x24b0000 end_va = 0x252ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 568 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 569 start_va = 0x2660000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 570 start_va = 0x2670000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 571 start_va = 0x2770000 end_va = 0x27effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 572 start_va = 0x2800000 end_va = 0x280ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 573 start_va = 0x28c0000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 574 start_va = 0x2940000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 575 start_va = 0x2a70000 end_va = 0x2aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 576 start_va = 0x2b10000 end_va = 0x2b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 577 start_va = 0x2b90000 end_va = 0x2c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b90000" filename = "" Region: id = 578 start_va = 0x2c50000 end_va = 0x2ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 579 start_va = 0x2d40000 end_va = 0x2dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 580 start_va = 0x2dc0000 end_va = 0x2fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dc0000" filename = "" Region: id = 581 start_va = 0x2fc0000 end_va = 0x30bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 582 start_va = 0x3120000 end_va = 0x319ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 583 start_va = 0x31e0000 end_va = 0x325ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 584 start_va = 0x3280000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 585 start_va = 0x3300000 end_va = 0x337ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 586 start_va = 0x34c0000 end_va = 0x353ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034c0000" filename = "" Region: id = 587 start_va = 0x3540000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 588 start_va = 0x35d0000 end_va = 0x364ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 589 start_va = 0x36b0000 end_va = 0x372ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036b0000" filename = "" Region: id = 590 start_va = 0x3730000 end_va = 0x37affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003730000" filename = "" Region: id = 591 start_va = 0x37e0000 end_va = 0x385ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 592 start_va = 0x38f0000 end_va = 0x396ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038f0000" filename = "" Region: id = 593 start_va = 0x39b0000 end_va = 0x3a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039b0000" filename = "" Region: id = 594 start_va = 0x3a90000 end_va = 0x3b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a90000" filename = "" Region: id = 595 start_va = 0x3b10000 end_va = 0x3f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 596 start_va = 0x3f30000 end_va = 0x3faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f30000" filename = "" Region: id = 597 start_va = 0x4020000 end_va = 0x409ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004020000" filename = "" Region: id = 598 start_va = 0x40b0000 end_va = 0x412ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 599 start_va = 0x4180000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 600 start_va = 0x4200000 end_va = 0x427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 601 start_va = 0x42d0000 end_va = 0x434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 602 start_va = 0x43a0000 end_va = 0x441ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 603 start_va = 0x44a0000 end_va = 0x451ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044a0000" filename = "" Region: id = 604 start_va = 0x4590000 end_va = 0x460ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 605 start_va = 0x4630000 end_va = 0x46affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004630000" filename = "" Region: id = 606 start_va = 0x46b0000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 607 start_va = 0x4730000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 608 start_va = 0x49d0000 end_va = 0x4a8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 609 start_va = 0x4b10000 end_va = 0x4b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 610 start_va = 0x4c40000 end_va = 0x4cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 611 start_va = 0x4cc0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cc0000" filename = "" Region: id = 612 start_va = 0x4dc0000 end_va = 0x4ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 613 start_va = 0x4ec0000 end_va = 0x4fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ec0000" filename = "" Region: id = 614 start_va = 0x4fc0000 end_va = 0x50bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fc0000" filename = "" Region: id = 615 start_va = 0x50c0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050c0000" filename = "" Region: id = 616 start_va = 0x51c0000 end_va = 0x52bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 617 start_va = 0x52c0000 end_va = 0x62bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 618 start_va = 0x63b0000 end_va = 0x642ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 619 start_va = 0x6460000 end_va = 0x64dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006460000" filename = "" Region: id = 620 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 621 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 622 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 623 start_va = 0x77140000 end_va = 0x77146fff monitored = 0 entry_point = 0x7714106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 624 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 625 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 626 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 627 start_va = 0xff870000 end_va = 0xff87afff monitored = 0 entry_point = 0xff87246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 628 start_va = 0x7fef0530000 end_va = 0x7fef0782fff monitored = 0 entry_point = 0x7fef053236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 629 start_va = 0x7fef1100000 end_va = 0x7fef111cfff monitored = 0 entry_point = 0x7fef1102f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 630 start_va = 0x7fef14d0000 end_va = 0x7fef1514fff monitored = 0 entry_point = 0x7fef1503644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 631 start_va = 0x7fef15f0000 end_va = 0x7fef1601fff monitored = 0 entry_point = 0x7fef15f90bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 632 start_va = 0x7fef1730000 end_va = 0x7fef173efff monitored = 0 entry_point = 0x7fef1739a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 633 start_va = 0x7fef1d80000 end_va = 0x7fef1ff9fff monitored = 0 entry_point = 0x7fef1db2200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 634 start_va = 0x7fef2000000 end_va = 0x7fef2019fff monitored = 0 entry_point = 0x7fef2011ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 635 start_va = 0x7fef2290000 end_va = 0x7fef22d1fff monitored = 0 entry_point = 0x7fef22c0048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 636 start_va = 0x7fef3710000 end_va = 0x7fef371efff monitored = 0 entry_point = 0x7fef3716894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 637 start_va = 0x7fef3810000 end_va = 0x7fef382bfff monitored = 0 entry_point = 0x7fef38111a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 638 start_va = 0x7fef3830000 end_va = 0x7fef3891fff monitored = 0 entry_point = 0x7fef3831198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 639 start_va = 0x7fef38a0000 end_va = 0x7fef38d9fff monitored = 0 entry_point = 0x7fef38a1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 640 start_va = 0x7fef3fb0000 end_va = 0x7fef4081fff monitored = 0 entry_point = 0x7fef4041a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 641 start_va = 0x7fef4630000 end_va = 0x7fef4644fff monitored = 0 entry_point = 0x7fef4631020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 642 start_va = 0x7fef49c0000 end_va = 0x7fef4aadfff monitored = 0 entry_point = 0x7fef49c12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 643 start_va = 0x7fef6250000 end_va = 0x7fef625bfff monitored = 0 entry_point = 0x7fef625602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 644 start_va = 0x7fef6670000 end_va = 0x7fef6677fff monitored = 0 entry_point = 0x7fef6671414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 645 start_va = 0x7fef6680000 end_va = 0x7fef66f0fff monitored = 0 entry_point = 0x7fef66c51d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 646 start_va = 0x7fef6700000 end_va = 0x7fef6711fff monitored = 0 entry_point = 0x7fef67089d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 647 start_va = 0x7fef6720000 end_va = 0x7fef67d4fff monitored = 0 entry_point = 0x7fef679cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 648 start_va = 0x7fef67e0000 end_va = 0x7fef67f8fff monitored = 0 entry_point = 0x7fef67e1104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 649 start_va = 0x7fef6800000 end_va = 0x7fef684ffff monitored = 0 entry_point = 0x7fef6801190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 650 start_va = 0x7fef6850000 end_va = 0x7fef6857fff monitored = 0 entry_point = 0x7fef6851020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 651 start_va = 0x7fef6860000 end_va = 0x7fef68b9fff monitored = 0 entry_point = 0x7fef689dde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 652 start_va = 0x7fef68c0000 end_va = 0x7fef68e0fff monitored = 0 entry_point = 0x7fef68d03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 653 start_va = 0x7fef68f0000 end_va = 0x7fef695afff monitored = 0 entry_point = 0x7fef6934344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 654 start_va = 0x7fef6960000 end_va = 0x7fef6972fff monitored = 0 entry_point = 0x7fef6961d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 655 start_va = 0x7fef6980000 end_va = 0x7fef69e1fff monitored = 0 entry_point = 0x7fef69bbd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 656 start_va = 0x7fef69f0000 end_va = 0x7fef6b1bfff monitored = 0 entry_point = 0x7fef6aa0ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 657 start_va = 0x7fef6b20000 end_va = 0x7fef6b39fff monitored = 0 entry_point = 0x7fef6b33fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 658 start_va = 0x7fef6b40000 end_va = 0x7fef6bc3fff monitored = 0 entry_point = 0x7fef6b91118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 659 start_va = 0x7fef6bd0000 end_va = 0x7fef6bf4fff monitored = 0 entry_point = 0x7fef6be8c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 660 start_va = 0x7fef6c00000 end_va = 0x7fef6c3cfff monitored = 0 entry_point = 0x7fef6c01070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 661 start_va = 0x7fef6c40000 end_va = 0x7fef6c4dfff monitored = 0 entry_point = 0x7fef6c45500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 662 start_va = 0x7fef6c50000 end_va = 0x7fef6c76fff monitored = 0 entry_point = 0x7fef6c511a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 663 start_va = 0x7fef6c80000 end_va = 0x7fef6d52fff monitored = 0 entry_point = 0x7fef6cf8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 664 start_va = 0x7fef6da0000 end_va = 0x7fef6de6fff monitored = 0 entry_point = 0x7fef6da1040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 665 start_va = 0x7fef6df0000 end_va = 0x7fef6e31fff monitored = 0 entry_point = 0x7fef6df17e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 666 start_va = 0x7fef6e40000 end_va = 0x7fef6ed1fff monitored = 0 entry_point = 0x7fef6eb51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 667 start_va = 0x7fef6ee0000 end_va = 0x7fef6f56fff monitored = 0 entry_point = 0x7fef6f1e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 668 start_va = 0x7fef6f60000 end_va = 0x7fef6f99fff monitored = 0 entry_point = 0x7fef6f7d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 669 start_va = 0x7fef7270000 end_va = 0x7fef7280fff monitored = 0 entry_point = 0x7fef7279e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 670 start_va = 0x7fef7290000 end_va = 0x7fef72f3fff monitored = 0 entry_point = 0x7fef7291254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 671 start_va = 0x7fef7300000 end_va = 0x7fef7370fff monitored = 0 entry_point = 0x7fef7301010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 672 start_va = 0x7fef7410000 end_va = 0x7fef7426fff monitored = 0 entry_point = 0x7fef7411060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 673 start_va = 0x7fef7430000 end_va = 0x7fef75dffff monitored = 0 entry_point = 0x7fef7431010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 674 start_va = 0x7fef85f0000 end_va = 0x7fef8663fff monitored = 0 entry_point = 0x7fef85f66f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 675 start_va = 0x7fef9b00000 end_va = 0x7fef9b1afff monitored = 0 entry_point = 0x7fef9b01198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 676 start_va = 0x7fef9e90000 end_va = 0x7fef9e98fff monitored = 0 entry_point = 0x7fef9e911a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 677 start_va = 0x7fefa0a0000 end_va = 0x7fefa116fff monitored = 0 entry_point = 0x7fefa0aafd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 678 start_va = 0x7fefa120000 end_va = 0x7fefa129fff monitored = 0 entry_point = 0x7fefa12260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 679 start_va = 0x7fefa130000 end_va = 0x7fefa241fff monitored = 0 entry_point = 0x7fefa14f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 680 start_va = 0x7fefa250000 end_va = 0x7fefa25efff monitored = 0 entry_point = 0x7fefa257e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 681 start_va = 0x7fefa260000 end_va = 0x7fefa268fff monitored = 0 entry_point = 0x7fefa263668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 682 start_va = 0x7fefa270000 end_va = 0x7fefa278fff monitored = 0 entry_point = 0x7fefa271020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 683 start_va = 0x7fefa280000 end_va = 0x7fefa2d5fff monitored = 0 entry_point = 0x7fefa281040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 684 start_va = 0x7fefa2e0000 end_va = 0x7fefa33dfff monitored = 0 entry_point = 0x7fefa2e9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 685 start_va = 0x7fefa340000 end_va = 0x7fefa357fff monitored = 0 entry_point = 0x7fefa341bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 686 start_va = 0x7fefa360000 end_va = 0x7fefa370fff monitored = 0 entry_point = 0x7fefa3616ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 687 start_va = 0x7fefa390000 end_va = 0x7fefa3e2fff monitored = 0 entry_point = 0x7fefa392b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 688 start_va = 0x7fefa400000 end_va = 0x7fefa409fff monitored = 0 entry_point = 0x7fefa403994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 689 start_va = 0x7fefa980000 end_va = 0x7fefa993fff monitored = 0 entry_point = 0x7fefa983e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 690 start_va = 0x7fefa9a0000 end_va = 0x7fefa9aafff monitored = 0 entry_point = 0x7fefa9a1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 691 start_va = 0x7fefa9b0000 end_va = 0x7fefa9d6fff monitored = 0 entry_point = 0x7fefa9b98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 692 start_va = 0x7fefa9e0000 end_va = 0x7fefaa46fff monitored = 0 entry_point = 0x7fefa9f6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 693 start_va = 0x7fefaa60000 end_va = 0x7fefaa6afff monitored = 0 entry_point = 0x7fefaa64f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 694 start_va = 0x7fefaa70000 end_va = 0x7fefaa7bfff monitored = 0 entry_point = 0x7fefaa715d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 695 start_va = 0x7fefaa80000 end_va = 0x7fefaa8ffff monitored = 0 entry_point = 0x7fefaa8835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 696 start_va = 0x7fefaa90000 end_va = 0x7fefaaa8fff monitored = 0 entry_point = 0x7fefaa911a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 697 start_va = 0x7fefaab0000 end_va = 0x7fefaae6fff monitored = 0 entry_point = 0x7fefaab8424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 698 start_va = 0x7fefab30000 end_va = 0x7fefab44fff monitored = 0 entry_point = 0x7fefab360d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 699 start_va = 0x7fefab50000 end_va = 0x7fefac11fff monitored = 0 entry_point = 0x7fefab5101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 700 start_va = 0x7fefae30000 end_va = 0x7fefae46fff monitored = 0 entry_point = 0x7fefae39d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 701 start_va = 0x7fefae50000 end_va = 0x7fefae58fff monitored = 0 entry_point = 0x7fefae51010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 702 start_va = 0x7fefaf40000 end_va = 0x7fefaf6cfff monitored = 0 entry_point = 0x7fefaf41010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 703 start_va = 0x7fefaf70000 end_va = 0x7fefaf80fff monitored = 0 entry_point = 0x7fefaf714c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 704 start_va = 0x7fefafd0000 end_va = 0x7fefb040fff monitored = 0 entry_point = 0x7fefb00ecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 705 start_va = 0x7fefb0c0000 end_va = 0x7fefb0d3fff monitored = 0 entry_point = 0x7fefb0c16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 706 start_va = 0x7fefb0e0000 end_va = 0x7fefb0f4fff monitored = 0 entry_point = 0x7fefb0e1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 707 start_va = 0x7fefb100000 end_va = 0x7fefb10bfff monitored = 0 entry_point = 0x7fefb1018a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 708 start_va = 0x7fefb110000 end_va = 0x7fefb125fff monitored = 0 entry_point = 0x7fefb1111a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 709 start_va = 0x7fefb240000 end_va = 0x7fefb250fff monitored = 0 entry_point = 0x7fefb241070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 710 start_va = 0x7fefb3a0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3a1064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 711 start_va = 0x7fefb810000 end_va = 0x7fefb865fff monitored = 0 entry_point = 0x7fefb81bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 712 start_va = 0x7fefb870000 end_va = 0x7fefb99bfff monitored = 0 entry_point = 0x7fefb8794bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 713 start_va = 0x7fefb9a0000 end_va = 0x7fefb9bcfff monitored = 0 entry_point = 0x7fefb9a1ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 714 start_va = 0x7fefb9f0000 end_va = 0x7fefbbe3fff monitored = 0 entry_point = 0x7fefbb7c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 715 start_va = 0x7fefc080000 end_va = 0x7fefc08bfff monitored = 0 entry_point = 0x7fefc081064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 716 start_va = 0x7fefc090000 end_va = 0x7fefc14afff monitored = 0 entry_point = 0x7fefc096de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 717 start_va = 0x7fefc150000 end_va = 0x7fefc156fff monitored = 0 entry_point = 0x7fefc1514b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 718 start_va = 0x7fefc240000 end_va = 0x7fefc25afff monitored = 0 entry_point = 0x7fefc242068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 719 start_va = 0x7fefc260000 end_va = 0x7fefc27dfff monitored = 0 entry_point = 0x7fefc2613b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 720 start_va = 0x7fefc280000 end_va = 0x7fefc291fff monitored = 0 entry_point = 0x7fefc281060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 721 start_va = 0x7fefc2a0000 end_va = 0x7fefc2befff monitored = 0 entry_point = 0x7fefc2a5c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 722 start_va = 0x7fefc370000 end_va = 0x7fefc3a8fff monitored = 0 entry_point = 0x7fefc37c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 723 start_va = 0x7fefc3b0000 end_va = 0x7fefc3b9fff monitored = 0 entry_point = 0x7fefc3b3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 724 start_va = 0x7fefc3c0000 end_va = 0x7fefc3ccfff monitored = 0 entry_point = 0x7fefc3c1348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 725 start_va = 0x7fefc4b0000 end_va = 0x7fefc4f6fff monitored = 0 entry_point = 0x7fefc4b1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 726 start_va = 0x7fefc5a0000 end_va = 0x7fefc5cffff monitored = 0 entry_point = 0x7fefc5a194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 727 start_va = 0x7fefc5d0000 end_va = 0x7fefc62afff monitored = 0 entry_point = 0x7fefc5d6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 728 start_va = 0x7fefc740000 end_va = 0x7fefc746fff monitored = 0 entry_point = 0x7fefc74142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 729 start_va = 0x7fefc750000 end_va = 0x7fefc7a4fff monitored = 0 entry_point = 0x7fefc751054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 730 start_va = 0x7fefc7b0000 end_va = 0x7fefc7c7fff monitored = 0 entry_point = 0x7fefc7b3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 731 start_va = 0x7fefc8c0000 end_va = 0x7fefc8f1fff monitored = 0 entry_point = 0x7fefc8c144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 732 start_va = 0x7fefc900000 end_va = 0x7fefc907fff monitored = 0 entry_point = 0x7fefc902a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 733 start_va = 0x7fefc910000 end_va = 0x7fefc919fff monitored = 0 entry_point = 0x7fefc913b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 734 start_va = 0x7fefc920000 end_va = 0x7fefc941fff monitored = 0 entry_point = 0x7fefc925d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 735 start_va = 0x7fefc9a0000 end_va = 0x7fefc9cefff monitored = 0 entry_point = 0x7fefc9a1064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 736 start_va = 0x7fefc9e0000 end_va = 0x7fefca4cfff monitored = 0 entry_point = 0x7fefc9e1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 737 start_va = 0x7fefca50000 end_va = 0x7fefca63fff monitored = 0 entry_point = 0x7fefca54160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 738 start_va = 0x7fefccb0000 end_va = 0x7fefccd2fff monitored = 0 entry_point = 0x7fefccb1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 739 start_va = 0x7fefcd50000 end_va = 0x7fefcd5afff monitored = 0 entry_point = 0x7fefcd51030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 740 start_va = 0x7fefcd80000 end_va = 0x7fefcda4fff monitored = 0 entry_point = 0x7fefcd89658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 741 start_va = 0x7fefcdb0000 end_va = 0x7fefcdbefff monitored = 0 entry_point = 0x7fefcdb1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 742 start_va = 0x7fefcdc0000 end_va = 0x7fefce50fff monitored = 0 entry_point = 0x7fefcdc1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 743 start_va = 0x7fefce60000 end_va = 0x7fefce9cfff monitored = 0 entry_point = 0x7fefce618f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 744 start_va = 0x7fefcea0000 end_va = 0x7fefceb3fff monitored = 0 entry_point = 0x7fefcea10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 745 start_va = 0x7fefcec0000 end_va = 0x7fefcecefff monitored = 0 entry_point = 0x7fefcec19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 746 start_va = 0x7fefcf60000 end_va = 0x7fefcf6efff monitored = 0 entry_point = 0x7fefcf61020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 747 start_va = 0x7fefcf70000 end_va = 0x7fefd0dcfff monitored = 0 entry_point = 0x7fefcf710b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 748 start_va = 0x7fefd180000 end_va = 0x7fefd1b5fff monitored = 0 entry_point = 0x7fefd181474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 749 start_va = 0x7fefd1c0000 end_va = 0x7fefd22bfff monitored = 0 entry_point = 0x7fefd1c2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 750 start_va = 0x7fefd230000 end_va = 0x7fefd26afff monitored = 0 entry_point = 0x7fefd231324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 751 start_va = 0x7fefd270000 end_va = 0x7fefd289fff monitored = 0 entry_point = 0x7fefd271558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 752 start_va = 0x7fefd310000 end_va = 0x7fefe097fff monitored = 0 entry_point = 0x7fefd38cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 753 start_va = 0x7fefe1d0000 end_va = 0x7fefe2aafff monitored = 0 entry_point = 0x7fefe1f0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 754 start_va = 0x7fefe2d0000 end_va = 0x7fefe2d7fff monitored = 0 entry_point = 0x7fefe2d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 755 start_va = 0x7fefe2e0000 end_va = 0x7fefe331fff monitored = 0 entry_point = 0x7fefe2e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 756 start_va = 0x7fefe4c0000 end_va = 0x7fefe5ecfff monitored = 0 entry_point = 0x7fefe50ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 757 start_va = 0x7fefe5f0000 end_va = 0x7fefe6c6fff monitored = 0 entry_point = 0x7fefe5f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 758 start_va = 0x7fefe770000 end_va = 0x7fefe7d6fff monitored = 0 entry_point = 0x7fefe77b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 759 start_va = 0x7fefe7e0000 end_va = 0x7fefe8a8fff monitored = 0 entry_point = 0x7fefe85a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 760 start_va = 0x7fefe8b0000 end_va = 0x7fefea86fff monitored = 0 entry_point = 0x7fefe8b1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 761 start_va = 0x7fefea90000 end_va = 0x7fefeabdfff monitored = 0 entry_point = 0x7fefea91010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 762 start_va = 0x7fefeac0000 end_va = 0x7fefeb30fff monitored = 0 entry_point = 0x7fefead1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 763 start_va = 0x7fefeb40000 end_va = 0x7fefeb5efff monitored = 0 entry_point = 0x7fefeb460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 764 start_va = 0x7fefeb60000 end_va = 0x7fefebacfff monitored = 0 entry_point = 0x7fefeb61070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 765 start_va = 0x7fefebb0000 end_va = 0x7fefebbdfff monitored = 0 entry_point = 0x7fefebb1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 766 start_va = 0x7fefee20000 end_va = 0x7fefef28fff monitored = 0 entry_point = 0x7fefee21064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 767 start_va = 0x7fefef30000 end_va = 0x7feff132fff monitored = 0 entry_point = 0x7fefef53330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 768 start_va = 0x7feff140000 end_va = 0x7feff1defff monitored = 0 entry_point = 0x7feff1425a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 769 start_va = 0x7feff1e0000 end_va = 0x7feff278fff monitored = 0 entry_point = 0x7feff1e1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 770 start_va = 0x7feff290000 end_va = 0x7feff290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 771 start_va = 0x7fffff44000 end_va = 0x7fffff45fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff44000" filename = "" Region: id = 772 start_va = 0x7fffff46000 end_va = 0x7fffff47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff46000" filename = "" Region: id = 773 start_va = 0x7fffff48000 end_va = 0x7fffff49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff48000" filename = "" Region: id = 774 start_va = 0x7fffff4a000 end_va = 0x7fffff4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4a000" filename = "" Region: id = 775 start_va = 0x7fffff4c000 end_va = 0x7fffff4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4c000" filename = "" Region: id = 776 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 777 start_va = 0x7fffff50000 end_va = 0x7fffff51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 778 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 779 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 780 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 781 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 782 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 783 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 784 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 785 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 786 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 787 start_va = 0x7fffff64000 end_va = 0x7fffff65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 788 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 789 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 790 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 791 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 792 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 793 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 794 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 795 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 796 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 797 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 798 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 799 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 800 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 801 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 802 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 803 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 804 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 805 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 806 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 807 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 808 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 809 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 810 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 811 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 812 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 813 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 814 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 815 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 816 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 817 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 818 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 819 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 820 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 821 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 822 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 823 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 824 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 825 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 826 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 827 start_va = 0x7fffffde000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2181 start_va = 0x7fef0d20000 end_va = 0x7fef0ef3fff monitored = 0 entry_point = 0x7fef0d56b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 2182 start_va = 0x3300000 end_va = 0x352ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2183 start_va = 0x40a0000 end_va = 0x42cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2184 start_va = 0x3300000 end_va = 0x341ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2185 start_va = 0x34b0000 end_va = 0x352ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 2186 start_va = 0x64e0000 end_va = 0x68dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064e0000" filename = "" Region: id = 2187 start_va = 0xe90000 end_va = 0xe90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 2188 start_va = 0xea0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 2189 start_va = 0x7fef63c0000 end_va = 0x7fef643bfff monitored = 0 entry_point = 0x7fef63c11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 2190 start_va = 0x3530000 end_va = 0x36affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 2191 start_va = 0xec0000 end_va = 0xec2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 2192 start_va = 0xed0000 end_va = 0xedffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2193 start_va = 0x1320000 end_va = 0x132ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2194 start_va = 0x1330000 end_va = 0x133ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2195 start_va = 0xed0000 end_va = 0xedffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2196 start_va = 0x1320000 end_va = 0x132ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2197 start_va = 0x1330000 end_va = 0x133ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2198 start_va = 0x3550000 end_va = 0x35cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 2199 start_va = 0x3630000 end_va = 0x36affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003630000" filename = "" Region: id = 2200 start_va = 0x4140000 end_va = 0x41bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 2201 start_va = 0x4250000 end_va = 0x42cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2202 start_va = 0x42e0000 end_va = 0x435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 2203 start_va = 0x4430000 end_va = 0x44affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004430000" filename = "" Region: id = 2204 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 2205 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 2206 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2207 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2208 start_va = 0x23f0000 end_va = 0x2499fff monitored = 0 entry_point = 0x23f4104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2209 start_va = 0xed0000 end_va = 0xedcfff monitored = 0 entry_point = 0xeda138 region_type = mapped_file name = "wuauclt.exe" filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe") Region: id = 2210 start_va = 0x68e0000 end_va = 0x6b2efff monitored = 0 entry_point = 0x68e236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 2211 start_va = 0xed0000 end_va = 0xed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 2212 start_va = 0x23f0000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 2213 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 2214 start_va = 0xed0000 end_va = 0xed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 2215 start_va = 0xee0000 end_va = 0xeeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2216 start_va = 0xef0000 end_va = 0xefffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2217 start_va = 0x1320000 end_va = 0x132ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2751 start_va = 0x18a0000 end_va = 0x191ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 2752 start_va = 0x1fc0000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 2753 start_va = 0x31d0000 end_va = 0x324ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 2754 start_va = 0x3320000 end_va = 0x339ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 2755 start_va = 0x33a0000 end_va = 0x341ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 2756 start_va = 0x37d0000 end_va = 0x384ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037d0000" filename = "" Region: id = 2757 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 3540 start_va = 0xad0000 end_va = 0xad2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 4330 start_va = 0x820000 end_va = 0x822fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 4370 start_va = 0x7fefa9e0000 end_va = 0x7fefaa46fff monitored = 0 entry_point = 0x7fefa9f6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 4371 start_va = 0x820000 end_va = 0x82ffff monitored = 0 entry_point = 0x823e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 4372 start_va = 0x830000 end_va = 0x833fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 4373 start_va = 0x1fb0000 end_va = 0x202ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 4374 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 4379 start_va = 0x7fef36c0000 end_va = 0x7fef36fefff monitored = 0 entry_point = 0x7fef36c12c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 4558 start_va = 0x25b0000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 4559 start_va = 0x26c0000 end_va = 0x273ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 4560 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e4fff monitored = 0 entry_point = 0x7fefb9d1010 region_type = mapped_file name = "aelupsvc.dll" filename = "\\Windows\\System32\\aelupsvc.dll" (normalized: "c:\\windows\\system32\\aelupsvc.dll") Region: id = 4561 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4562 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4563 start_va = 0x27f0000 end_va = 0x28affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 4564 start_va = 0x1170000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 4565 start_va = 0x2630000 end_va = 0x26affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 4566 start_va = 0x33a0000 end_va = 0x349ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 4567 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4568 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4569 start_va = 0x820000 end_va = 0x827fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 4570 start_va = 0x820000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 4571 start_va = 0x820000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 4579 start_va = 0x7fef68f0000 end_va = 0x7fef695afff monitored = 0 entry_point = 0x7fef6934344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 4580 start_va = 0x7fef6c40000 end_va = 0x7fef6c4dfff monitored = 0 entry_point = 0x7fef6c45500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Thread: id = 11 os_tid = 0xf60 Thread: id = 12 os_tid = 0xf5c Thread: id = 13 os_tid = 0xee0 Thread: id = 14 os_tid = 0xe94 Thread: id = 15 os_tid = 0xe38 Thread: id = 16 os_tid = 0xe24 Thread: id = 17 os_tid = 0xd7c Thread: id = 18 os_tid = 0xd64 Thread: id = 19 os_tid = 0x350 Thread: id = 20 os_tid = 0x474 Thread: id = 21 os_tid = 0x4bc Thread: id = 22 os_tid = 0x384 Thread: id = 23 os_tid = 0x250 Thread: id = 24 os_tid = 0x320 Thread: id = 25 os_tid = 0x3a4 Thread: id = 26 os_tid = 0x508 Thread: id = 27 os_tid = 0xf0 Thread: id = 28 os_tid = 0x2f8 Thread: id = 29 os_tid = 0x3b4 Thread: id = 30 os_tid = 0x128 Thread: id = 31 os_tid = 0x218 Thread: id = 32 os_tid = 0x470 Thread: id = 33 os_tid = 0x310 Thread: id = 34 os_tid = 0x238 Thread: id = 35 os_tid = 0x4f8 Thread: id = 36 os_tid = 0x51c Thread: id = 37 os_tid = 0x534 Thread: id = 38 os_tid = 0x6e4 Thread: id = 39 os_tid = 0x6dc Thread: id = 40 os_tid = 0x6d8 Thread: id = 41 os_tid = 0x6d4 Thread: id = 42 os_tid = 0x6cc Thread: id = 43 os_tid = 0x690 Thread: id = 44 os_tid = 0x674 Thread: id = 45 os_tid = 0x644 Thread: id = 46 os_tid = 0x634 Thread: id = 47 os_tid = 0x618 Thread: id = 48 os_tid = 0x608 Thread: id = 49 os_tid = 0x5f4 Thread: id = 50 os_tid = 0x454 Thread: id = 51 os_tid = 0x450 Thread: id = 52 os_tid = 0x35c Thread: id = 53 os_tid = 0x130 Thread: id = 54 os_tid = 0x44c Thread: id = 55 os_tid = 0x448 Thread: id = 56 os_tid = 0x43c Thread: id = 57 os_tid = 0x164 Thread: id = 58 os_tid = 0xc8 Thread: id = 59 os_tid = 0x3ec Thread: id = 60 os_tid = 0x3e4 Thread: id = 61 os_tid = 0x3d8 Thread: id = 62 os_tid = 0x37c Thread: id = 63 os_tid = 0x378 Thread: id = 64 os_tid = 0x36c Thread: id = 65 os_tid = 0x364 Thread: id = 87 os_tid = 0xae0 Thread: id = 88 os_tid = 0xae4 Thread: id = 89 os_tid = 0xae8 Thread: id = 90 os_tid = 0xaec Thread: id = 91 os_tid = 0xaf0 Thread: id = 98 os_tid = 0xb34 Thread: id = 99 os_tid = 0xac8 Thread: id = 147 os_tid = 0x710 Thread: id = 148 os_tid = 0x20c Thread: id = 149 os_tid = 0x750 Thread: id = 150 os_tid = 0xce4 Thread: id = 151 os_tid = 0xd6c Thread: id = 152 os_tid = 0xce0 Thread: id = 167 os_tid = 0xeac Thread: id = 186 os_tid = 0xe9c Thread: id = 187 os_tid = 0xed8 Thread: id = 188 os_tid = 0x8a8 Thread: id = 189 os_tid = 0x8ac Thread: id = 190 os_tid = 0x8b4 Thread: id = 191 os_tid = 0x8bc Thread: id = 198 os_tid = 0xa7c Thread: id = 199 os_tid = 0xb3c Process: id = "3" image_name = "geater.exe" filename = "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe" page_root = "0x3aeeb000" os_pid = "0xa90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xfbc" cmd_line = "\"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1877 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1878 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1879 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1880 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1881 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1882 start_va = 0xb0000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1883 start_va = 0x2d0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1884 start_va = 0x11e0000 end_va = 0x1281fff monitored = 1 entry_point = 0x127d84e region_type = mapped_file name = "geater.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe") Region: id = 1885 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1886 start_va = 0x77150000 end_va = 0x772cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1887 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1888 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1889 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1890 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1891 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1892 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1893 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1894 start_va = 0xf0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1895 start_va = 0x74a40000 end_va = 0x74a7efff monitored = 0 entry_point = 0x74a6e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1896 start_va = 0x749e0000 end_va = 0x74a3bfff monitored = 0 entry_point = 0x74a1f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1897 start_va = 0x749d0000 end_va = 0x749d7fff monitored = 0 entry_point = 0x749d20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1898 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1899 start_va = 0x75620000 end_va = 0x7572ffff monitored = 0 entry_point = 0x75633283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1900 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1901 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076e50000" filename = "" Region: id = 1902 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1903 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076d50000" filename = "" Region: id = 1904 start_va = 0x3d0000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1905 start_va = 0x74b40000 end_va = 0x74b89fff monitored = 1 entry_point = 0x74b42e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1906 start_va = 0x75620000 end_va = 0x7572ffff monitored = 0 entry_point = 0x75633283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1907 start_va = 0x74dc0000 end_va = 0x74e06fff monitored = 0 entry_point = 0x74dc74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1908 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1909 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1910 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1911 start_va = 0xf0000 end_va = 0x156fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1912 start_va = 0x170000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1913 start_va = 0x550000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1918 start_va = 0x550000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1919 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1920 start_va = 0x767e0000 end_va = 0x7687ffff monitored = 0 entry_point = 0x767f49e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1921 start_va = 0x752c0000 end_va = 0x7536bfff monitored = 0 entry_point = 0x752ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1922 start_va = 0x74e10000 end_va = 0x74e28fff monitored = 0 entry_point = 0x74e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1923 start_va = 0x76450000 end_va = 0x7653ffff monitored = 0 entry_point = 0x76460569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1924 start_va = 0x74ca0000 end_va = 0x74cfffff monitored = 0 entry_point = 0x74cba3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1925 start_va = 0x74c90000 end_va = 0x74c9bfff monitored = 0 entry_point = 0x74c910e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1926 start_va = 0x6f0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1927 start_va = 0x74ab0000 end_va = 0x74b3cfff monitored = 1 entry_point = 0x74ac2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1928 start_va = 0x72cc0000 end_va = 0x72cc2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1929 start_va = 0x76540000 end_va = 0x76596fff monitored = 0 entry_point = 0x76559ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1930 start_va = 0x76ae0000 end_va = 0x76b6ffff monitored = 0 entry_point = 0x76af6343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1931 start_va = 0x74f70000 end_va = 0x7506ffff monitored = 0 entry_point = 0x74f8b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1932 start_va = 0x77120000 end_va = 0x77129fff monitored = 0 entry_point = 0x771236a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1933 start_va = 0x76740000 end_va = 0x767dcfff monitored = 0 entry_point = 0x76773fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1934 start_va = 0x6f0000 end_va = 0x877fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 1935 start_va = 0x8c0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 1936 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1937 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1938 start_va = 0x769f0000 end_va = 0x76a4ffff monitored = 0 entry_point = 0x76a0158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1939 start_va = 0x76380000 end_va = 0x7644bfff monitored = 0 entry_point = 0x7638168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1940 start_va = 0x8d0000 end_va = 0xa50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 1941 start_va = 0x1290000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001290000" filename = "" Region: id = 1942 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1943 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1944 start_va = 0x1f0000 end_va = 0x28cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "geater.exe38b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe38b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe38b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") Region: id = 1945 start_va = 0x1f0000 end_va = 0x28cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "geater.exe38b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe38b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe38b2908aa3871e3ea9affa4c6d62a7460f5b95cca90.exe") Region: id = 1946 start_va = 0x73ca0000 end_va = 0x73ca8fff monitored = 0 entry_point = 0x73ca1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1947 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1948 start_va = 0x71c50000 end_va = 0x723fefff monitored = 1 entry_point = 0x71c6d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1949 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1950 start_va = 0x723e0000 end_va = 0x723f3fff monitored = 0 entry_point = 0x723eac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 1951 start_va = 0x72330000 end_va = 0x723dafff monitored = 0 entry_point = 0x723c5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 1952 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1953 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 1954 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1955 start_va = 0xa0000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1956 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1957 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1958 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1959 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1960 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1961 start_va = 0xa60000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 1962 start_va = 0x230000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1963 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1964 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1965 start_va = 0xc30000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 1966 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1967 start_va = 0x230000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1968 start_va = 0x240000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1969 start_va = 0x2690000 end_va = 0x468ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 1970 start_va = 0x5c0000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1971 start_va = 0xb40000 end_va = 0xb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 1972 start_va = 0xbb0000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 1973 start_va = 0xdf0000 end_va = 0xeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 1974 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1975 start_va = 0xd70000 end_va = 0xdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d70000" filename = "" Region: id = 1976 start_va = 0xff0000 end_va = 0x10effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 1977 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 1978 start_va = 0x4690000 end_va = 0x495efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1979 start_va = 0x70090000 end_va = 0x7149afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 1980 start_va = 0x75370000 end_va = 0x754cbfff monitored = 0 entry_point = 0x753bba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1981 start_va = 0x73bb0000 end_va = 0x73c2ffff monitored = 0 entry_point = 0x73bc37c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1982 start_va = 0x4960000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 1983 start_va = 0xa60000 end_va = 0xb3efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 1984 start_va = 0x230000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1985 start_va = 0x74aa0000 end_va = 0x74aa2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 1986 start_va = 0x722a0000 end_va = 0x72328fff monitored = 1 entry_point = 0x722a1130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1987 start_va = 0x76a50000 end_va = 0x76adefff monitored = 0 entry_point = 0x76a53fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1988 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1989 start_va = 0x6f630000 end_va = 0x70084fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 1990 start_va = 0x720f0000 end_va = 0x72292fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 1991 start_va = 0x6e7c0000 end_va = 0x6f625fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 1992 start_va = 0x6dfa0000 end_va = 0x6e7b7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 1993 start_va = 0x71f00000 end_va = 0x720e1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 1994 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1995 start_va = 0x290000 end_va = 0x2a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 1996 start_va = 0x71df0000 end_va = 0x71ef4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 1997 start_va = 0x6d820000 end_va = 0x6df93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 1998 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 1999 start_va = 0x74a80000 end_va = 0x74a92fff monitored = 1 entry_point = 0x74a8d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 2000 start_va = 0x4b50000 end_va = 0x4e21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 2001 start_va = 0x75730000 end_va = 0x76379fff monitored = 0 entry_point = 0x757b1601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2002 start_va = 0x2c0000 end_va = 0x2c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 2003 start_va = 0x73d60000 end_va = 0x73d6afff monitored = 0 entry_point = 0x73d61992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2004 start_va = 0x4e30000 end_va = 0x4feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e30000" filename = "" Region: id = 2005 start_va = 0x71dd0000 end_va = 0x71de6fff monitored = 0 entry_point = 0x71dd35fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 2006 start_va = 0x73a30000 end_va = 0x73a46fff monitored = 0 entry_point = 0x73a33573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2007 start_va = 0x3d0000 end_va = 0x40bfff monitored = 0 entry_point = 0x3d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2008 start_va = 0x450000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2009 start_va = 0x3d0000 end_va = 0x40bfff monitored = 0 entry_point = 0x3d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2010 start_va = 0x3d0000 end_va = 0x40bfff monitored = 0 entry_point = 0x3d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2011 start_va = 0x3d0000 end_va = 0x40bfff monitored = 0 entry_point = 0x3d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2012 start_va = 0x3d0000 end_va = 0x40bfff monitored = 0 entry_point = 0x3d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2013 start_va = 0x739f0000 end_va = 0x73a2afff monitored = 0 entry_point = 0x739f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2014 start_va = 0x754e0000 end_va = 0x754e4fff monitored = 0 entry_point = 0x754e1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2015 start_va = 0x73ae0000 end_va = 0x73b31fff monitored = 0 entry_point = 0x73ae14be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 2016 start_va = 0x73ac0000 end_va = 0x73ad4fff monitored = 0 entry_point = 0x73ac12de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 2017 start_va = 0x76920000 end_va = 0x76954fff monitored = 0 entry_point = 0x7692145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2018 start_va = 0x754d0000 end_va = 0x754d5fff monitored = 0 entry_point = 0x754d1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2019 start_va = 0x73ab0000 end_va = 0x73abcfff monitored = 0 entry_point = 0x73ab1326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 2020 start_va = 0x73c60000 end_va = 0x73c9bfff monitored = 0 entry_point = 0x73c6145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2021 start_va = 0x73c50000 end_va = 0x73c54fff monitored = 0 entry_point = 0x73c515df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 2022 start_va = 0x73c40000 end_va = 0x73c45fff monitored = 0 entry_point = 0x73c41673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 2023 start_va = 0xef0000 end_va = 0xfaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2024 start_va = 0x1130000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 2025 start_va = 0x49c0000 end_va = 0x4abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Region: id = 2026 start_va = 0x4b10000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 2027 start_va = 0x71d70000 end_va = 0x71dc7fff monitored = 0 entry_point = 0x71d713b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 2028 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2029 start_va = 0x71d20000 end_va = 0x71d6efff monitored = 0 entry_point = 0x71d21452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 2030 start_va = 0xbf0000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 2031 start_va = 0x5020000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 2032 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2033 start_va = 0x71d10000 end_va = 0x71d17fff monitored = 0 entry_point = 0x71d134d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 2034 start_va = 0x73cc0000 end_va = 0x73cdbfff monitored = 0 entry_point = 0x73cca431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2035 start_va = 0x73cb0000 end_va = 0x73cb6fff monitored = 0 entry_point = 0x73cb128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2036 start_va = 0x71d00000 end_va = 0x71d0cfff monitored = 0 entry_point = 0x71d02012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 2037 start_va = 0x4ec0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ec0000" filename = "" Region: id = 2038 start_va = 0x4fb0000 end_va = 0x4feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fb0000" filename = "" Region: id = 2039 start_va = 0x51e0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 2040 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2041 start_va = 0x71ce0000 end_va = 0x71cf1fff monitored = 0 entry_point = 0x71ce3271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 2042 start_va = 0x52e0000 end_va = 0x53dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 2043 start_va = 0x3d0000 end_va = 0x431fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 2044 start_va = 0x880000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 2045 start_va = 0x5580000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 2046 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2047 start_va = 0x73b60000 end_va = 0x73b6dfff monitored = 0 entry_point = 0x73b61235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2048 start_va = 0x440000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2049 start_va = 0x4ad0000 end_va = 0x4b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 2050 start_va = 0x5750000 end_va = 0x584ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005750000" filename = "" Region: id = 2051 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 2052 start_va = 0x550000 end_va = 0x556fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2053 start_va = 0x440000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2054 start_va = 0x550000 end_va = 0x556fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2055 start_va = 0x440000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2056 start_va = 0x440000 end_va = 0x446fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2057 start_va = 0x440000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2058 start_va = 0x440000 end_va = 0x446fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2059 start_va = 0x440000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2060 start_va = 0x440000 end_va = 0x446fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2061 start_va = 0x73ce0000 end_va = 0x73d23fff monitored = 0 entry_point = 0x73cf63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2062 start_va = 0x53e0000 end_va = 0x550ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053e0000" filename = "" Region: id = 2063 start_va = 0x73c30000 end_va = 0x73c35fff monitored = 0 entry_point = 0x73c314b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2064 start_va = 0x73b70000 end_va = 0x73ba7fff monitored = 0 entry_point = 0x73b7990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2065 start_va = 0x5850000 end_va = 0x59affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005850000" filename = "" Region: id = 2066 start_va = 0x71cd0000 end_va = 0x71cd7fff monitored = 0 entry_point = 0x71cd10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2067 start_va = 0x71c90000 end_va = 0x71ccefff monitored = 0 entry_point = 0x71c92351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 2068 start_va = 0x754f0000 end_va = 0x75610fff monitored = 0 entry_point = 0x754f158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2069 start_va = 0x74d50000 end_va = 0x74d5bfff monitored = 0 entry_point = 0x74d5238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2070 start_va = 0x71c50000 end_va = 0x71c87fff monitored = 0 entry_point = 0x71c51489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 2071 start_va = 0x6d7a0000 end_va = 0x6d7dcfff monitored = 0 entry_point = 0x6d7a10f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2072 start_va = 0x1190000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 2073 start_va = 0x5b40000 end_va = 0x5c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b40000" filename = "" Region: id = 2074 start_va = 0x6d800000 end_va = 0x6d816fff monitored = 0 entry_point = 0x6d801c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2075 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 2076 start_va = 0x5850000 end_va = 0x594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005850000" filename = "" Region: id = 2077 start_va = 0x5970000 end_va = 0x59affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 2078 start_va = 0x5c40000 end_va = 0x5e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c40000" filename = "" Region: id = 2079 start_va = 0x6d7e0000 end_va = 0x6d7f5fff monitored = 0 entry_point = 0x6d7e2061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 2080 start_va = 0x440000 end_va = 0x449fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 2081 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2082 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2083 start_va = 0x550000 end_va = 0x579fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2084 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2085 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2086 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2087 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2088 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2089 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 2090 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2091 start_va = 0x5170000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2092 start_va = 0x5f60000 end_va = 0x605ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f60000" filename = "" Region: id = 2093 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 2094 start_va = 0x6060000 end_va = 0x705ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006060000" filename = "" Region: id = 2095 start_va = 0x59b0000 end_va = 0x5afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059b0000" filename = "" Region: id = 2096 start_va = 0x7060000 end_va = 0x805ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007060000" filename = "" Region: id = 2097 start_va = 0x8060000 end_va = 0x82fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008060000" filename = "" Region: id = 2098 start_va = 0x6c0000 end_va = 0x6d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 2099 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2100 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2101 start_va = 0x8300000 end_va = 0x92fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 2102 start_va = 0x9300000 end_va = 0xa2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009300000" filename = "" Region: id = 2103 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2104 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2105 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2106 start_va = 0x4970000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004970000" filename = "" Region: id = 2107 start_va = 0xa350000 end_va = 0xa44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a350000" filename = "" Region: id = 2108 start_va = 0x7ef95000 end_va = 0x7ef97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 2109 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2110 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2111 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2112 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2113 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2114 start_va = 0x4e70000 end_va = 0x4eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 2115 start_va = 0xa5e0000 end_va = 0xa6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a5e0000" filename = "" Region: id = 2116 start_va = 0x7ef92000 end_va = 0x7ef94fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 2117 start_va = 0x5c0000 end_va = 0x641fff monitored = 0 entry_point = 0x5c19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2118 start_va = 0x5c0000 end_va = 0x641fff monitored = 0 entry_point = 0x5c19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2119 start_va = 0x6d680000 end_va = 0x6d703fff monitored = 0 entry_point = 0x6d6819a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2120 start_va = 0x53e0000 end_va = 0x54bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053e0000" filename = "" Region: id = 2121 start_va = 0x54d0000 end_va = 0x550ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 2122 start_va = 0x6d4f0000 end_va = 0x6d67ffff monitored = 0 entry_point = 0x6d58d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 2123 start_va = 0x6060000 end_va = 0x622ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006060000" filename = "" Region: id = 2124 start_va = 0x5c0000 end_va = 0x5dbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 2125 start_va = 0x4f00000 end_va = 0x4f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 2126 start_va = 0x62f0000 end_va = 0x63effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062f0000" filename = "" Region: id = 2127 start_va = 0x7ef8f000 end_va = 0x7ef91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 2128 start_va = 0x5e40000 end_va = 0x5f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e40000" filename = "" Region: id = 2129 start_va = 0x53e0000 end_va = 0x548afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 2130 start_va = 0x54b0000 end_va = 0x54bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054b0000" filename = "" Region: id = 2131 start_va = 0x53e0000 end_va = 0x548afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 2132 start_va = 0x63f0000 end_va = 0x7898fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 2133 start_va = 0x63f0000 end_va = 0x7898fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 2134 start_va = 0x63f0000 end_va = 0x78b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 2135 start_va = 0x63f0000 end_va = 0x78b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 2136 start_va = 0x63f0000 end_va = 0x6812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 2137 start_va = 0x63f0000 end_va = 0x6812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 2138 start_va = 0x5c0000 end_va = 0x65ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 2139 start_va = 0x5c0000 end_va = 0x65ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 2140 start_va = 0x5c0000 end_va = 0x63efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 2141 start_va = 0x5c0000 end_va = 0x63efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 2142 start_va = 0x63f0000 end_va = 0x65effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063f0000" filename = "" Region: id = 2143 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2144 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2145 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2146 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2147 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2148 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2149 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2150 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2151 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2152 start_va = 0x6d3f0000 end_va = 0x6d4eafff monitored = 0 entry_point = 0x6d4017e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 2153 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2154 start_va = 0x5e0000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2155 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2156 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2157 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2158 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2159 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2160 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2161 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2162 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2163 start_va = 0xd30000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 2164 start_va = 0xd40000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 2165 start_va = 0xd50000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 2166 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2167 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2168 start_va = 0x6c620000 end_va = 0x6d3ecfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.web.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll") Region: id = 2169 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2170 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2171 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2172 start_va = 0xd30000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 2173 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2174 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2175 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2176 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2177 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2178 start_va = 0xd30000 end_va = 0xd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 2179 start_va = 0xdb0000 end_va = 0xdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 2180 start_va = 0x7ef8c000 end_va = 0x7ef8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 2218 start_va = 0x5400000 end_va = 0x543ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 2219 start_va = 0x5530000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 2220 start_va = 0x5680000 end_va = 0x56bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005680000" filename = "" Region: id = 2221 start_va = 0x60c0000 end_va = 0x61bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060c0000" filename = "" Region: id = 2222 start_va = 0x6220000 end_va = 0x622ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 2223 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 2224 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2225 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2226 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2227 start_va = 0xb80000 end_va = 0xb91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 2228 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2229 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2230 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2231 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2232 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2233 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2234 start_va = 0x65f0000 end_va = 0x75effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065f0000" filename = "" Region: id = 2235 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2236 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2237 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2238 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2239 start_va = 0x5f70000 end_va = 0x5faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f70000" filename = "" Region: id = 2240 start_va = 0x75f0000 end_va = 0x76effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000075f0000" filename = "" Region: id = 2241 start_va = 0x7ef86000 end_va = 0x7ef88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 2242 start_va = 0x8300000 end_va = 0x92fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 2243 start_va = 0x9300000 end_va = 0xa2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009300000" filename = "" Region: id = 2244 start_va = 0xfb0000 end_va = 0xfb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fb0000" filename = "" Region: id = 2245 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2246 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2247 start_va = 0xa6e0000 end_va = 0xb6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a6e0000" filename = "" Region: id = 2248 start_va = 0xb6e0000 end_va = 0xc6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b6e0000" filename = "" Region: id = 2249 start_va = 0x76f0000 end_va = 0x7c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076f0000" filename = "" Region: id = 2250 start_va = 0xc6e0000 end_va = 0xd6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c6e0000" filename = "" Region: id = 2251 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2252 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2253 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2254 start_va = 0x10f0000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 2255 start_va = 0x1100000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 2256 start_va = 0x1110000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2257 start_va = 0x1120000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2258 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2259 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2260 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2261 start_va = 0x5140000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2262 start_va = 0x7c50000 end_va = 0x7d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c50000" filename = "" Region: id = 2263 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 2264 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2265 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2266 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2267 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2268 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2269 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2270 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2271 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2272 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2273 start_va = 0x5540000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 2274 start_va = 0x7d90000 end_va = 0x7e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d90000" filename = "" Region: id = 2275 start_va = 0x7ef83000 end_va = 0x7ef85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2276 start_va = 0x10f0000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 2277 start_va = 0x1100000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 2278 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2279 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2280 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2281 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2282 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2300 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2301 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2302 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2477 start_va = 0x5190000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2478 start_va = 0x6000000 end_va = 0x60fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006000000" filename = "" Region: id = 2519 start_va = 0x5100000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 2520 start_va = 0x59f0000 end_va = 0x5aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059f0000" filename = "" Region: id = 2521 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Thread: id = 71 os_tid = 0xa94 [0110.226] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0111.022] GetACP () returned 0x4e4 [0111.136] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config", nBufferLength=0x105, lpBuffer=0x3cea50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config", lpFilePart=0x0) returned 0x37 [0111.143] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce748 | out: phkResult=0x3ce748*=0x0) returned 0x2 [0111.143] RegCloseKey (hKey=0x80000002) returned 0x0 [0111.213] GetCurrentProcess () returned 0xffffffff [0111.213] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced88 | out: TokenHandle=0x3ced88*=0x40) returned 1 [0111.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x3ce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0111.230] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3ced80 | out: lpFileInformation=0x3ced80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0111.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3ce80c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0111.233] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3ced88 | out: lpFileInformation=0x3ced88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0111.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3ce7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0111.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cecc0) returned 1 [0111.236] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0111.236] GetFileType (hFile=0x1f4) returned 0x1 [0111.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cecbc) returned 1 [0111.236] GetFileType (hFile=0x1f4) returned 0x1 [0111.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3cdff8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0111.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3ce05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0111.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ce29c) returned 1 [0111.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3ce560 | out: lpFileInformation=0x3ce560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0111.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ce298) returned 1 [0111.329] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x3ce42c | out: pfEnabled=0x3ce42c) returned 0x0 [0111.382] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ced0c | out: phkResult=0x3ced0c*=0x0) returned 0x2 [0111.383] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ced0c | out: phkResult=0x3ced0c*=0x0) returned 0x2 [0111.384] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x3ced7c | out: lpFileSizeHigh=0x3ced7c*=0x0) returned 0x8c8e [0111.385] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ced38, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3ced38*=0x1000, lpOverlapped=0x0) returned 1 [0111.400] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cebe8, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3cebe8*=0x1000, lpOverlapped=0x0) returned 1 [0111.403] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cea9c, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3cea9c*=0x1000, lpOverlapped=0x0) returned 1 [0111.403] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cea9c, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3cea9c*=0x1000, lpOverlapped=0x0) returned 1 [0111.404] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cea9c, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3cea9c*=0x1000, lpOverlapped=0x0) returned 1 [0111.404] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ce9d4, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3ce9d4*=0x1000, lpOverlapped=0x0) returned 1 [0111.411] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ceb40, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3ceb40*=0x1000, lpOverlapped=0x0) returned 1 [0111.413] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cea34, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3cea34*=0x1000, lpOverlapped=0x0) returned 1 [0111.413] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3cea34, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3cea34*=0xc8e, lpOverlapped=0x0) returned 1 [0111.414] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bfaa4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ceaf8, lpOverlapped=0x0 | out: lpBuffer=0x26bfaa4*, lpNumberOfBytesRead=0x3ceaf8*=0x0, lpOverlapped=0x0) returned 1 [0111.414] CloseHandle (hObject=0x1f4) returned 1 [0111.414] CloseHandle (hObject=0x40) returned 1 [0111.415] GetCurrentProcess () returned 0xffffffff [0111.415] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ceed4 | out: TokenHandle=0x3ceed4*=0x40) returned 1 [0111.416] CloseHandle (hObject=0x40) returned 1 [0111.416] GetCurrentProcess () returned 0xffffffff [0111.416] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ceed4 | out: TokenHandle=0x3ceed4*=0x40) returned 1 [0111.417] CloseHandle (hObject=0x40) returned 1 [0111.423] GetCurrentProcess () returned 0xffffffff [0111.424] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced88 | out: TokenHandle=0x3ced88*=0x40) returned 1 [0111.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3ced80 | out: lpFileInformation=0x3ced80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0111.424] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config", nBufferLength=0x105, lpBuffer=0x3ce80c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config", lpFilePart=0x0) returned 0x37 [0111.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3ced88 | out: lpFileInformation=0x3ced88*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0111.425] CloseHandle (hObject=0x40) returned 1 [0111.425] GetCurrentProcess () returned 0xffffffff [0111.425] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ceed4 | out: TokenHandle=0x3ceed4*=0x40) returned 1 [0111.426] CloseHandle (hObject=0x40) returned 1 [0111.426] GetCurrentProcess () returned 0xffffffff [0111.427] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ceed4 | out: TokenHandle=0x3ceed4*=0x40) returned 1 [0111.427] CloseHandle (hObject=0x40) returned 1 [0111.450] GetCurrentProcess () returned 0xffffffff [0111.450] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cecec | out: TokenHandle=0x3cecec*=0x40) returned 1 [0111.471] CloseHandle (hObject=0x40) returned 1 [0111.471] GetCurrentProcess () returned 0xffffffff [0111.471] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced04 | out: TokenHandle=0x3ced04*=0x40) returned 1 [0111.472] CloseHandle (hObject=0x40) returned 1 [0111.486] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40 [0111.486] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1f4 [0111.491] GetCurrentProcess () returned 0xffffffff [0111.491] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced0c | out: TokenHandle=0x3ced0c*=0x234) returned 1 [0111.495] CloseHandle (hObject=0x234) returned 1 [0111.495] GetCurrentProcess () returned 0xffffffff [0111.495] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced24 | out: TokenHandle=0x3ced24*=0x234) returned 1 [0111.495] CloseHandle (hObject=0x234) returned 1 [0111.501] GetCurrentProcess () returned 0xffffffff [0111.501] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced14 | out: TokenHandle=0x3ced14*=0x234) returned 1 [0111.506] CloseHandle (hObject=0x234) returned 1 [0111.507] GetCurrentProcess () returned 0xffffffff [0111.507] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced2c | out: TokenHandle=0x3ced2c*=0x234) returned 1 [0111.507] CloseHandle (hObject=0x234) returned 1 [0111.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce1fc | out: phkResult=0x3ce1fc*=0x234) returned 0x0 [0111.526] RegQueryValueExW (in: hKey=0x234, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3ce21c, lpData=0x0, lpcbData=0x3ce218*=0x0 | out: lpType=0x3ce21c*=0x1, lpData=0x0, lpcbData=0x3ce218*=0xe) returned 0x0 [0111.526] RegQueryValueExW (in: hKey=0x234, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3ce21c, lpData=0x26e0cac, lpcbData=0x3ce218*=0xe | out: lpType=0x3ce21c*=0x1, lpData="Client", lpcbData=0x3ce218*=0xe) returned 0x0 [0111.526] RegCloseKey (hKey=0x234) returned 0x0 [0111.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefc8 | out: phkResult=0x3cefc8*=0x234) returned 0x0 [0111.531] RegQueryValueExW (in: hKey=0x234, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x3cefe4, lpData=0x0, lpcbData=0x3cefe0*=0x0 | out: lpType=0x3cefe4*=0x0, lpData=0x0, lpcbData=0x3cefe0*=0x0) returned 0x2 [0111.531] RegCloseKey (hKey=0x234) returned 0x0 [0111.534] GetCurrentProcessId () returned 0xa90 [0111.539] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x3ce864 | out: lpLuid=0x3ce864*(LowPart=0x14, HighPart=0)) returned 1 [0111.540] GetCurrentProcess () returned 0xffffffff [0111.540] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x3ce860 | out: TokenHandle=0x3ce860*=0x230) returned 1 [0111.541] AdjustTokenPrivileges (in: TokenHandle=0x230, DisableAllPrivileges=0, NewState=0x26e1d14*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0111.541] CloseHandle (hObject=0x230) returned 1 [0111.542] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.550] EnumProcessModules (in: hProcess=0x230, lphModule=0x26e1d58, cb=0x100, lpcbNeeded=0x3cefd4 | out: lphModule=0x26e1d58, lpcbNeeded=0x3cefd4) returned 1 [0111.551] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26e1e98, cb=0xc | out: lpmodinfo=0x26e1e98*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.553] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.553] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d05c0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.554] CoTaskMemFree (pv=0x4d05c0) [0111.554] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.554] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d05c0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.554] CoTaskMemFree (pv=0x4d05c0) [0111.554] CloseHandle (hObject=0x230) returned 1 [0111.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceafc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x0) returned 0x2 [0111.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.556] RegQueryValueExW (in: hKey=0x230, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.556] RegCloseKey (hKey=0x230) returned 0x0 [0111.557] GetCurrentProcessId () returned 0xa90 [0111.557] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.557] EnumProcessModules (in: hProcess=0x230, lphModule=0x26e4938, cb=0x100, lpcbNeeded=0x3cefd4 | out: lphModule=0x26e4938, lpcbNeeded=0x3cefd4) returned 1 [0111.558] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26e4a78, cb=0xc | out: lpmodinfo=0x26e4a78*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.558] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.558] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d05c0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.562] CoTaskMemFree (pv=0x4d05c0) [0111.562] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.562] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d05c0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.562] CoTaskMemFree (pv=0x4d05c0) [0111.562] CloseHandle (hObject=0x230) returned 1 [0111.563] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceafc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x0) returned 0x2 [0111.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.563] RegQueryValueExW (in: hKey=0x230, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.563] RegCloseKey (hKey=0x230) returned 0x0 [0111.564] GetCurrentProcessId () returned 0xa90 [0111.564] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.564] EnumProcessModules (in: hProcess=0x230, lphModule=0x26e73e4, cb=0x100, lpcbNeeded=0x3cefd4 | out: lphModule=0x26e73e4, lpcbNeeded=0x3cefd4) returned 1 [0111.565] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26e7524, cb=0xc | out: lpmodinfo=0x26e7524*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.565] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.565] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d05c0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.566] CoTaskMemFree (pv=0x4d05c0) [0111.566] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.566] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d05c0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.566] CoTaskMemFree (pv=0x4d05c0) [0111.566] CloseHandle (hObject=0x230) returned 1 [0111.566] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceafc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x0) returned 0x2 [0111.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.567] RegQueryValueExW (in: hKey=0x230, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.567] RegCloseKey (hKey=0x230) returned 0x0 [0111.567] GetCurrentProcessId () returned 0xa90 [0111.568] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.568] EnumProcessModules (in: hProcess=0x230, lphModule=0x26e9e70, cb=0x100, lpcbNeeded=0x3cefd4 | out: lphModule=0x26e9e70, lpcbNeeded=0x3cefd4) returned 1 [0111.569] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26e9fb0, cb=0xc | out: lpmodinfo=0x26e9fb0*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.569] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.569] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d05c0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.569] CoTaskMemFree (pv=0x4d05c0) [0111.569] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.569] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d05c0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.570] CoTaskMemFree (pv=0x4d05c0) [0111.570] CloseHandle (hObject=0x230) returned 1 [0111.570] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceafc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x0) returned 0x2 [0111.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.571] RegQueryValueExW (in: hKey=0x230, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.571] RegCloseKey (hKey=0x230) returned 0x0 [0111.571] GetCurrentProcessId () returned 0xa90 [0111.571] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.571] EnumProcessModules (in: hProcess=0x230, lphModule=0x26ec888, cb=0x100, lpcbNeeded=0x3cefd4 | out: lphModule=0x26ec888, lpcbNeeded=0x3cefd4) returned 1 [0111.572] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26ec9c8, cb=0xc | out: lpmodinfo=0x26ec9c8*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.572] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.573] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d05c0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.573] CoTaskMemFree (pv=0x4d05c0) [0111.573] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.573] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d05c0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.573] CoTaskMemFree (pv=0x4d05c0) [0111.573] CloseHandle (hObject=0x230) returned 1 [0111.573] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceafc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x0) returned 0x2 [0111.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.574] RegQueryValueExW (in: hKey=0x230, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.574] RegCloseKey (hKey=0x230) returned 0x0 [0111.575] GetCurrentProcessId () returned 0xa90 [0111.575] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.575] EnumProcessModules (in: hProcess=0x230, lphModule=0x26ef278, cb=0x100, lpcbNeeded=0x3cefd4 | out: lphModule=0x26ef278, lpcbNeeded=0x3cefd4) returned 1 [0111.576] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26ef3b8, cb=0xc | out: lpmodinfo=0x26ef3b8*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.576] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.576] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d05c0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.576] CoTaskMemFree (pv=0x4d05c0) [0111.576] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.576] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d05c0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.577] CoTaskMemFree (pv=0x4d05c0) [0111.577] CloseHandle (hObject=0x230) returned 1 [0111.577] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceafc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.577] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x0) returned 0x2 [0111.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.578] RegQueryValueExW (in: hKey=0x230, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.578] RegCloseKey (hKey=0x230) returned 0x0 [0111.586] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.586] RegQueryValueExW (in: hKey=0x230, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.586] RegCloseKey (hKey=0x230) returned 0x0 [0111.587] GetCurrentProcessId () returned 0xa90 [0111.587] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.587] EnumProcessModules (in: hProcess=0x230, lphModule=0x26f2c20, cb=0x100, lpcbNeeded=0x3cefd0 | out: lphModule=0x26f2c20, lpcbNeeded=0x3cefd0) returned 1 [0111.588] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26f2d60, cb=0xc | out: lpmodinfo=0x26f2d60*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.588] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.588] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d05c0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.588] CoTaskMemFree (pv=0x4d05c0) [0111.589] CoTaskMemAlloc (cb=0x804) returned 0x4d05c0 [0111.589] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d05c0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.589] CoTaskMemFree (pv=0x4d05c0) [0111.589] CloseHandle (hObject=0x230) returned 1 [0111.589] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.590] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefc8 | out: phkResult=0x3cefc8*=0x0) returned 0x2 [0111.590] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefc8 | out: phkResult=0x3cefc8*=0x230) returned 0x0 [0111.590] RegQueryValueExW (in: hKey=0x230, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x3cefe4, lpData=0x0, lpcbData=0x3cefe0*=0x0 | out: lpType=0x3cefe4*=0x0, lpData=0x0, lpcbData=0x3cefe0*=0x0) returned 0x2 [0111.590] RegCloseKey (hKey=0x230) returned 0x0 [0111.591] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefcc | out: phkResult=0x3cefcc*=0x230) returned 0x0 [0111.591] RegQueryValueExW (in: hKey=0x230, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x3cefe8, lpData=0x0, lpcbData=0x3cefe4*=0x0 | out: lpType=0x3cefe8*=0x0, lpData=0x0, lpcbData=0x3cefe4*=0x0) returned 0x2 [0111.591] RegCloseKey (hKey=0x230) returned 0x0 [0111.591] GetCurrentProcessId () returned 0xa90 [0111.592] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.592] EnumProcessModules (in: hProcess=0x230, lphModule=0x26f59f4, cb=0x100, lpcbNeeded=0x3cefd0 | out: lphModule=0x26f59f4, lpcbNeeded=0x3cefd0) returned 1 [0111.593] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26f5b34, cb=0xc | out: lpmodinfo=0x26f5b34*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.593] CoTaskMemAlloc (cb=0x804) returned 0x4d07a8 [0111.593] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d07a8, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.593] CoTaskMemFree (pv=0x4d07a8) [0111.593] CoTaskMemAlloc (cb=0x804) returned 0x4d07a8 [0111.593] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d07a8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.593] CoTaskMemFree (pv=0x4d07a8) [0111.593] CloseHandle (hObject=0x230) returned 1 [0111.594] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.594] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefc8 | out: phkResult=0x3cefc8*=0x0) returned 0x2 [0111.594] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefc8 | out: phkResult=0x3cefc8*=0x230) returned 0x0 [0111.595] RegQueryValueExW (in: hKey=0x230, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x3cefe4, lpData=0x0, lpcbData=0x3cefe0*=0x0 | out: lpType=0x3cefe4*=0x0, lpData=0x0, lpcbData=0x3cefe0*=0x0) returned 0x2 [0111.595] RegCloseKey (hKey=0x230) returned 0x0 [0111.596] GetCurrentProcessId () returned 0xa90 [0111.596] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x230 [0111.596] EnumProcessModules (in: hProcess=0x230, lphModule=0x26f8404, cb=0x100, lpcbNeeded=0x3cefd0 | out: lphModule=0x26f8404, lpcbNeeded=0x3cefd0) returned 1 [0111.597] GetModuleInformation (in: hProcess=0x230, hModule=0x11e0000, lpmodinfo=0x26f8544, cb=0xc | out: lpmodinfo=0x26f8544*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0111.597] CoTaskMemAlloc (cb=0x804) returned 0x4d07a8 [0111.597] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x11e0000, lpBaseName=0x4d07a8, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0111.597] CoTaskMemFree (pv=0x4d07a8) [0111.597] CoTaskMemAlloc (cb=0x804) returned 0x4d07a8 [0111.597] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x11e0000, lpFilename=0x4d07a8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0111.598] CoTaskMemFree (pv=0x4d07a8) [0111.598] CloseHandle (hObject=0x230) returned 1 [0111.598] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3ceaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0111.598] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cefc8 | out: phkResult=0x3cefc8*=0x0) returned 0x2 [0111.599] QueryPerformanceFrequency (in: lpFrequency=0x166220 | out: lpFrequency=0x166220*=100000000) returned 1 [0111.600] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf0d4 | out: lpPerformanceCount=0x3cf0d4*=1427550825516) returned 1 [0111.605] GetCurrentProcess () returned 0xffffffff [0111.607] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cece8 | out: TokenHandle=0x3cece8*=0x230) returned 1 [0111.610] CloseHandle (hObject=0x230) returned 1 [0111.610] GetCurrentProcess () returned 0xffffffff [0111.611] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced00 | out: TokenHandle=0x3ced00*=0x230) returned 1 [0111.611] CloseHandle (hObject=0x230) returned 1 [0111.616] GetCurrentProcess () returned 0xffffffff [0111.616] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cefb8 | out: TokenHandle=0x3cefb8*=0x230) returned 1 [0111.631] CoTaskMemAlloc (cb=0xcc0) returned 0x4d07a8 [0111.631] RasEnumConnectionsW (in: param_1=0x4d07a8, param_2=0x3cefc8, param_3=0x3cefcc | out: param_1=0x4d07a8, param_2=0x3cefc8, param_3=0x3cefcc) returned 0x0 [0111.641] CoTaskMemFree (pv=0x4d07a8) [0111.648] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x3cedb0 | out: lpWSAData=0x3cedb0) returned 0 [0111.655] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x27c [0111.663] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0111.663] closesocket (s=0x27c) returned 0 [0111.663] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x27c [0111.678] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0111.678] closesocket (s=0x27c) returned 0 [0111.679] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x27c [0111.680] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x280 [0111.680] ioctlsocket (in: s=0x27c, cmd=-2147195266, argp=0x3cefd0 | out: argp=0x3cefd0) returned 0 [0111.680] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x284 [0111.681] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x288 [0111.681] ioctlsocket (in: s=0x284, cmd=-2147195266, argp=0x3cefd0 | out: argp=0x3cefd0) returned 0 [0111.682] WSAIoctl (in: s=0x27c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3cefb8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3cefb8, lpOverlapped=0x0) returned -1 [0111.683] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3cece8, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0111.687] WSAEventSelect (s=0x27c, hEventObject=0x280, lNetworkEvents=512) returned 0 [0111.687] WSAIoctl (in: s=0x284, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3cefb8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3cefb8, lpOverlapped=0x0) returned -1 [0111.687] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3cece8, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0111.687] WSAEventSelect (s=0x284, hEventObject=0x288, lNetworkEvents=512) returned 0 [0111.688] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x290 [0111.688] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x290, param_3=0x3) returned 0x0 [0111.693] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x3cefe4 | out: phkResult=0x3cefe4*=0x2a8) returned 0x0 [0111.694] RegOpenKeyExW (in: hKey=0x2a8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cef98 | out: phkResult=0x3cef98*=0x2ac) returned 0x0 [0111.694] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b0 [0111.694] RegNotifyChangeKeyValue (hKey=0x2ac, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2b0, fAsynchronous=1) returned 0x0 [0111.695] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cef9c | out: phkResult=0x3cef9c*=0x2b4) returned 0x0 [0111.695] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8 [0111.695] RegNotifyChangeKeyValue (hKey=0x2b4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2b8, fAsynchronous=1) returned 0x0 [0111.696] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cef9c | out: phkResult=0x3cef9c*=0x2bc) returned 0x0 [0111.696] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c0 [0111.696] RegNotifyChangeKeyValue (hKey=0x2bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2c0, fAsynchronous=1) returned 0x0 [0111.696] GetCurrentProcess () returned 0xffffffff [0111.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cef8c | out: TokenHandle=0x3cef8c*=0x2c4) returned 1 [0111.701] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ce890 | out: phkResult=0x3ce890*=0x2c8) returned 0x0 [0111.701] RegQueryValueExW (in: hKey=0x2c8, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x3ce8ac, lpData=0x0, lpcbData=0x3ce8a8*=0x0 | out: lpType=0x3ce8ac*=0x0, lpData=0x0, lpcbData=0x3ce8a8*=0x0) returned 0x2 [0111.701] RegCloseKey (hKey=0x2c8) returned 0x0 [0111.722] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x4d0690 [0111.733] WinHttpSetTimeouts (hInternet=0x4d0690, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0111.734] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x3cef98 | out: pProxyConfig=0x3cef98) returned 1 [0111.760] CloseHandle (hObject=0x230) returned 1 [0111.782] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x3ce7e8, nSize=0x90 | out: lpBuffer="") returned 0x0 [0111.782] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x3ce7e8, nSize=0x90 | out: lpBuffer="") returned 0x0 [0111.791] EtwEventRegister () returned 0x0 [0111.805] EtwEventRegister () returned 0x0 [0111.830] GetCurrentProcess () returned 0xffffffff [0111.830] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cecb0 | out: TokenHandle=0x3cecb0*=0x31c) returned 1 [0111.834] CloseHandle (hObject=0x31c) returned 1 [0111.834] GetCurrentProcess () returned 0xffffffff [0111.834] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cecc8 | out: TokenHandle=0x3cecc8*=0x31c) returned 1 [0111.835] CloseHandle (hObject=0x31c) returned 1 [0111.839] SetEvent (hEvent=0x40) returned 1 [0111.859] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3ceef4*=0x290, lpdwindex=0x3ced18 | out: lpdwindex=0x3ced18) returned 0x80010115 [0111.877] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3ceed4*=0x280, lpdwindex=0x3cecf8 | out: lpdwindex=0x3cecf8) returned 0x80010115 [0111.877] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3ceed4*=0x288, lpdwindex=0x3cecf8 | out: lpdwindex=0x3cecf8) returned 0x80010115 [0111.877] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3cef28*=0x2b0, lpdwindex=0x3ced4c | out: lpdwindex=0x3ced4c) returned 0x80010115 [0111.877] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3cef28*=0x2b8, lpdwindex=0x3ced4c | out: lpdwindex=0x3ced4c) returned 0x80010115 [0111.877] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3cef28*=0x2c0, lpdwindex=0x3ced4c | out: lpdwindex=0x3ced4c) returned 0x80010115 [0111.881] GetCurrentProcess () returned 0xffffffff [0111.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cec30 | out: TokenHandle=0x3cec30*=0x350) returned 1 [0111.882] CloseHandle (hObject=0x350) returned 1 [0111.882] GetCurrentProcess () returned 0xffffffff [0111.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3cec48 | out: TokenHandle=0x3cec48*=0x350) returned 1 [0111.883] CloseHandle (hObject=0x350) returned 1 [0111.885] GetTimeZoneInformation (in: lpTimeZoneInformation=0x3cedf8 | out: lpTimeZoneInformation=0x3cedf8) returned 0x2 [0111.901] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x3cec54 | out: pTimeZoneInformation=0x3cec54) returned 0x2 [0111.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ced38 | out: phkResult=0x3ced38*=0x350) returned 0x0 [0111.907] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x3ced54, lpData=0x0, lpcbData=0x3ced50*=0x0 | out: lpType=0x3ced54*=0x3, lpData=0x0, lpcbData=0x3ced50*=0x2c) returned 0x0 [0111.908] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x3ced54, lpData=0x270573c, lpcbData=0x3ced50*=0x2c | out: lpType=0x3ced54*=0x3, lpData=0x270573c*, lpcbData=0x3ced50*=0x2c) returned 0x0 [0111.909] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ceb8c | out: phkResult=0x3ceb8c*=0x0) returned 0x2 [0111.909] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3ced2c, lpData=0x0, lpcbData=0x3ced28*=0x0 | out: lpType=0x3ced2c*=0x1, lpData=0x0, lpcbData=0x3ced28*=0x20) returned 0x0 [0111.909] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3ced2c, lpData=0x2705b60, lpcbData=0x3ced28*=0x20 | out: lpType=0x3ced2c*=0x1, lpData="@tzres.dll,-320", lpcbData=0x3ced28*=0x20) returned 0x0 [0111.910] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3ced2c, lpData=0x0, lpcbData=0x3ced28*=0x0 | out: lpType=0x3ced2c*=0x1, lpData=0x0, lpcbData=0x3ced28*=0x20) returned 0x0 [0111.910] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3ced2c, lpData=0x2705bb8, lpcbData=0x3ced28*=0x20 | out: lpType=0x3ced2c*=0x1, lpData="@tzres.dll,-322", lpcbData=0x3ced28*=0x20) returned 0x0 [0111.910] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3ced2c, lpData=0x0, lpcbData=0x3ced28*=0x0 | out: lpType=0x3ced2c*=0x1, lpData=0x0, lpcbData=0x3ced28*=0x20) returned 0x0 [0111.910] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3ced2c, lpData=0x2705c10, lpcbData=0x3ced28*=0x20 | out: lpType=0x3ced2c*=0x1, lpData="@tzres.dll,-321", lpcbData=0x3ced28*=0x20) returned 0x0 [0111.917] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0111.917] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x4f34c8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0111.919] CoTaskMemFree (pv=0x4f34c8) [0111.919] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0111.919] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ced48, pwszFileMUIPath=0x4f34c8, pcchFileMUIPath=0x3ced4c, pululEnumerator=0x3ced40 | out: pwszLanguage=0x0, pcchLanguage=0x3ced48, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ced4c, pululEnumerator=0x3ced40) returned 1 [0111.923] CoTaskMemFree (pv=0x0) [0111.923] CoTaskMemFree (pv=0x4f34c8) [0111.924] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x440001 [0111.928] CoTaskMemAlloc (cb=0x3ec) returned 0x4f34c8 [0111.928] LoadStringW (in: hInstance=0x440001, uID=0x140, lpBuffer=0x4f34c8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0111.928] CoTaskMemFree (pv=0x4f34c8) [0111.928] FreeLibrary (hLibModule=0x440001) returned 1 [0111.929] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0111.929] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x4f34c8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0111.929] CoTaskMemFree (pv=0x4f34c8) [0111.929] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0111.929] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ced48, pwszFileMUIPath=0x4f34c8, pcchFileMUIPath=0x3ced4c, pululEnumerator=0x3ced40 | out: pwszLanguage=0x0, pcchLanguage=0x3ced48, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ced4c, pululEnumerator=0x3ced40) returned 1 [0111.932] CoTaskMemFree (pv=0x0) [0111.932] CoTaskMemFree (pv=0x4f34c8) [0111.932] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x440001 [0111.935] CoTaskMemAlloc (cb=0x3ec) returned 0x4f34c8 [0111.935] LoadStringW (in: hInstance=0x440001, uID=0x142, lpBuffer=0x4f34c8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0111.935] CoTaskMemFree (pv=0x4f34c8) [0111.935] FreeLibrary (hLibModule=0x440001) returned 1 [0111.936] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0111.936] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x4f34c8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0111.936] CoTaskMemFree (pv=0x4f34c8) [0111.936] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0111.936] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ced48, pwszFileMUIPath=0x4f34c8, pcchFileMUIPath=0x3ced4c, pululEnumerator=0x3ced40 | out: pwszLanguage=0x0, pcchLanguage=0x3ced48, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ced4c, pululEnumerator=0x3ced40) returned 1 [0111.939] CoTaskMemFree (pv=0x0) [0111.939] CoTaskMemFree (pv=0x4f34c8) [0111.939] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x440001 [0111.943] CoTaskMemAlloc (cb=0x3ec) returned 0x4f34c8 [0111.943] LoadStringW (in: hInstance=0x440001, uID=0x141, lpBuffer=0x4f34c8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0111.943] CoTaskMemFree (pv=0x4f34c8) [0111.943] FreeLibrary (hLibModule=0x440001) returned 1 [0111.944] RegCloseKey (hKey=0x350) returned 0x0 [0111.945] SetEvent (hEvent=0x40) returned 1 [0111.958] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x3cef54 | out: pFixedInfo=0x0, pOutBufLen=0x3cef54) returned 0x6f [0111.984] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x4f34c8 [0111.984] GetNetworkParams (in: pFixedInfo=0x4f34c8, pOutBufLen=0x3cef54 | out: pFixedInfo=0x4f34c8, pOutBufLen=0x3cef54) returned 0x0 [0111.999] LocalFree (hMem=0x4f34c8) returned 0x0 [0112.001] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0112.001] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x4f34c8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0112.001] CoTaskMemFree (pv=0x4f34c8) [0112.001] CoTaskMemAlloc (cb=0x20c) returned 0x4f34c8 [0112.001] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x4f34c8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0112.001] CoTaskMemFree (pv=0x4f34c8) [0112.007] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x364 [0112.008] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x360 [0112.010] GetAddrInfoW (in: pNodeName="www.google.com", pServiceName=0x0, pHints=0x3cee30*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x3cedd8 | out: ppResult=0x3cedd8*=0x4ed9a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x4e5268*(sa_family=2, sin_port=0x0, sin_addr="142.250.185.68"), ai_next=0x0)) returned 0 [0112.025] FreeAddrInfoW (pAddrInfo=0x4ed9a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x4e5268*(sa_family=2, sin_port=0x0, sin_addr="142.250.185.68"), ai_next=0x0)) [0112.026] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x36c [0112.026] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0112.026] ioctlsocket (in: s=0x36c, cmd=-2147195266, argp=0x3cee08 | out: argp=0x3cee08) returned 0 [0112.027] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x378 [0112.027] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0112.027] ioctlsocket (in: s=0x378, cmd=-2147195266, argp=0x3cee08 | out: argp=0x3cee08) returned 0 [0112.027] WSAIoctl (in: s=0x36c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3cedf0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3cedf0, lpOverlapped=0x0) returned -1 [0112.027] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ceb20, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0112.028] WSAEventSelect (s=0x36c, hEventObject=0x374, lNetworkEvents=512) returned 0 [0112.028] WSAIoctl (in: s=0x378, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3cedf0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3cedf0, lpOverlapped=0x0) returned -1 [0112.028] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ceb20, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0112.028] WSAEventSelect (s=0x378, hEventObject=0x37c, lNetworkEvents=512) returned 0 [0112.028] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x3cedec*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x3cedec*=0x7ec) returned 0x6f [0112.034] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x4f6c40 [0112.034] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x4f6c40, SizePointer=0x3cedec*=0x7ec | out: AdapterAddresses=0x4f6c40*(Alignment=0x1000000178, Length=0x178, IfIndex=0x10, Next=0x4f6f0c, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x4f6e80, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x25, [2]=0x60, [3]=0xfd, [4]=0xb5, [5]=0x57, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x4f6db8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x3cedec*=0x7ec) returned 0x0 [0112.046] LocalFree (hMem=0x4f6c40) returned 0x0 [0112.048] WSAConnect (in: s=0x364, name=0x27117c0*(sa_family=2, sin_port=0x1bb, sin_addr="142.250.185.68"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0112.059] closesocket (s=0x360) returned 0 [0112.077] EnumerateSecurityPackagesW (in: pcPackages=0x3ced5c, ppPackageInfo=0x3cecf0 | out: pcPackages=0x3ced5c, ppPackageInfo=0x3cecf0) returned 0x0 [0112.080] FreeContextBuffer (in: pvContextBuffer=0x4f46d8 | out: pvContextBuffer=0x4f46d8) returned 0x0 [0112.086] GetCurrentProcess () returned 0xffffffff [0112.086] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ceb18 | out: TokenHandle=0x3ceb18*=0x360) returned 1 [0112.088] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2712a48, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x3ceb6c, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x27140d8, ptsExpiry=0x3ceaf0 | out: phCredential=0x27140d8, ptsExpiry=0x3ceaf0) returned 0x0 [0112.100] CloseHandle (hObject=0x360) returned 1 [0112.102] InitializeSecurityContextW (in: phCredential=0x3ceb3c, phContext=0x0, pTargetName=0x27118b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x27142dc, pOutput=0x2714274, pfContextAttr=0x2712a0c, ptsExpiry=0x3ceb34 | out: phNewContext=0x27142dc, pOutput=0x2714274, pfContextAttr=0x2712a0c, ptsExpiry=0x3ceb34) returned 0x90312 [0112.103] FreeContextBuffer (in: pvContextBuffer=0x4f4970 | out: pvContextBuffer=0x4f4970) returned 0x0 [0112.104] send (s=0x364, buf=0x27142f0*, len=152, flags=0) returned 152 [0112.106] recv (in: s=0x364, buf=0x27142f0, len=5, flags=0 | out: buf=0x27142f0*) returned 5 [0112.122] recv (in: s=0x364, buf=0x27142f5, len=87, flags=0 | out: buf=0x27142f5*) returned 87 [0112.124] InitializeSecurityContextW (in: phCredential=0x3cea98, phContext=0x3cea88, pTargetName=0x27118b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2714548, Reserved2=0x0, phNewContext=0x27142dc, pOutput=0x271455c, pfContextAttr=0x2712a0c, ptsExpiry=0x3cea90 | out: phNewContext=0x27142dc, pOutput=0x271455c, pfContextAttr=0x2712a0c, ptsExpiry=0x3cea90) returned 0x90312 [0112.125] recv (in: s=0x364, buf=0x27145ec, len=5, flags=0 | out: buf=0x27145ec*) returned 5 [0112.125] recv (in: s=0x364, buf=0x2714605, len=3995, flags=0 | out: buf=0x2714605*) returned 3995 [0112.126] InitializeSecurityContextW (in: phCredential=0x3ce9f8, phContext=0x3ce9e8, pTargetName=0x27118b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2715610, Reserved2=0x0, phNewContext=0x27142dc, pOutput=0x2715624, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce9f0 | out: phNewContext=0x27142dc, pOutput=0x2715624, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce9f0) returned 0x90312 [0112.127] recv (in: s=0x364, buf=0x27156b4, len=5, flags=0 | out: buf=0x27156b4*) returned 5 [0112.128] recv (in: s=0x364, buf=0x27156cd, len=148, flags=0 | out: buf=0x27156cd*) returned 148 [0112.128] InitializeSecurityContextW (in: phCredential=0x3ce958, phContext=0x3ce948, pTargetName=0x27118b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x27157d4, Reserved2=0x0, phNewContext=0x27142dc, pOutput=0x27157e8, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce950 | out: phNewContext=0x27142dc, pOutput=0x27157e8, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce950) returned 0x90312 [0112.128] recv (in: s=0x364, buf=0x2715878, len=5, flags=0 | out: buf=0x2715878*) returned 5 [0112.128] recv (in: s=0x364, buf=0x2715891, len=4, flags=0 | out: buf=0x2715891*) returned 4 [0112.129] InitializeSecurityContextW (in: phCredential=0x3ce8b8, phContext=0x3ce8a8, pTargetName=0x27118b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2715908, Reserved2=0x0, phNewContext=0x27142dc, pOutput=0x271591c, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce8b0 | out: phNewContext=0x27142dc, pOutput=0x271591c, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce8b0) returned 0x90312 [0112.142] FreeContextBuffer (in: pvContextBuffer=0x4afd00 | out: pvContextBuffer=0x4afd00) returned 0x0 [0112.142] send (s=0x364, buf=0x2715998*, len=126, flags=0) returned 126 [0112.143] recv (in: s=0x364, buf=0x2715998, len=5, flags=0 | out: buf=0x2715998*) returned 5 [0112.155] recv (in: s=0x364, buf=0x271599d, len=1, flags=0 | out: buf=0x271599d*) returned 1 [0112.155] InitializeSecurityContextW (in: phCredential=0x3ce818, phContext=0x3ce808, pTargetName=0x27118b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2715a9c, Reserved2=0x0, phNewContext=0x27142dc, pOutput=0x2715ab0, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce810 | out: phNewContext=0x27142dc, pOutput=0x2715ab0, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce810) returned 0x90312 [0112.155] recv (in: s=0x364, buf=0x2715b40, len=5, flags=0 | out: buf=0x2715b40*) returned 5 [0112.156] recv (in: s=0x364, buf=0x2715b59, len=40, flags=0 | out: buf=0x2715b59*) returned 40 [0112.156] InitializeSecurityContextW (in: phCredential=0x3ce778, phContext=0x3ce768, pTargetName=0x27118b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2715bf4, Reserved2=0x0, phNewContext=0x27142dc, pOutput=0x2715c08, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce770 | out: phNewContext=0x27142dc, pOutput=0x2715c08, pfContextAttr=0x2712a0c, ptsExpiry=0x3ce770) returned 0x0 [0112.177] QueryContextAttributesW (in: phContext=0x27142dc, ulAttribute=0x4, pBuffer=0x2715cb4 | out: pBuffer=0x2715cb4) returned 0x0 [0112.178] QueryContextAttributesW (in: phContext=0x27142dc, ulAttribute=0x5a, pBuffer=0x2715d0c | out: pBuffer=0x2715d0c) returned 0x0 [0112.186] QueryContextAttributesW (in: phContext=0x27142dc, ulAttribute=0x53, pBuffer=0x2715db8 | out: pBuffer=0x2715db8) returned 0x0 [0112.195] CertDuplicateCRLContext (pCrlContext=0x4dd018) returned 0x4dd018 [0112.197] CertDuplicateStore (hCertStore=0x501b58) returned 0x501b58 [0112.197] CertEnumCertificatesInStore (hCertStore=0x501b58, pPrevCertContext=0x0) returned 0x505370 [0112.198] CertDuplicateCRLContext (pCrlContext=0x505370) returned 0x505370 [0112.199] CertEnumCertificatesInStore (hCertStore=0x501b58, pPrevCertContext=0x505370) returned 0x4dd068 [0112.199] CertDuplicateCRLContext (pCrlContext=0x4dd068) returned 0x4dd068 [0112.199] CertEnumCertificatesInStore (hCertStore=0x501b58, pPrevCertContext=0x4dd068) returned 0x4dd018 [0112.200] CertDuplicateCRLContext (pCrlContext=0x4dd018) returned 0x4dd018 [0112.200] CertEnumCertificatesInStore (hCertStore=0x501b58, pPrevCertContext=0x4dd018) returned 0x0 [0112.200] CertCloseStore (hCertStore=0x501b58, dwFlags=0x0) returned 1 [0112.200] CertFreeCRLContext (pCrlContext=0x4dd018) returned 1 [0112.215] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x506f10 [0112.216] CertAddCRLLinkToStore (in: hCertStore=0x506f10, pCrlContext=0x505370, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0112.216] CertAddCRLLinkToStore (in: hCertStore=0x506f10, pCrlContext=0x4dd068, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0112.216] CertAddCRLLinkToStore (in: hCertStore=0x506f10, pCrlContext=0x4dd018, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0112.219] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x4d8560 [0112.222] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x4dd018, pTime=0x3ce784, hAdditionalStore=0x506f10, pChainPara=0x3ce6c4, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x3ce6b8 | out: ppChainContext=0x3ce6b8) returned 1 [0112.562] LocalFree (hMem=0x4d8560) returned 0x0 [0112.562] CertDuplicateCertificateChain (pChainContext=0x58d47f8) returned 0x58d47f8 [0112.564] CertDuplicateCRLContext (pCrlContext=0x4dd018) returned 0x4dd018 [0112.564] CertDuplicateCRLContext (pCrlContext=0x5c572c8) returned 0x5c572c8 [0112.565] CertDuplicateCRLContext (pCrlContext=0x5c57368) returned 0x5c57368 [0112.566] CertDuplicateCRLContext (pCrlContext=0x5c573b8) returned 0x5c573b8 [0112.566] CertFreeCertificateChain (pChainContext=0x58d47f8) [0112.567] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x58d47f8, pPolicyPara=0x3ce864, pPolicyStatus=0x3ce850 | out: pPolicyStatus=0x3ce850) returned 1 [0112.567] SetLastError (dwErrCode=0x0) [0112.571] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x58d47f8, pPolicyPara=0x3ce8c4, pPolicyStatus=0x3ce878 | out: pPolicyStatus=0x3ce878) returned 1 [0112.572] CertFreeCertificateChain (pChainContext=0x58d47f8) [0112.572] CertFreeCRLContext (pCrlContext=0x4dd018) returned 1 [0112.577] CoTaskMemAlloc (cb=0x20c) returned 0x5c6ca38 [0112.577] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5c6ca38, nSize=0x104 | out: lpBuffer="") returned 0x0 [0112.577] CoTaskMemFree (pv=0x5c6ca38) [0112.577] CoTaskMemAlloc (cb=0x210) returned 0x5c6ca38 [0112.577] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5c6ca38, nSize=0x106 | out: lpBuffer="") returned 0x0 [0112.577] CoTaskMemFree (pv=0x5c6ca38) [0112.577] CoTaskMemAlloc (cb=0x210) returned 0x5c6ca38 [0112.577] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5c6ca38, nSize=0x106 | out: lpBuffer="") returned 0x0 [0112.577] CoTaskMemFree (pv=0x5c6ca38) [0112.577] CoTaskMemAlloc (cb=0x210) returned 0x5c6ca38 [0112.577] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5c6ca38, nSize=0x106 | out: lpBuffer="") returned 0x0 [0112.577] CoTaskMemFree (pv=0x5c6ca38) [0112.579] EncryptMessage (in: phContext=0x27142dc, fQOP=0x0, pMessage=0x271e0bc, MessageSeqNo=0x0 | out: pMessage=0x271e0bc) returned 0x0 [0112.580] send (s=0x364, buf=0x271cb88*, len=93, flags=0) returned 93 [0112.583] setsockopt (s=0x364, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0112.586] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.644] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.645] DecryptMessage (in: phContext=0x27142dc, pMessage=0x272e4bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x272e4bc, pfQOP=0x0) returned 0x0 [0112.672] GetCurrentProcess () returned 0xffffffff [0112.672] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced30 | out: TokenHandle=0x3ced30*=0x554) returned 1 [0112.673] CloseHandle (hObject=0x554) returned 1 [0112.674] GetCurrentProcess () returned 0xffffffff [0112.674] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ced48 | out: TokenHandle=0x3ced48*=0x554) returned 1 [0112.676] CloseHandle (hObject=0x554) returned 1 [0112.677] setsockopt (s=0x364, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0112.677] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf0c8 | out: lpPerformanceCount=0x3cf0c8*=1427658575930) returned 1 [0112.677] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427658591780) returned 1 [0112.678] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.678] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.683] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2732c50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2732c50, pfQOP=0x0) returned 0x0 [0112.683] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659188207) returned 1 [0112.683] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.683] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.683] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2732d70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2732d70, pfQOP=0x0) returned 0x0 [0112.684] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659224948) returned 1 [0112.684] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.684] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.684] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2732e90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2732e90, pfQOP=0x0) returned 0x0 [0112.684] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659261816) returned 1 [0112.684] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.684] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.684] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2732fb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2732fb0, pfQOP=0x0) returned 0x0 [0112.685] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659331903) returned 1 [0112.685] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.685] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.685] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27330d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27330d0, pfQOP=0x0) returned 0x0 [0112.685] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659368650) returned 1 [0112.685] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.685] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.685] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27331f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27331f0, pfQOP=0x0) returned 0x0 [0112.685] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659403335) returned 1 [0112.685] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.685] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.686] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733310, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733310, pfQOP=0x0) returned 0x0 [0112.686] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659438240) returned 1 [0112.686] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.686] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.686] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733430, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733430, pfQOP=0x0) returned 0x0 [0112.686] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659472710) returned 1 [0112.686] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.686] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.686] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733550, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733550, pfQOP=0x0) returned 0x0 [0112.686] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659508947) returned 1 [0112.686] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.687] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.687] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733670, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733670, pfQOP=0x0) returned 0x0 [0112.687] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659542738) returned 1 [0112.687] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.687] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.687] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733790, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733790, pfQOP=0x0) returned 0x0 [0112.687] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659577395) returned 1 [0112.687] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.687] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.687] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27338b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27338b0, pfQOP=0x0) returned 0x0 [0112.687] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659610555) returned 1 [0112.687] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.688] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.688] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27339d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27339d0, pfQOP=0x0) returned 0x0 [0112.688] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659646080) returned 1 [0112.688] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.688] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.688] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733af0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733af0, pfQOP=0x0) returned 0x0 [0112.688] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659680921) returned 1 [0112.688] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.688] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.688] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733c10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733c10, pfQOP=0x0) returned 0x0 [0112.688] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659717132) returned 1 [0112.689] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.689] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.689] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733d30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733d30, pfQOP=0x0) returned 0x0 [0112.689] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659752803) returned 1 [0112.689] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.689] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.689] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733e50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733e50, pfQOP=0x0) returned 0x0 [0112.689] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659786802) returned 1 [0112.689] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.689] recv (in: s=0x364, buf=0x272a401, len=649, flags=0 | out: buf=0x272a401*) returned 649 [0112.690] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2733f70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2733f70, pfQOP=0x0) returned 0x0 [0112.690] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659850699) returned 1 [0112.690] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.690] recv (in: s=0x364, buf=0x272a401, len=177, flags=0 | out: buf=0x272a401*) returned 177 [0112.690] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273409c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273409c, pfQOP=0x0) returned 0x0 [0112.690] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659905426) returned 1 [0112.690] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.690] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.691] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27341bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27341bc, pfQOP=0x0) returned 0x0 [0112.691] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659946968) returned 1 [0112.691] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.691] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.691] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27342dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27342dc, pfQOP=0x0) returned 0x0 [0112.691] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427659980697) returned 1 [0112.691] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.691] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.691] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27343fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27343fc, pfQOP=0x0) returned 0x0 [0112.691] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660014044) returned 1 [0112.691] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.692] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.692] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273451c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273451c, pfQOP=0x0) returned 0x0 [0112.692] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660047716) returned 1 [0112.692] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.692] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.692] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273463c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273463c, pfQOP=0x0) returned 0x0 [0112.692] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660081363) returned 1 [0112.692] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.692] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.692] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273475c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273475c, pfQOP=0x0) returned 0x0 [0112.692] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660114395) returned 1 [0112.692] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.693] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.693] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273487c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273487c, pfQOP=0x0) returned 0x0 [0112.693] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660148640) returned 1 [0112.693] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.693] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.693] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273499c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273499c, pfQOP=0x0) returned 0x0 [0112.693] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660182608) returned 1 [0112.693] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.693] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.693] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2734abc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734abc, pfQOP=0x0) returned 0x0 [0112.693] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660217463) returned 1 [0112.694] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.694] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.694] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2734bdc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734bdc, pfQOP=0x0) returned 0x0 [0112.694] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660251582) returned 1 [0112.694] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.694] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.694] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2734cfc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734cfc, pfQOP=0x0) returned 0x0 [0112.694] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660285319) returned 1 [0112.694] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.694] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.694] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2734e1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734e1c, pfQOP=0x0) returned 0x0 [0112.694] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660319194) returned 1 [0112.695] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.695] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.695] DecryptMessage (in: phContext=0x27142dc, pMessage=0x2734f3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2734f3c, pfQOP=0x0) returned 0x0 [0112.695] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660352094) returned 1 [0112.695] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.695] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.695] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273505c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273505c, pfQOP=0x0) returned 0x0 [0112.695] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660385820) returned 1 [0112.695] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.695] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.695] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273517c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273517c, pfQOP=0x0) returned 0x0 [0112.695] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660419284) returned 1 [0112.696] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.696] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.696] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273529c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273529c, pfQOP=0x0) returned 0x0 [0112.696] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660453068) returned 1 [0112.696] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.696] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.696] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27353bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27353bc, pfQOP=0x0) returned 0x0 [0112.696] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660487319) returned 1 [0112.696] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.696] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.696] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27354dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27354dc, pfQOP=0x0) returned 0x0 [0112.696] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660521496) returned 1 [0112.697] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.697] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.697] DecryptMessage (in: phContext=0x27142dc, pMessage=0x27355fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27355fc, pfQOP=0x0) returned 0x0 [0112.697] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660568030) returned 1 [0112.697] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.697] recv (in: s=0x364, buf=0x272a401, len=1343, flags=0 | out: buf=0x272a401*) returned 1343 [0112.697] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273571c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273571c, pfQOP=0x0) returned 0x0 [0112.697] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660603054) returned 1 [0112.697] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.697] recv (in: s=0x364, buf=0x272a401, len=454, flags=0 | out: buf=0x272a401*) returned 454 [0112.698] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273583c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273583c, pfQOP=0x0) returned 0x0 [0112.698] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf090 | out: lpPerformanceCount=0x3cf090*=1427660635994) returned 1 [0112.698] recv (in: s=0x364, buf=0x272a3fc, len=5, flags=0 | out: buf=0x272a3fc*) returned 5 [0112.698] recv (in: s=0x364, buf=0x272a401, len=29, flags=0 | out: buf=0x272a401*) returned 29 [0112.698] DecryptMessage (in: phContext=0x27142dc, pMessage=0x273595c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x273595c, pfQOP=0x0) returned 0x0 [0112.698] SetEvent (hEvent=0x40) returned 1 [0112.699] QueryPerformanceCounter (in: lpPerformanceCount=0x3cf0b4 | out: lpPerformanceCount=0x3cf0b4*=1427660724164) returned 1 [0112.705] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cebfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0112.706] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cec04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0113.202] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x29400, lpName=0x0) returned 0x554 [0113.203] memcpy (in: _Dst=0x550000, _Src=0x36c2960, _Size=0x29400 | out: _Dst=0x550000) returned 0x550000 [0113.204] CloseHandle (hObject=0x554) returned 1 [0114.001] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12600, lpName=0x0) returned 0x55c [0114.002] memcpy (in: _Dst=0x6c0000, _Src=0x270889c, _Size=0x12600 | out: _Dst=0x6c0000) returned 0x6c0000 [0114.003] CloseHandle (hObject=0x55c) returned 1 [0114.673] CoTaskMemAlloc (cb=0x210) returned 0x4f4078 [0114.673] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x4f4078, nSize=0x106 | out: lpBuffer="") returned 0x0 [0114.673] CoTaskMemFree (pv=0x4f4078) [0114.784] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cb [0114.784] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ca [0114.803] GetSystemMetrics (nIndex=75) returned 1 [0114.809] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0114.825] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75620000 [0114.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x3ce0a4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0114.827] GetProcAddress (hModule=0x75620000, lpProcName="AddDllDirectory") returned 0x74dd1e91 [0114.827] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6d680000 [0114.845] AdjustWindowRectEx (in: lpRect=0x3ce20c, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x3ce20c) returned 1 [0114.849] GetCurrentProcess () returned 0xffffffff [0114.850] GetCurrentThread () returned 0xfffffffe [0114.850] GetCurrentProcess () returned 0xffffffff [0114.850] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3ce124, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ce124*=0x59c) returned 1 [0114.853] GetCurrentThreadId () returned 0xa94 [0114.867] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74f70000 [0114.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x3cdf3c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x9enÿ\x10\x86_DþJqÔç<", lpUsedDefaultChar=0x0) returned 14 [0114.867] GetProcAddress (hModule=0x74f70000, lpProcName="DefWindowProcW") returned 0x771825dd [0114.868] GetStockObject (i=5) returned 0x1900015 [0114.870] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0114.872] CoTaskMemAlloc (cb=0x5a) returned 0x591fbb8 [0114.872] RegisterClassW (lpWndClass=0x3cdf2c) returned 0xc12d [0114.873] CoTaskMemFree (pv=0x591fbb8) [0114.873] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0114.874] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x11e0000, lpParam=0x0) returned 0x50064 [0114.874] SetWindowLongW (hWnd=0x50064, nIndex=-4, dwNewLong=1998071261) returned 83560422 [0114.875] GetWindowLongW (hWnd=0x50064, nIndex=-4) returned 1998071261 [0114.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3cd840 | out: phkResult=0x3cd840*=0x5a0) returned 0x0 [0114.877] RegQueryValueExW (in: hKey=0x5a0, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x3cd860, lpData=0x0, lpcbData=0x3cd85c*=0x0 | out: lpType=0x3cd860*=0x0, lpData=0x0, lpcbData=0x3cd85c*=0x0) returned 0x2 [0114.877] RegQueryValueExW (in: hKey=0x5a0, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x3cd860, lpData=0x0, lpcbData=0x3cd85c*=0x0 | out: lpType=0x3cd860*=0x0, lpData=0x0, lpcbData=0x3cd85c*=0x0) returned 0x2 [0114.877] RegCloseKey (hKey=0x5a0) returned 0x0 [0114.878] SetWindowLongW (hWnd=0x50064, nIndex=-4, dwNewLong=83560462) returned 1998071261 [0114.878] GetWindowLongW (hWnd=0x50064, nIndex=-4) returned 83560462 [0114.878] GetWindowLongW (hWnd=0x50064, nIndex=-16) returned 113311744 [0114.879] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc079 [0114.879] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x50064, Msg=0x24, wParam=0x0, lParam=0x3cdb18) returned 0x0 [0114.879] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc076 [0114.880] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x50064, Msg=0x81, wParam=0x0, lParam=0x3cdb0c) returned 0x1 [0114.880] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x50064, Msg=0x83, wParam=0x0, lParam=0x3cdaf8) returned 0x0 [0114.880] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x50064, Msg=0x1, wParam=0x0, lParam=0x3cdb0c) returned 0x0 [0114.880] GetClientRect (in: hWnd=0x50064, lpRect=0x3cd874 | out: lpRect=0x3cd874) returned 1 [0114.880] GetWindowRect (in: hWnd=0x50064, lpRect=0x3cd874 | out: lpRect=0x3cd874) returned 1 [0114.882] GetParent (hWnd=0x50064) returned 0x0 [0114.882] GetSystemMetrics (nIndex=59) returned 1460 [0114.882] GetSystemMetrics (nIndex=60) returned 920 [0114.882] GetSystemMetrics (nIndex=34) returned 132 [0114.882] GetSystemMetrics (nIndex=35) returned 38 [0114.882] AdjustWindowRectEx (in: lpRect=0x3ce148, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3ce148) returned 1 [0115.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3eebda0, Length=0x20000, ResultLength=0x3ce218 | out: SystemInformation=0x3eebda0, ResultLength=0x3ce218*=0xe480) returned 0x0 [0115.083] GetSystemDefaultLCID () returned 0x409 [0115.083] GetStockObject (i=17) returned 0x18a0025 [0115.087] GetObjectW (in: h=0x18a0025, c=92, pv=0x3cdff8 | out: pv=0x3cdff8) returned 92 [0115.088] GetDC (hWnd=0x0) returned 0x3a010b54 [0115.111] GdiplusStartup (in: token=0x166678, input=0x3cd5c0, output=0x3cd610 | out: token=0x166678, output=0x3cd610) returned 0x0 [0115.116] CoTaskMemAlloc (cb=0x5c) returned 0x591fbb8 [0115.116] GdipCreateFontFromLogfontW (hdc=0x3a010b54, logfont=0x591fbb8, font=0x3ce0c0) returned 0x0 [0115.246] CoTaskMemFree (pv=0x591fbb8) [0115.247] CoTaskMemAlloc (cb=0x5c) returned 0x591fbb8 [0115.247] CoTaskMemFree (pv=0x591fbb8) [0115.247] CoTaskMemAlloc (cb=0x5c) returned 0x591fbb8 [0115.248] CoTaskMemFree (pv=0x591fbb8) [0115.248] GdipGetFontUnit (font=0x6222230, unit=0x3ce088) returned 0x0 [0115.248] GdipGetFontSize (font=0x6222230, size=0x3ce08c) returned 0x0 [0115.249] GdipGetFontStyle (font=0x6222230, style=0x3ce084) returned 0x0 [0115.249] GdipGetFamily (font=0x6222230, family=0x3ce080) returned 0x0 [0115.250] GdipGetFontSize (font=0x6222230, size=0x271b484) returned 0x0 [0115.250] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0115.250] GetDC (hWnd=0x0) returned 0x4010b70 [0115.251] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce09c) returned 0x0 [0115.252] GdipGetDpiY (graphics=0x5f29118, dpi=0x271b560) returned 0x0 [0115.252] GdipGetFontHeight (font=0x6222230, graphics=0x5f29118, height=0x3ce094) returned 0x0 [0115.253] GdipGetEmHeight (family=0x622f358, style=0, EmHeight=0x3ce09c) returned 0x0 [0115.253] GdipGetLineSpacing (family=0x622f358, style=0, LineSpacing=0x3ce09c) returned 0x0 [0115.253] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.253] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.255] GdipCreateFont (fontFamily=0x622f358, emSize=0x41040000, style=0, unit=0x3, font=0x271b57c) returned 0x0 [0115.255] GdipGetFontSize (font=0x5ee25c0, size=0x271b580) returned 0x0 [0115.255] GdipDeleteFont (font=0x6222230) returned 0x0 [0115.256] GetDC (hWnd=0x0) returned 0x4010b70 [0115.256] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.256] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.256] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.256] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.256] GetSystemMetrics (nIndex=5) returned 1 [0115.256] GetSystemMetrics (nIndex=6) returned 1 [0115.257] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.258] GetSystemMetrics (nIndex=5) returned 1 [0115.258] GetSystemMetrics (nIndex=6) returned 1 [0115.258] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.258] GetCurrentThreadId () returned 0xa94 [0115.258] GetCurrentThreadId () returned 0xa94 [0115.261] GetDC (hWnd=0x0) returned 0x4010b70 [0115.261] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.261] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.261] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.261] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.261] GetSystemMetrics (nIndex=5) returned 1 [0115.261] GetSystemMetrics (nIndex=6) returned 1 [0115.261] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.261] GetSystemMetrics (nIndex=5) returned 1 [0115.262] GetSystemMetrics (nIndex=6) returned 1 [0115.262] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.262] GetCurrentThreadId () returned 0xa94 [0115.262] GetCurrentThreadId () returned 0xa94 [0115.262] GetDC (hWnd=0x0) returned 0x4010b70 [0115.262] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.262] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.263] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.263] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.263] GetSystemMetrics (nIndex=5) returned 1 [0115.263] GetSystemMetrics (nIndex=6) returned 1 [0115.263] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.263] GetSystemMetrics (nIndex=5) returned 1 [0115.263] GetSystemMetrics (nIndex=6) returned 1 [0115.263] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.263] GetCurrentThreadId () returned 0xa94 [0115.263] GetCurrentThreadId () returned 0xa94 [0115.263] GetDC (hWnd=0x0) returned 0x4010b70 [0115.263] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.264] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.264] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.264] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.264] GetSystemMetrics (nIndex=5) returned 1 [0115.264] GetSystemMetrics (nIndex=6) returned 1 [0115.264] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.264] GetSystemMetrics (nIndex=5) returned 1 [0115.264] GetSystemMetrics (nIndex=6) returned 1 [0115.264] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.264] GetCurrentThreadId () returned 0xa94 [0115.264] GetCurrentThreadId () returned 0xa94 [0115.264] GetDC (hWnd=0x0) returned 0x4010b70 [0115.264] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.265] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.265] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.265] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.265] GetSystemMetrics (nIndex=5) returned 1 [0115.265] GetSystemMetrics (nIndex=6) returned 1 [0115.265] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.265] GetSystemMetrics (nIndex=5) returned 1 [0115.265] GetSystemMetrics (nIndex=6) returned 1 [0115.265] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.265] GetCurrentThreadId () returned 0xa94 [0115.265] GetCurrentThreadId () returned 0xa94 [0115.265] GetDC (hWnd=0x0) returned 0x4010b70 [0115.266] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.266] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.266] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.266] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.266] GetSystemMetrics (nIndex=5) returned 1 [0115.266] GetSystemMetrics (nIndex=6) returned 1 [0115.266] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.266] GetSystemMetrics (nIndex=5) returned 1 [0115.266] GetSystemMetrics (nIndex=6) returned 1 [0115.266] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.266] GetCurrentThreadId () returned 0xa94 [0115.266] GetCurrentThreadId () returned 0xa94 [0115.267] GetDC (hWnd=0x0) returned 0x4010b70 [0115.267] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.267] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.267] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.267] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.267] GetSystemMetrics (nIndex=5) returned 1 [0115.267] GetSystemMetrics (nIndex=6) returned 1 [0115.267] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.267] GetSystemMetrics (nIndex=5) returned 1 [0115.267] GetSystemMetrics (nIndex=6) returned 1 [0115.267] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.267] GetCurrentThreadId () returned 0xa94 [0115.267] GetCurrentThreadId () returned 0xa94 [0115.268] GetDC (hWnd=0x0) returned 0x4010b70 [0115.268] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.268] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.268] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.268] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.268] GetSystemMetrics (nIndex=5) returned 1 [0115.268] GetSystemMetrics (nIndex=6) returned 1 [0115.268] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.268] GetSystemMetrics (nIndex=5) returned 1 [0115.268] GetSystemMetrics (nIndex=6) returned 1 [0115.268] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.268] GetCurrentThreadId () returned 0xa94 [0115.268] GetCurrentThreadId () returned 0xa94 [0115.269] GetDC (hWnd=0x0) returned 0x4010b70 [0115.269] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.269] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.269] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.269] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.269] GetSystemMetrics (nIndex=5) returned 1 [0115.269] GetSystemMetrics (nIndex=6) returned 1 [0115.269] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.270] GetSystemMetrics (nIndex=5) returned 1 [0115.270] GetSystemMetrics (nIndex=6) returned 1 [0115.270] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.270] GetCurrentThreadId () returned 0xa94 [0115.270] GetCurrentThreadId () returned 0xa94 [0115.270] GetDC (hWnd=0x0) returned 0x4010b70 [0115.270] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.270] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.270] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.270] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.271] GetSystemMetrics (nIndex=5) returned 1 [0115.271] GetSystemMetrics (nIndex=6) returned 1 [0115.271] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.271] GetSystemMetrics (nIndex=5) returned 1 [0115.271] GetSystemMetrics (nIndex=6) returned 1 [0115.271] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.271] GetCurrentThreadId () returned 0xa94 [0115.271] GetCurrentThreadId () returned 0xa94 [0115.271] GetDC (hWnd=0x0) returned 0x4010b70 [0115.272] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.272] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.272] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.272] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.272] GetSystemMetrics (nIndex=5) returned 1 [0115.272] GetSystemMetrics (nIndex=6) returned 1 [0115.272] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.272] GetSystemMetrics (nIndex=5) returned 1 [0115.272] GetSystemMetrics (nIndex=6) returned 1 [0115.272] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.272] GetCurrentThreadId () returned 0xa94 [0115.272] GetCurrentThreadId () returned 0xa94 [0115.273] GetDC (hWnd=0x0) returned 0x4010b70 [0115.273] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.273] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.273] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.273] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.273] GetSystemMetrics (nIndex=5) returned 1 [0115.273] GetSystemMetrics (nIndex=6) returned 1 [0115.273] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.273] GetSystemMetrics (nIndex=5) returned 1 [0115.273] GetSystemMetrics (nIndex=6) returned 1 [0115.273] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.273] GetCurrentThreadId () returned 0xa94 [0115.273] GetCurrentThreadId () returned 0xa94 [0115.274] GetDC (hWnd=0x0) returned 0x4010b70 [0115.274] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.274] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.274] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.274] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.274] GetSystemMetrics (nIndex=5) returned 1 [0115.274] GetSystemMetrics (nIndex=6) returned 1 [0115.274] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.275] GetSystemMetrics (nIndex=5) returned 1 [0115.275] GetSystemMetrics (nIndex=6) returned 1 [0115.275] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.275] GetCurrentThreadId () returned 0xa94 [0115.275] GetCurrentThreadId () returned 0xa94 [0115.275] GetDC (hWnd=0x0) returned 0x4010b70 [0115.275] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.275] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.275] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.276] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.276] GetSystemMetrics (nIndex=5) returned 1 [0115.276] GetSystemMetrics (nIndex=6) returned 1 [0115.276] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.276] GetSystemMetrics (nIndex=5) returned 1 [0115.276] GetSystemMetrics (nIndex=6) returned 1 [0115.276] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.276] GetCurrentThreadId () returned 0xa94 [0115.276] GetCurrentThreadId () returned 0xa94 [0115.276] GetDC (hWnd=0x0) returned 0x4010b70 [0115.276] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.277] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.277] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.277] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.277] GetSystemMetrics (nIndex=5) returned 1 [0115.277] GetSystemMetrics (nIndex=6) returned 1 [0115.277] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.277] GetSystemMetrics (nIndex=5) returned 1 [0115.277] GetSystemMetrics (nIndex=6) returned 1 [0115.277] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.277] GetCurrentThreadId () returned 0xa94 [0115.277] GetCurrentThreadId () returned 0xa94 [0115.277] GetDC (hWnd=0x0) returned 0x4010b70 [0115.277] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.278] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.278] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.278] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.278] GetSystemMetrics (nIndex=5) returned 1 [0115.278] GetSystemMetrics (nIndex=6) returned 1 [0115.278] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.278] GetSystemMetrics (nIndex=5) returned 1 [0115.278] GetSystemMetrics (nIndex=6) returned 1 [0115.278] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.278] GetCurrentThreadId () returned 0xa94 [0115.278] GetCurrentThreadId () returned 0xa94 [0115.279] GetDC (hWnd=0x0) returned 0x4010b70 [0115.279] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.279] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.279] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.279] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.279] GetSystemMetrics (nIndex=5) returned 1 [0115.279] GetSystemMetrics (nIndex=6) returned 1 [0115.279] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.279] GetSystemMetrics (nIndex=5) returned 1 [0115.279] GetSystemMetrics (nIndex=6) returned 1 [0115.279] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.279] GetCurrentThreadId () returned 0xa94 [0115.279] GetCurrentThreadId () returned 0xa94 [0115.280] GetDC (hWnd=0x0) returned 0x4010b70 [0115.280] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.280] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.280] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.280] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.280] GetSystemMetrics (nIndex=5) returned 1 [0115.280] GetSystemMetrics (nIndex=6) returned 1 [0115.280] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.280] GetSystemMetrics (nIndex=5) returned 1 [0115.280] GetSystemMetrics (nIndex=6) returned 1 [0115.280] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.280] GetCurrentThreadId () returned 0xa94 [0115.280] GetCurrentThreadId () returned 0xa94 [0115.281] GetDC (hWnd=0x0) returned 0x4010b70 [0115.281] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.281] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.281] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.281] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.281] GetSystemMetrics (nIndex=5) returned 1 [0115.281] GetSystemMetrics (nIndex=6) returned 1 [0115.281] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.281] GetSystemMetrics (nIndex=5) returned 1 [0115.281] GetSystemMetrics (nIndex=6) returned 1 [0115.281] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.281] GetCurrentThreadId () returned 0xa94 [0115.281] GetCurrentThreadId () returned 0xa94 [0115.282] GetDC (hWnd=0x0) returned 0x4010b70 [0115.282] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.282] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.282] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.282] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.283] GetSystemMetrics (nIndex=5) returned 1 [0115.283] GetSystemMetrics (nIndex=6) returned 1 [0115.283] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.283] GetSystemMetrics (nIndex=5) returned 1 [0115.283] GetSystemMetrics (nIndex=6) returned 1 [0115.283] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.283] GetCurrentThreadId () returned 0xa94 [0115.283] GetCurrentThreadId () returned 0xa94 [0115.283] GetDC (hWnd=0x0) returned 0x4010b70 [0115.283] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.284] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.284] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.284] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.284] GetSystemMetrics (nIndex=5) returned 1 [0115.284] GetSystemMetrics (nIndex=6) returned 1 [0115.284] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.284] GetSystemMetrics (nIndex=5) returned 1 [0115.284] GetSystemMetrics (nIndex=6) returned 1 [0115.284] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.284] GetCurrentThreadId () returned 0xa94 [0115.284] GetCurrentThreadId () returned 0xa94 [0115.285] GetDC (hWnd=0x0) returned 0x4010b70 [0115.285] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.285] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.285] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.285] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.285] GetSystemMetrics (nIndex=5) returned 1 [0115.285] GetSystemMetrics (nIndex=6) returned 1 [0115.285] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.285] GetSystemMetrics (nIndex=5) returned 1 [0115.285] GetSystemMetrics (nIndex=6) returned 1 [0115.285] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.285] GetCurrentThreadId () returned 0xa94 [0115.285] GetCurrentThreadId () returned 0xa94 [0115.286] GetDC (hWnd=0x0) returned 0x4010b70 [0115.286] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.286] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.286] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.286] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.286] GetSystemMetrics (nIndex=5) returned 1 [0115.286] GetSystemMetrics (nIndex=6) returned 1 [0115.286] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.286] GetSystemMetrics (nIndex=5) returned 1 [0115.286] GetSystemMetrics (nIndex=6) returned 1 [0115.286] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.286] GetCurrentThreadId () returned 0xa94 [0115.286] GetCurrentThreadId () returned 0xa94 [0115.288] GetDC (hWnd=0x0) returned 0x4010b70 [0115.288] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.288] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.288] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.288] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.288] GetSystemMetrics (nIndex=5) returned 1 [0115.288] GetSystemMetrics (nIndex=6) returned 1 [0115.288] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.288] GetSystemMetrics (nIndex=5) returned 1 [0115.288] GetSystemMetrics (nIndex=6) returned 1 [0115.288] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.288] GetCurrentThreadId () returned 0xa94 [0115.289] GetCurrentThreadId () returned 0xa94 [0115.289] GetDC (hWnd=0x0) returned 0x4010b70 [0115.289] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.289] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.289] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.289] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.290] GetSystemMetrics (nIndex=5) returned 1 [0115.290] GetSystemMetrics (nIndex=6) returned 1 [0115.290] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.290] GetSystemMetrics (nIndex=5) returned 1 [0115.290] GetSystemMetrics (nIndex=6) returned 1 [0115.290] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.290] GetCurrentThreadId () returned 0xa94 [0115.290] GetCurrentThreadId () returned 0xa94 [0115.290] GetDC (hWnd=0x0) returned 0x4010b70 [0115.290] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.291] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.291] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.291] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.291] GetSystemMetrics (nIndex=5) returned 1 [0115.291] GetSystemMetrics (nIndex=6) returned 1 [0115.291] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.291] GetSystemMetrics (nIndex=5) returned 1 [0115.291] GetSystemMetrics (nIndex=6) returned 1 [0115.291] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.291] GetCurrentThreadId () returned 0xa94 [0115.291] GetCurrentThreadId () returned 0xa94 [0115.291] GetDC (hWnd=0x0) returned 0x4010b70 [0115.291] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.292] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.292] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.292] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.292] GetSystemMetrics (nIndex=5) returned 1 [0115.292] GetSystemMetrics (nIndex=6) returned 1 [0115.292] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.292] GetSystemMetrics (nIndex=5) returned 1 [0115.292] GetSystemMetrics (nIndex=6) returned 1 [0115.292] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.292] GetCurrentThreadId () returned 0xa94 [0115.292] GetCurrentThreadId () returned 0xa94 [0115.293] GetDC (hWnd=0x0) returned 0x4010b70 [0115.293] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.293] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.293] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.293] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.293] GetSystemMetrics (nIndex=5) returned 1 [0115.293] GetSystemMetrics (nIndex=6) returned 1 [0115.293] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.293] GetSystemMetrics (nIndex=5) returned 1 [0115.293] GetSystemMetrics (nIndex=6) returned 1 [0115.293] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.293] GetCurrentThreadId () returned 0xa94 [0115.293] GetCurrentThreadId () returned 0xa94 [0115.294] GetDC (hWnd=0x0) returned 0x4010b70 [0115.294] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.294] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.294] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.294] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.294] GetSystemMetrics (nIndex=5) returned 1 [0115.294] GetSystemMetrics (nIndex=6) returned 1 [0115.294] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.294] GetSystemMetrics (nIndex=5) returned 1 [0115.294] GetSystemMetrics (nIndex=6) returned 1 [0115.294] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.294] GetCurrentThreadId () returned 0xa94 [0115.294] GetCurrentThreadId () returned 0xa94 [0115.295] GetDC (hWnd=0x0) returned 0x4010b70 [0115.295] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.295] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.295] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.295] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.295] GetSystemMetrics (nIndex=5) returned 1 [0115.295] GetSystemMetrics (nIndex=6) returned 1 [0115.295] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.295] GetSystemMetrics (nIndex=5) returned 1 [0115.295] GetSystemMetrics (nIndex=6) returned 1 [0115.295] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.295] GetCurrentThreadId () returned 0xa94 [0115.295] GetCurrentThreadId () returned 0xa94 [0115.296] GetDC (hWnd=0x0) returned 0x4010b70 [0115.296] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.296] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.296] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.296] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.296] GetSystemMetrics (nIndex=5) returned 1 [0115.296] GetSystemMetrics (nIndex=6) returned 1 [0115.296] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.296] GetSystemMetrics (nIndex=5) returned 1 [0115.297] GetSystemMetrics (nIndex=6) returned 1 [0115.297] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.297] GetCurrentThreadId () returned 0xa94 [0115.297] GetCurrentThreadId () returned 0xa94 [0115.297] GetDC (hWnd=0x0) returned 0x4010b70 [0115.297] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.298] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.298] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.298] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.298] GetSystemMetrics (nIndex=5) returned 1 [0115.298] GetSystemMetrics (nIndex=6) returned 1 [0115.298] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.298] GetSystemMetrics (nIndex=5) returned 1 [0115.298] GetSystemMetrics (nIndex=6) returned 1 [0115.298] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.298] GetCurrentThreadId () returned 0xa94 [0115.298] GetCurrentThreadId () returned 0xa94 [0115.299] GetDC (hWnd=0x0) returned 0x4010b70 [0115.299] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.299] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.299] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.299] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.299] GetSystemMetrics (nIndex=5) returned 1 [0115.299] GetSystemMetrics (nIndex=6) returned 1 [0115.299] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.299] GetSystemMetrics (nIndex=5) returned 1 [0115.299] GetSystemMetrics (nIndex=6) returned 1 [0115.299] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.299] GetCurrentThreadId () returned 0xa94 [0115.299] GetCurrentThreadId () returned 0xa94 [0115.300] GetDC (hWnd=0x0) returned 0x4010b70 [0115.300] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.300] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.300] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.300] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.300] GetSystemMetrics (nIndex=5) returned 1 [0115.300] GetSystemMetrics (nIndex=6) returned 1 [0115.300] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.300] GetSystemMetrics (nIndex=5) returned 1 [0115.300] GetSystemMetrics (nIndex=6) returned 1 [0115.300] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.300] GetCurrentThreadId () returned 0xa94 [0115.300] GetCurrentThreadId () returned 0xa94 [0115.301] GetDC (hWnd=0x0) returned 0x4010b70 [0115.301] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.301] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.301] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.301] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.301] GetSystemMetrics (nIndex=5) returned 1 [0115.301] GetSystemMetrics (nIndex=6) returned 1 [0115.301] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.301] GetSystemMetrics (nIndex=5) returned 1 [0115.301] GetSystemMetrics (nIndex=6) returned 1 [0115.301] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.301] GetCurrentThreadId () returned 0xa94 [0115.301] GetCurrentThreadId () returned 0xa94 [0115.302] GetDC (hWnd=0x0) returned 0x4010b70 [0115.302] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.302] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.302] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.303] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.303] GetSystemMetrics (nIndex=5) returned 1 [0115.303] GetSystemMetrics (nIndex=6) returned 1 [0115.303] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.303] GetSystemMetrics (nIndex=5) returned 1 [0115.303] GetSystemMetrics (nIndex=6) returned 1 [0115.303] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.303] GetCurrentThreadId () returned 0xa94 [0115.303] GetCurrentThreadId () returned 0xa94 [0115.303] GetDC (hWnd=0x0) returned 0x4010b70 [0115.303] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.304] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.304] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.304] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.304] GetSystemMetrics (nIndex=5) returned 1 [0115.304] GetSystemMetrics (nIndex=6) returned 1 [0115.304] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.304] GetSystemMetrics (nIndex=5) returned 1 [0115.304] GetSystemMetrics (nIndex=6) returned 1 [0115.304] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.304] GetCurrentThreadId () returned 0xa94 [0115.304] GetCurrentThreadId () returned 0xa94 [0115.304] GetDC (hWnd=0x0) returned 0x4010b70 [0115.304] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.305] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.305] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.305] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.305] GetSystemMetrics (nIndex=5) returned 1 [0115.305] GetSystemMetrics (nIndex=6) returned 1 [0115.305] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.305] GetSystemMetrics (nIndex=5) returned 1 [0115.305] GetSystemMetrics (nIndex=6) returned 1 [0115.305] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.305] GetCurrentThreadId () returned 0xa94 [0115.305] GetCurrentThreadId () returned 0xa94 [0115.306] GetDC (hWnd=0x0) returned 0x4010b70 [0115.306] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.306] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.306] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.306] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.306] GetSystemMetrics (nIndex=5) returned 1 [0115.306] GetSystemMetrics (nIndex=6) returned 1 [0115.306] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.306] GetSystemMetrics (nIndex=5) returned 1 [0115.306] GetSystemMetrics (nIndex=6) returned 1 [0115.306] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.306] GetCurrentThreadId () returned 0xa94 [0115.306] GetCurrentThreadId () returned 0xa94 [0115.307] GetDC (hWnd=0x0) returned 0x4010b70 [0115.307] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.307] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.307] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.308] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.308] GetSystemMetrics (nIndex=5) returned 1 [0115.308] GetSystemMetrics (nIndex=6) returned 1 [0115.308] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.308] GetSystemMetrics (nIndex=5) returned 1 [0115.308] GetSystemMetrics (nIndex=6) returned 1 [0115.308] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.308] GetCurrentThreadId () returned 0xa94 [0115.308] GetCurrentThreadId () returned 0xa94 [0115.309] GetDC (hWnd=0x0) returned 0x4010b70 [0115.309] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.309] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.309] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.309] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.309] GetSystemMetrics (nIndex=5) returned 1 [0115.309] GetSystemMetrics (nIndex=6) returned 1 [0115.309] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.309] GetSystemMetrics (nIndex=5) returned 1 [0115.309] GetSystemMetrics (nIndex=6) returned 1 [0115.309] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.309] GetCurrentThreadId () returned 0xa94 [0115.309] GetCurrentThreadId () returned 0xa94 [0115.310] GetDC (hWnd=0x0) returned 0x4010b70 [0115.310] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.310] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.310] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.310] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.311] GetSystemMetrics (nIndex=5) returned 1 [0115.311] GetSystemMetrics (nIndex=6) returned 1 [0115.311] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.311] GetSystemMetrics (nIndex=5) returned 1 [0115.311] GetSystemMetrics (nIndex=6) returned 1 [0115.311] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.311] GetCurrentThreadId () returned 0xa94 [0115.311] GetCurrentThreadId () returned 0xa94 [0115.311] GetDC (hWnd=0x0) returned 0x4010b70 [0115.311] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.312] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.312] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.312] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.312] GetSystemMetrics (nIndex=5) returned 1 [0115.312] GetSystemMetrics (nIndex=6) returned 1 [0115.312] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.312] GetSystemMetrics (nIndex=5) returned 1 [0115.312] GetSystemMetrics (nIndex=6) returned 1 [0115.312] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.312] GetCurrentThreadId () returned 0xa94 [0115.312] GetCurrentThreadId () returned 0xa94 [0115.312] GetDC (hWnd=0x0) returned 0x4010b70 [0115.313] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.313] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.313] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.313] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.313] GetSystemMetrics (nIndex=5) returned 1 [0115.313] GetSystemMetrics (nIndex=6) returned 1 [0115.313] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.313] GetSystemMetrics (nIndex=5) returned 1 [0115.313] GetSystemMetrics (nIndex=6) returned 1 [0115.313] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.313] GetCurrentThreadId () returned 0xa94 [0115.313] GetCurrentThreadId () returned 0xa94 [0115.314] GetDC (hWnd=0x0) returned 0x4010b70 [0115.314] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.314] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.314] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.314] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.314] GetSystemMetrics (nIndex=5) returned 1 [0115.314] GetSystemMetrics (nIndex=6) returned 1 [0115.314] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.314] GetSystemMetrics (nIndex=5) returned 1 [0115.314] GetSystemMetrics (nIndex=6) returned 1 [0115.314] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.314] GetCurrentThreadId () returned 0xa94 [0115.314] GetCurrentThreadId () returned 0xa94 [0115.315] GetDC (hWnd=0x0) returned 0x4010b70 [0115.315] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.316] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.316] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.316] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.316] GetSystemMetrics (nIndex=5) returned 1 [0115.316] GetSystemMetrics (nIndex=6) returned 1 [0115.316] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.316] GetSystemMetrics (nIndex=5) returned 1 [0115.316] GetSystemMetrics (nIndex=6) returned 1 [0115.316] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.316] GetCurrentThreadId () returned 0xa94 [0115.316] GetCurrentThreadId () returned 0xa94 [0115.317] GetDC (hWnd=0x0) returned 0x4010b70 [0115.317] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.317] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.317] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.317] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.317] GetSystemMetrics (nIndex=5) returned 1 [0115.317] GetSystemMetrics (nIndex=6) returned 1 [0115.317] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.317] GetSystemMetrics (nIndex=5) returned 1 [0115.317] GetSystemMetrics (nIndex=6) returned 1 [0115.317] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.317] GetCurrentThreadId () returned 0xa94 [0115.317] GetCurrentThreadId () returned 0xa94 [0115.319] GetDC (hWnd=0x0) returned 0x4010b70 [0115.319] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.319] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.319] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.319] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.319] GetSystemMetrics (nIndex=5) returned 1 [0115.319] GetSystemMetrics (nIndex=6) returned 1 [0115.319] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.319] GetSystemMetrics (nIndex=5) returned 1 [0115.319] GetSystemMetrics (nIndex=6) returned 1 [0115.319] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.319] GetCurrentThreadId () returned 0xa94 [0115.319] GetCurrentThreadId () returned 0xa94 [0115.320] GetDC (hWnd=0x0) returned 0x4010b70 [0115.320] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.320] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.320] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.321] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.321] GetSystemMetrics (nIndex=5) returned 1 [0115.321] GetSystemMetrics (nIndex=6) returned 1 [0115.321] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.321] GetSystemMetrics (nIndex=5) returned 1 [0115.321] GetSystemMetrics (nIndex=6) returned 1 [0115.321] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.321] GetCurrentThreadId () returned 0xa94 [0115.321] GetCurrentThreadId () returned 0xa94 [0115.321] GetDC (hWnd=0x0) returned 0x4010b70 [0115.321] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.321] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.321] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.321] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.321] GetSystemMetrics (nIndex=5) returned 1 [0115.321] GetSystemMetrics (nIndex=6) returned 1 [0115.321] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.321] GetSystemMetrics (nIndex=5) returned 1 [0115.321] GetSystemMetrics (nIndex=6) returned 1 [0115.321] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.321] GetCurrentThreadId () returned 0xa94 [0115.321] GetCurrentThreadId () returned 0xa94 [0115.321] GetDC (hWnd=0x0) returned 0x4010b70 [0115.321] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.321] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.322] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.322] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.322] GetSystemMetrics (nIndex=5) returned 1 [0115.322] GetSystemMetrics (nIndex=6) returned 1 [0115.322] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.322] GetSystemMetrics (nIndex=5) returned 1 [0115.322] GetSystemMetrics (nIndex=6) returned 1 [0115.322] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.322] GetCurrentThreadId () returned 0xa94 [0115.322] GetCurrentThreadId () returned 0xa94 [0115.322] GetDC (hWnd=0x0) returned 0x4010b70 [0115.322] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.322] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.322] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.322] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.322] GetSystemMetrics (nIndex=5) returned 1 [0115.322] GetSystemMetrics (nIndex=6) returned 1 [0115.322] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.322] GetSystemMetrics (nIndex=5) returned 1 [0115.322] GetSystemMetrics (nIndex=6) returned 1 [0115.322] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.322] GetCurrentThreadId () returned 0xa94 [0115.322] GetCurrentThreadId () returned 0xa94 [0115.322] GetDC (hWnd=0x0) returned 0x4010b70 [0115.322] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.323] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.323] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.323] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.323] GetSystemMetrics (nIndex=5) returned 1 [0115.323] GetSystemMetrics (nIndex=6) returned 1 [0115.323] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.323] GetSystemMetrics (nIndex=5) returned 1 [0115.323] GetSystemMetrics (nIndex=6) returned 1 [0115.323] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.323] GetCurrentThreadId () returned 0xa94 [0115.323] GetCurrentThreadId () returned 0xa94 [0115.323] GetDC (hWnd=0x0) returned 0x4010b70 [0115.323] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.323] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.323] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.323] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.323] GetSystemMetrics (nIndex=5) returned 1 [0115.323] GetSystemMetrics (nIndex=6) returned 1 [0115.323] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.323] GetSystemMetrics (nIndex=5) returned 1 [0115.324] GetSystemMetrics (nIndex=6) returned 1 [0115.324] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.324] GetCurrentThreadId () returned 0xa94 [0115.324] GetCurrentThreadId () returned 0xa94 [0115.324] GetDC (hWnd=0x0) returned 0x4010b70 [0115.324] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.324] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.324] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.324] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.324] GetSystemMetrics (nIndex=5) returned 1 [0115.324] GetSystemMetrics (nIndex=6) returned 1 [0115.324] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.324] GetSystemMetrics (nIndex=5) returned 1 [0115.324] GetSystemMetrics (nIndex=6) returned 1 [0115.324] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.324] GetCurrentThreadId () returned 0xa94 [0115.324] GetCurrentThreadId () returned 0xa94 [0115.324] GetDC (hWnd=0x0) returned 0x4010b70 [0115.324] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.324] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.324] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.324] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.324] GetSystemMetrics (nIndex=5) returned 1 [0115.325] GetSystemMetrics (nIndex=6) returned 1 [0115.325] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.325] GetSystemMetrics (nIndex=5) returned 1 [0115.325] GetSystemMetrics (nIndex=6) returned 1 [0115.325] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.325] GetCurrentThreadId () returned 0xa94 [0115.325] GetCurrentThreadId () returned 0xa94 [0115.325] GetDC (hWnd=0x0) returned 0x4010b70 [0115.325] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.325] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.325] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.325] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.325] GetSystemMetrics (nIndex=5) returned 1 [0115.325] GetSystemMetrics (nIndex=6) returned 1 [0115.325] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.325] GetSystemMetrics (nIndex=5) returned 1 [0115.325] GetSystemMetrics (nIndex=6) returned 1 [0115.325] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.325] GetCurrentThreadId () returned 0xa94 [0115.325] GetCurrentThreadId () returned 0xa94 [0115.325] GetDC (hWnd=0x0) returned 0x4010b70 [0115.325] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.325] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.325] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.326] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.326] GetSystemMetrics (nIndex=5) returned 1 [0115.326] GetSystemMetrics (nIndex=6) returned 1 [0115.326] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.326] GetSystemMetrics (nIndex=5) returned 1 [0115.326] GetSystemMetrics (nIndex=6) returned 1 [0115.326] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.326] GetCurrentThreadId () returned 0xa94 [0115.326] GetCurrentThreadId () returned 0xa94 [0115.326] GetDC (hWnd=0x0) returned 0x4010b70 [0115.326] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.326] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.326] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.326] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.326] GetSystemMetrics (nIndex=5) returned 1 [0115.326] GetSystemMetrics (nIndex=6) returned 1 [0115.326] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.326] GetSystemMetrics (nIndex=5) returned 1 [0115.326] GetSystemMetrics (nIndex=6) returned 1 [0115.326] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.326] GetCurrentThreadId () returned 0xa94 [0115.326] GetCurrentThreadId () returned 0xa94 [0115.327] GetDC (hWnd=0x0) returned 0x4010b70 [0115.327] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.327] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.327] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.327] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.327] GetSystemMetrics (nIndex=5) returned 1 [0115.327] GetSystemMetrics (nIndex=6) returned 1 [0115.327] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.327] GetSystemMetrics (nIndex=5) returned 1 [0115.327] GetSystemMetrics (nIndex=6) returned 1 [0115.327] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.327] GetCurrentThreadId () returned 0xa94 [0115.327] GetCurrentThreadId () returned 0xa94 [0115.327] GetDC (hWnd=0x0) returned 0x4010b70 [0115.327] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.327] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.327] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.327] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.327] GetSystemMetrics (nIndex=5) returned 1 [0115.327] GetSystemMetrics (nIndex=6) returned 1 [0115.328] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.328] GetSystemMetrics (nIndex=5) returned 1 [0115.328] GetSystemMetrics (nIndex=6) returned 1 [0115.328] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.328] GetCurrentThreadId () returned 0xa94 [0115.328] GetCurrentThreadId () returned 0xa94 [0115.328] GetDC (hWnd=0x0) returned 0x4010b70 [0115.328] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.328] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.328] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.328] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.328] GetSystemMetrics (nIndex=5) returned 1 [0115.328] GetSystemMetrics (nIndex=6) returned 1 [0115.328] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.328] GetSystemMetrics (nIndex=5) returned 1 [0115.328] GetSystemMetrics (nIndex=6) returned 1 [0115.328] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.329] GetCurrentThreadId () returned 0xa94 [0115.329] GetCurrentThreadId () returned 0xa94 [0115.329] GetDC (hWnd=0x0) returned 0x4010b70 [0115.329] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.329] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.329] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.329] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.329] GetSystemMetrics (nIndex=5) returned 1 [0115.329] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.329] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.329] GetCurrentThreadId () returned 0xa94 [0115.329] GetCurrentThreadId () returned 0xa94 [0115.330] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.330] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.330] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.330] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.330] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.330] GetCurrentThreadId () returned 0xa94 [0115.330] GetCurrentThreadId () returned 0xa94 [0115.331] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.331] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.331] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.331] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.331] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.331] GetCurrentThreadId () returned 0xa94 [0115.331] GetCurrentThreadId () returned 0xa94 [0115.331] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.331] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.331] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.331] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.331] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.331] GetCurrentThreadId () returned 0xa94 [0115.331] GetCurrentThreadId () returned 0xa94 [0115.331] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.331] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.331] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.331] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.332] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.332] GetCurrentThreadId () returned 0xa94 [0115.332] GetCurrentThreadId () returned 0xa94 [0115.332] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.332] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.332] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.332] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.332] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.332] GetCurrentThreadId () returned 0xa94 [0115.332] GetCurrentThreadId () returned 0xa94 [0115.332] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.332] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.332] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.332] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.332] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.332] GetCurrentThreadId () returned 0xa94 [0115.332] GetCurrentThreadId () returned 0xa94 [0115.333] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.333] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.333] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.333] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.333] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.333] GetCurrentThreadId () returned 0xa94 [0115.333] GetCurrentThreadId () returned 0xa94 [0115.333] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.333] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.333] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.333] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.333] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.333] GetCurrentThreadId () returned 0xa94 [0115.334] GetCurrentThreadId () returned 0xa94 [0115.334] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.334] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.334] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.334] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.334] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.334] GetCurrentThreadId () returned 0xa94 [0115.334] GetCurrentThreadId () returned 0xa94 [0115.334] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.334] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.334] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.334] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.334] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.335] GetCurrentThreadId () returned 0xa94 [0115.335] GetCurrentThreadId () returned 0xa94 [0115.335] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.335] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.335] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.335] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.335] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.335] GetCurrentThreadId () returned 0xa94 [0115.335] GetCurrentThreadId () returned 0xa94 [0115.335] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.335] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.335] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.335] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.336] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.336] GetCurrentThreadId () returned 0xa94 [0115.336] GetCurrentThreadId () returned 0xa94 [0115.336] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.336] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.336] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.336] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.336] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.336] GetCurrentThreadId () returned 0xa94 [0115.336] GetCurrentThreadId () returned 0xa94 [0115.336] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.336] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.337] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.337] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.337] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.337] GetCurrentThreadId () returned 0xa94 [0115.337] GetCurrentThreadId () returned 0xa94 [0115.337] GetDC (hWnd=0x0) returned 0x4010b70 [0115.337] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.337] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.337] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.337] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.337] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.337] GetCurrentThreadId () returned 0xa94 [0115.337] GetCurrentThreadId () returned 0xa94 [0115.338] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.338] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.338] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.338] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.338] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.338] GetCurrentThreadId () returned 0xa94 [0115.338] GetCurrentThreadId () returned 0xa94 [0115.338] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.338] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.338] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.338] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.339] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.339] GetCurrentThreadId () returned 0xa94 [0115.339] GetCurrentThreadId () returned 0xa94 [0115.339] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.339] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.339] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.339] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.339] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.339] GetCurrentThreadId () returned 0xa94 [0115.339] GetCurrentThreadId () returned 0xa94 [0115.339] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.339] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.339] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.339] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.339] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.339] GetCurrentThreadId () returned 0xa94 [0115.339] GetCurrentThreadId () returned 0xa94 [0115.339] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.340] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.340] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.340] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.340] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.340] GetCurrentThreadId () returned 0xa94 [0115.340] GetCurrentThreadId () returned 0xa94 [0115.340] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.340] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.340] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.340] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.340] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.340] GetCurrentThreadId () returned 0xa94 [0115.340] GetCurrentThreadId () returned 0xa94 [0115.340] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.340] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.340] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.340] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.340] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.340] GetCurrentThreadId () returned 0xa94 [0115.340] GetCurrentThreadId () returned 0xa94 [0115.341] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.341] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.341] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.341] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.341] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.341] GetCurrentThreadId () returned 0xa94 [0115.341] GetCurrentThreadId () returned 0xa94 [0115.341] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.341] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.341] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.341] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.341] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.341] GetCurrentThreadId () returned 0xa94 [0115.341] GetCurrentThreadId () returned 0xa94 [0115.341] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.341] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.341] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.341] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.341] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.341] GetCurrentThreadId () returned 0xa94 [0115.341] GetCurrentThreadId () returned 0xa94 [0115.342] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.342] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.342] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.342] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.342] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.342] GetCurrentThreadId () returned 0xa94 [0115.342] GetCurrentThreadId () returned 0xa94 [0115.342] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.342] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.342] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.342] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.342] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.342] GetCurrentThreadId () returned 0xa94 [0115.342] GetCurrentThreadId () returned 0xa94 [0115.342] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.342] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.342] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.342] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.342] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.342] GetCurrentThreadId () returned 0xa94 [0115.342] GetCurrentThreadId () returned 0xa94 [0115.343] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.343] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.343] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.343] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.343] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.343] GetCurrentThreadId () returned 0xa94 [0115.343] GetCurrentThreadId () returned 0xa94 [0115.343] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.343] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.343] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.343] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.343] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.343] GetCurrentThreadId () returned 0xa94 [0115.343] GetCurrentThreadId () returned 0xa94 [0115.343] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.343] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.343] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.343] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.343] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.343] GetCurrentThreadId () returned 0xa94 [0115.343] GetCurrentThreadId () returned 0xa94 [0115.344] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.344] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.344] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.344] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.344] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.344] GetCurrentThreadId () returned 0xa94 [0115.344] GetCurrentThreadId () returned 0xa94 [0115.344] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce110) returned 0x0 [0115.344] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce108) returned 0x0 [0115.344] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.344] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce238) returned 1 [0115.344] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ce19c) returned 1 [0115.344] GetCurrentThreadId () returned 0xa94 [0115.344] GetCurrentThreadId () returned 0xa94 [0115.346] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.346] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.347] GetProcessWindowStation () returned 0x60 [0115.347] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x274c5b0, nLength=0xc, lpnLengthNeeded=0x3ce078 | out: pvInfo=0x274c5b0, lpnLengthNeeded=0x3ce078) returned 1 [0115.349] SetConsoleCtrlHandler (HandlerRoutine=0x4fb0836, Add=1) returned 1 [0115.351] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0115.352] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0115.352] GetClassInfoW (in: hInstance=0x11e0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWndClass=0x274c614 | out: lpWndClass=0x274c614) returned 0 [0115.354] CoTaskMemAlloc (cb=0x56) returned 0x58f3450 [0115.355] RegisterClassW (lpWndClass=0x3cdfc8) returned 0xc1cd [0115.355] CoTaskMemFree (pv=0x58f3450) [0115.356] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x11e0000, lpParam=0x0) returned 0x60060 [0115.356] NtdllDefWindowProc_W () returned 0x1 [0115.357] NtdllDefWindowProc_W () returned 0x0 [0115.358] NtdllDefWindowProc_W () returned 0x0 [0115.358] NtdllDefWindowProc_W () returned 0x0 [0115.358] NtdllDefWindowProc_W () returned 0x0 [0115.361] GetSysColor (nIndex=10) returned 0xb4b4b4 [0115.361] GetSysColor (nIndex=2) returned 0xd1b499 [0115.361] GetSysColor (nIndex=9) returned 0x0 [0115.361] GetSysColor (nIndex=12) returned 0xababab [0115.361] GetSysColor (nIndex=15) returned 0xf0f0f0 [0115.361] GetSysColor (nIndex=20) returned 0xffffff [0115.361] GetSysColor (nIndex=16) returned 0xa0a0a0 [0115.361] GetSysColor (nIndex=15) returned 0xf0f0f0 [0115.361] GetSysColor (nIndex=16) returned 0xa0a0a0 [0115.361] GetSysColor (nIndex=21) returned 0x696969 [0115.361] GetSysColor (nIndex=22) returned 0xe3e3e3 [0115.361] GetSysColor (nIndex=20) returned 0xffffff [0115.361] GetSysColor (nIndex=18) returned 0x0 [0115.361] GetSysColor (nIndex=1) returned 0x0 [0115.362] GetSysColor (nIndex=27) returned 0xead1b9 [0115.362] GetSysColor (nIndex=28) returned 0xf2e4d7 [0115.362] GetSysColor (nIndex=17) returned 0x6d6d6d [0115.362] GetSysColor (nIndex=13) returned 0xff9933 [0115.362] GetSysColor (nIndex=14) returned 0xffffff [0115.362] GetSysColor (nIndex=26) returned 0xcc6600 [0115.362] GetSysColor (nIndex=11) returned 0xfcf7f4 [0115.362] GetSysColor (nIndex=3) returned 0xdbcdbf [0115.362] GetSysColor (nIndex=19) returned 0x544e43 [0115.362] GetSysColor (nIndex=24) returned 0xe1ffff [0115.362] GetSysColor (nIndex=23) returned 0x0 [0115.362] GetSysColor (nIndex=4) returned 0xf0f0f0 [0115.362] GetSysColor (nIndex=30) returned 0xf0f0f0 [0115.362] GetSysColor (nIndex=29) returned 0xff9933 [0115.362] GetSysColor (nIndex=7) returned 0x0 [0115.362] GetSysColor (nIndex=0) returned 0xc8c8c8 [0115.362] GetSysColor (nIndex=5) returned 0xffffff [0115.362] GetSysColor (nIndex=6) returned 0x646464 [0115.362] GetSysColor (nIndex=8) returned 0x0 [0115.363] GetCurrentThreadId () returned 0xa94 [0115.363] GetCurrentThreadId () returned 0xa94 [0115.364] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.364] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.365] GetCurrentThreadId () returned 0xa94 [0115.365] GetCurrentThreadId () returned 0xa94 [0115.366] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.366] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.366] GetCurrentThreadId () returned 0xa94 [0115.366] GetCurrentThreadId () returned 0xa94 [0115.367] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.367] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.367] GetCurrentThreadId () returned 0xa94 [0115.367] GetCurrentThreadId () returned 0xa94 [0115.368] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.368] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.368] GetCurrentThreadId () returned 0xa94 [0115.368] GetCurrentThreadId () returned 0xa94 [0115.369] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.369] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.369] GetCurrentThreadId () returned 0xa94 [0115.369] GetCurrentThreadId () returned 0xa94 [0115.370] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.370] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.370] GetCurrentThreadId () returned 0xa94 [0115.370] GetCurrentThreadId () returned 0xa94 [0115.371] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.371] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.371] GetCurrentThreadId () returned 0xa94 [0115.371] GetCurrentThreadId () returned 0xa94 [0115.371] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.371] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.372] GetCurrentThreadId () returned 0xa94 [0115.372] GetCurrentThreadId () returned 0xa94 [0115.372] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.372] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.372] GetCurrentThreadId () returned 0xa94 [0115.372] GetCurrentThreadId () returned 0xa94 [0115.373] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.373] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.373] GetCurrentThreadId () returned 0xa94 [0115.373] GetCurrentThreadId () returned 0xa94 [0115.374] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.374] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.374] GetCurrentThreadId () returned 0xa94 [0115.374] GetCurrentThreadId () returned 0xa94 [0115.375] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.375] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.375] GetCurrentThreadId () returned 0xa94 [0115.375] GetCurrentThreadId () returned 0xa94 [0115.376] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.376] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.376] GetCurrentThreadId () returned 0xa94 [0115.376] GetCurrentThreadId () returned 0xa94 [0115.377] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.377] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.377] GetCurrentThreadId () returned 0xa94 [0115.377] GetCurrentThreadId () returned 0xa94 [0115.377] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.378] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.378] GetCurrentThreadId () returned 0xa94 [0115.378] GetCurrentThreadId () returned 0xa94 [0115.378] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.378] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.378] GetCurrentThreadId () returned 0xa94 [0115.378] GetCurrentThreadId () returned 0xa94 [0115.379] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.379] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.379] GetCurrentThreadId () returned 0xa94 [0115.379] GetCurrentThreadId () returned 0xa94 [0115.380] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.380] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.380] GetCurrentThreadId () returned 0xa94 [0115.380] GetCurrentThreadId () returned 0xa94 [0115.381] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.381] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.381] GetCurrentThreadId () returned 0xa94 [0115.381] GetCurrentThreadId () returned 0xa94 [0115.382] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.382] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.382] GetCurrentThreadId () returned 0xa94 [0115.382] GetCurrentThreadId () returned 0xa94 [0115.383] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.383] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.383] GetCurrentThreadId () returned 0xa94 [0115.383] GetCurrentThreadId () returned 0xa94 [0115.383] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.383] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.383] GetCurrentThreadId () returned 0xa94 [0115.384] GetCurrentThreadId () returned 0xa94 [0115.384] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.384] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.384] GetCurrentThreadId () returned 0xa94 [0115.384] GetCurrentThreadId () returned 0xa94 [0115.385] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.385] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.385] GetCurrentThreadId () returned 0xa94 [0115.385] GetCurrentThreadId () returned 0xa94 [0115.386] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.386] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.386] GetCurrentThreadId () returned 0xa94 [0115.386] GetCurrentThreadId () returned 0xa94 [0115.387] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.387] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.387] GetCurrentThreadId () returned 0xa94 [0115.387] GetCurrentThreadId () returned 0xa94 [0115.388] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.388] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.388] GetCurrentThreadId () returned 0xa94 [0115.388] GetCurrentThreadId () returned 0xa94 [0115.389] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.389] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.389] GetCurrentThreadId () returned 0xa94 [0115.389] GetCurrentThreadId () returned 0xa94 [0115.390] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.390] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.390] GetCurrentThreadId () returned 0xa94 [0115.390] GetCurrentThreadId () returned 0xa94 [0115.390] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.390] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.390] GetCurrentThreadId () returned 0xa94 [0115.390] GetCurrentThreadId () returned 0xa94 [0115.391] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.391] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.391] GetCurrentThreadId () returned 0xa94 [0115.391] GetCurrentThreadId () returned 0xa94 [0115.392] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.392] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.392] GetCurrentThreadId () returned 0xa94 [0115.392] GetCurrentThreadId () returned 0xa94 [0115.393] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.393] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.393] GetCurrentThreadId () returned 0xa94 [0115.393] GetCurrentThreadId () returned 0xa94 [0115.394] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.394] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.394] GetCurrentThreadId () returned 0xa94 [0115.394] GetCurrentThreadId () returned 0xa94 [0115.395] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.395] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.395] GetCurrentThreadId () returned 0xa94 [0115.395] GetCurrentThreadId () returned 0xa94 [0115.396] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.396] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.396] GetCurrentThreadId () returned 0xa94 [0115.396] GetCurrentThreadId () returned 0xa94 [0115.398] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.398] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.398] GetCurrentThreadId () returned 0xa94 [0115.398] GetCurrentThreadId () returned 0xa94 [0115.399] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.399] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.399] GetCurrentThreadId () returned 0xa94 [0115.399] GetCurrentThreadId () returned 0xa94 [0115.400] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.400] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.400] GetCurrentThreadId () returned 0xa94 [0115.400] GetCurrentThreadId () returned 0xa94 [0115.401] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.401] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.401] GetCurrentThreadId () returned 0xa94 [0115.401] GetCurrentThreadId () returned 0xa94 [0115.402] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.402] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.402] GetCurrentThreadId () returned 0xa94 [0115.402] GetCurrentThreadId () returned 0xa94 [0115.403] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.403] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.403] GetCurrentThreadId () returned 0xa94 [0115.403] GetCurrentThreadId () returned 0xa94 [0115.404] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.404] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.404] GetCurrentThreadId () returned 0xa94 [0115.404] GetCurrentThreadId () returned 0xa94 [0115.405] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.405] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.405] GetCurrentThreadId () returned 0xa94 [0115.405] GetCurrentThreadId () returned 0xa94 [0115.405] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.406] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.406] GetCurrentThreadId () returned 0xa94 [0115.406] GetCurrentThreadId () returned 0xa94 [0115.406] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.406] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.406] GetCurrentThreadId () returned 0xa94 [0115.406] GetCurrentThreadId () returned 0xa94 [0115.407] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.407] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.407] GetCurrentThreadId () returned 0xa94 [0115.407] GetCurrentThreadId () returned 0xa94 [0115.408] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.408] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.408] GetCurrentThreadId () returned 0xa94 [0115.408] GetCurrentThreadId () returned 0xa94 [0115.409] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.409] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.409] GetCurrentThreadId () returned 0xa94 [0115.409] GetCurrentThreadId () returned 0xa94 [0115.410] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.410] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.410] GetCurrentThreadId () returned 0xa94 [0115.410] GetCurrentThreadId () returned 0xa94 [0115.411] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.411] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.411] GetCurrentThreadId () returned 0xa94 [0115.411] GetCurrentThreadId () returned 0xa94 [0115.412] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.412] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.412] GetCurrentThreadId () returned 0xa94 [0115.412] GetCurrentThreadId () returned 0xa94 [0115.413] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.413] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.413] GetCurrentThreadId () returned 0xa94 [0115.413] GetCurrentThreadId () returned 0xa94 [0115.414] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.414] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.414] GetCurrentThreadId () returned 0xa94 [0115.414] GetCurrentThreadId () returned 0xa94 [0115.415] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.415] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.415] GetCurrentThreadId () returned 0xa94 [0115.415] GetCurrentThreadId () returned 0xa94 [0115.415] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.415] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.416] GetCurrentThreadId () returned 0xa94 [0115.416] GetCurrentThreadId () returned 0xa94 [0115.416] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.416] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.416] GetCurrentThreadId () returned 0xa94 [0115.416] GetCurrentThreadId () returned 0xa94 [0115.417] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.417] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.417] GetCurrentThreadId () returned 0xa94 [0115.417] GetCurrentThreadId () returned 0xa94 [0115.418] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.418] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.418] GetCurrentThreadId () returned 0xa94 [0115.418] GetCurrentThreadId () returned 0xa94 [0115.419] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.419] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.419] GetCurrentThreadId () returned 0xa94 [0115.419] GetCurrentThreadId () returned 0xa94 [0115.420] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.420] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.420] GetCurrentThreadId () returned 0xa94 [0115.420] GetCurrentThreadId () returned 0xa94 [0115.421] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.421] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.421] GetCurrentThreadId () returned 0xa94 [0115.421] GetCurrentThreadId () returned 0xa94 [0115.421] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.421] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.421] GetCurrentThreadId () returned 0xa94 [0115.421] GetCurrentThreadId () returned 0xa94 [0115.421] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.421] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.421] GetCurrentThreadId () returned 0xa94 [0115.422] GetCurrentThreadId () returned 0xa94 [0115.422] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.422] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.422] GetCurrentThreadId () returned 0xa94 [0115.422] GetCurrentThreadId () returned 0xa94 [0115.422] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.422] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.422] GetCurrentThreadId () returned 0xa94 [0115.422] GetCurrentThreadId () returned 0xa94 [0115.422] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.422] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.422] GetCurrentThreadId () returned 0xa94 [0115.422] GetCurrentThreadId () returned 0xa94 [0115.423] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.423] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.423] GetCurrentThreadId () returned 0xa94 [0115.423] GetCurrentThreadId () returned 0xa94 [0115.423] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.423] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.423] GetCurrentThreadId () returned 0xa94 [0115.423] GetCurrentThreadId () returned 0xa94 [0115.423] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.423] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.423] GetCurrentThreadId () returned 0xa94 [0115.423] GetCurrentThreadId () returned 0xa94 [0115.424] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.424] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.424] GetCurrentThreadId () returned 0xa94 [0115.424] GetCurrentThreadId () returned 0xa94 [0115.424] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.424] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.424] GetCurrentThreadId () returned 0xa94 [0115.424] GetCurrentThreadId () returned 0xa94 [0115.424] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.424] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.424] GetCurrentThreadId () returned 0xa94 [0115.424] GetCurrentThreadId () returned 0xa94 [0115.424] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.425] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.425] GetCurrentThreadId () returned 0xa94 [0115.425] GetCurrentThreadId () returned 0xa94 [0115.425] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.425] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.425] GetCurrentThreadId () returned 0xa94 [0115.425] GetCurrentThreadId () returned 0xa94 [0115.425] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.425] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.425] GetCurrentThreadId () returned 0xa94 [0115.425] GetCurrentThreadId () returned 0xa94 [0115.426] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.426] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.426] GetCurrentThreadId () returned 0xa94 [0115.426] GetCurrentThreadId () returned 0xa94 [0115.426] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.426] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.426] GetCurrentThreadId () returned 0xa94 [0115.426] GetCurrentThreadId () returned 0xa94 [0115.426] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.426] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.426] GetCurrentThreadId () returned 0xa94 [0115.426] GetCurrentThreadId () returned 0xa94 [0115.426] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.427] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.427] GetCurrentThreadId () returned 0xa94 [0115.427] GetCurrentThreadId () returned 0xa94 [0115.427] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.427] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.427] GetCurrentThreadId () returned 0xa94 [0115.427] GetCurrentThreadId () returned 0xa94 [0115.427] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.427] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.427] GetCurrentThreadId () returned 0xa94 [0115.427] GetCurrentThreadId () returned 0xa94 [0115.427] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.428] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.428] GetCurrentThreadId () returned 0xa94 [0115.428] GetCurrentThreadId () returned 0xa94 [0115.428] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.428] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.428] GetCurrentThreadId () returned 0xa94 [0115.428] GetCurrentThreadId () returned 0xa94 [0115.428] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.428] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.428] GetCurrentThreadId () returned 0xa94 [0115.428] GetCurrentThreadId () returned 0xa94 [0115.428] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.428] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.428] GetCurrentThreadId () returned 0xa94 [0115.429] GetCurrentThreadId () returned 0xa94 [0115.429] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.429] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.429] GetCurrentThreadId () returned 0xa94 [0115.429] GetCurrentThreadId () returned 0xa94 [0115.429] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.429] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.429] GetCurrentThreadId () returned 0xa94 [0115.429] GetCurrentThreadId () returned 0xa94 [0115.429] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.429] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.429] GetCurrentThreadId () returned 0xa94 [0115.430] GetCurrentThreadId () returned 0xa94 [0115.430] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.430] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.430] GetCurrentThreadId () returned 0xa94 [0115.430] GetCurrentThreadId () returned 0xa94 [0115.430] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.430] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.430] GetCurrentThreadId () returned 0xa94 [0115.430] GetCurrentThreadId () returned 0xa94 [0115.430] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.430] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.430] GetCurrentThreadId () returned 0xa94 [0115.431] GetCurrentThreadId () returned 0xa94 [0115.431] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.431] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.431] GetCurrentThreadId () returned 0xa94 [0115.431] GetCurrentThreadId () returned 0xa94 [0115.431] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.431] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.431] GetCurrentThreadId () returned 0xa94 [0115.431] GetCurrentThreadId () returned 0xa94 [0115.432] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.432] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.432] GetCurrentThreadId () returned 0xa94 [0115.432] GetCurrentThreadId () returned 0xa94 [0115.432] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.433] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.433] GetCurrentThreadId () returned 0xa94 [0115.433] GetCurrentThreadId () returned 0xa94 [0115.433] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.433] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.433] GetCurrentThreadId () returned 0xa94 [0115.433] GetCurrentThreadId () returned 0xa94 [0115.433] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.433] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.433] GetCurrentThreadId () returned 0xa94 [0115.433] GetCurrentThreadId () returned 0xa94 [0115.433] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.434] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.434] GetCurrentThreadId () returned 0xa94 [0115.434] GetCurrentThreadId () returned 0xa94 [0115.434] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.434] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.434] GetCurrentThreadId () returned 0xa94 [0115.434] GetCurrentThreadId () returned 0xa94 [0115.434] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.434] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.434] GetCurrentThreadId () returned 0xa94 [0115.434] GetCurrentThreadId () returned 0xa94 [0115.434] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.435] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.435] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.435] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.435] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.435] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.435] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.435] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.435] GetCurrentThreadId () returned 0xa94 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.436] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.436] GetCurrentThreadId () returned 0xa94 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.437] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.437] GetCurrentThreadId () returned 0xa94 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.438] GetCurrentThreadId () returned 0xa94 [0115.438] GetCurrentThreadId () returned 0xa94 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.438] GetCurrentThreadId () returned 0xa94 [0115.438] GetCurrentThreadId () returned 0xa94 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.438] GetCurrentThreadId () returned 0xa94 [0115.438] GetCurrentThreadId () returned 0xa94 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.438] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.438] GetCurrentThreadId () returned 0xa94 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.439] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.439] GetCurrentThreadId () returned 0xa94 [0115.440] GetCurrentThreadId () returned 0xa94 [0115.440] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.440] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.440] GetCurrentThreadId () returned 0xa94 [0115.440] GetCurrentThreadId () returned 0xa94 [0115.440] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.440] AdjustWindowRectEx (in: lpRect=0x3ce1c8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1c8) returned 1 [0115.440] GetCurrentThreadId () returned 0xa94 [0115.440] GetCurrentThreadId () returned 0xa94 [0115.440] AdjustWindowRectEx (in: lpRect=0x3ce23c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce23c) returned 1 [0115.440] AdjustWindowRectEx (in: lpRect=0x3ce19c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce19c) returned 1 [0115.440] GetCurrentThreadId () returned 0xa94 [0115.440] AdjustWindowRectEx (in: lpRect=0x3ce238, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce238) returned 1 [0115.453] GdipCreateSolidFill (color=0xffababab, brush=0x3ce164) returned 0x0 [0115.457] GetSystemMetrics (nIndex=3) returned 17 [0115.457] AdjustWindowRectEx (in: lpRect=0x3ce190, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce190) returned 1 [0115.458] GetSystemMetrics (nIndex=2) returned 17 [0115.458] AdjustWindowRectEx (in: lpRect=0x3ce190, dwStyle=0x56010001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce190) returned 1 [0115.459] AdjustWindowRectEx (in: lpRect=0x3ce1a0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce1a0) returned 1 [0115.460] GdipCreatePen1 (color=0xffa0a0a0, width=0x3f800000, unit=0x0, pen=0x3ce190) returned 0x0 [0115.462] GetSystemMetrics (nIndex=68) returned 4 [0115.462] GetSystemMetrics (nIndex=69) returned 4 [0115.476] AdjustWindowRectEx (in: lpRect=0x3ce11c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce11c) returned 1 [0115.477] GetCurrentThreadId () returned 0xa94 [0115.477] GetCurrentThreadId () returned 0xa94 [0115.478] AdjustWindowRectEx (in: lpRect=0x3ce120, dwStyle=0x56000001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce120) returned 1 [0115.478] GetCurrentThreadId () returned 0xa94 [0115.478] GetCurrentThreadId () returned 0xa94 [0115.479] AdjustWindowRectEx (in: lpRect=0x3ce190, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ce190) returned 1 [0115.494] GetDC (hWnd=0x0) returned 0x4010b70 [0115.494] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce168) returned 0x0 [0115.494] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce160) returned 0x0 [0115.494] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.495] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.497] GetDC (hWnd=0x0) returned 0x4010b70 [0115.497] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce154) returned 0x0 [0115.497] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce14c) returned 0x0 [0115.497] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.497] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.507] GetCurrentThreadId () returned 0xa94 [0115.507] GetCurrentThreadId () returned 0xa94 [0115.507] GetDC (hWnd=0x0) returned 0x4010b70 [0115.508] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.508] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.508] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.508] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.509] GetDC (hWnd=0x0) returned 0x4010b70 [0115.510] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.510] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.510] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.510] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.510] GetDC (hWnd=0x0) returned 0x4010b70 [0115.511] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.511] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.511] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.511] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.511] GetDC (hWnd=0x0) returned 0x4010b70 [0115.511] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.512] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.512] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.512] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.512] GetDC (hWnd=0x0) returned 0x4010b70 [0115.512] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.513] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.513] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.513] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.513] GetDC (hWnd=0x0) returned 0x4010b70 [0115.513] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.514] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.514] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.514] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.514] GetDC (hWnd=0x0) returned 0x4010b70 [0115.514] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.514] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.515] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.515] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.515] GetDC (hWnd=0x0) returned 0x4010b70 [0115.515] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.515] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.515] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.515] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.516] GetDC (hWnd=0x0) returned 0x4010b70 [0115.516] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.516] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.516] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.517] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.517] GetDC (hWnd=0x0) returned 0x4010b70 [0115.517] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.517] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.517] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.517] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.518] GetDC (hWnd=0x0) returned 0x4010b70 [0115.518] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.518] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.518] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.518] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.519] GetDC (hWnd=0x0) returned 0x4010b70 [0115.519] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.519] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.519] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.519] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.519] GetDC (hWnd=0x0) returned 0x4010b70 [0115.520] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.520] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.520] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.520] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.520] GetDC (hWnd=0x0) returned 0x4010b70 [0115.520] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.521] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.521] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.521] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.521] GetDC (hWnd=0x0) returned 0x4010b70 [0115.521] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.522] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.522] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.522] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.522] GetDC (hWnd=0x0) returned 0x4010b70 [0115.522] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.522] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.523] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.523] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.523] GetDC (hWnd=0x0) returned 0x4010b70 [0115.523] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.523] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.523] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.523] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.524] GetDC (hWnd=0x0) returned 0x4010b70 [0115.524] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.524] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.524] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.524] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.525] GetDC (hWnd=0x0) returned 0x4010b70 [0115.525] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.525] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.525] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.525] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.525] GetDC (hWnd=0x0) returned 0x4010b70 [0115.525] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.526] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.526] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.526] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.526] GetDC (hWnd=0x0) returned 0x4010b70 [0115.526] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.526] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.526] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.526] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.527] GetDC (hWnd=0x0) returned 0x4010b70 [0115.527] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.527] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.527] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.527] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.527] GetDC (hWnd=0x0) returned 0x4010b70 [0115.527] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.528] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.528] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.528] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.528] GetDC (hWnd=0x0) returned 0x4010b70 [0115.528] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.528] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.528] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.528] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.529] GetDC (hWnd=0x0) returned 0x4010b70 [0115.529] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.529] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.529] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.529] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.530] GetDC (hWnd=0x0) returned 0x4010b70 [0115.530] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.530] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.530] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.530] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.531] GetDC (hWnd=0x0) returned 0x4010b70 [0115.531] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.531] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.531] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.531] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.532] GetDC (hWnd=0x0) returned 0x4010b70 [0115.532] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.532] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.532] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.532] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.532] GetDC (hWnd=0x0) returned 0x4010b70 [0115.532] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.533] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.533] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.533] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.533] GetDC (hWnd=0x0) returned 0x4010b70 [0115.533] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3ce1a8) returned 0x0 [0115.533] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3ce1a0) returned 0x0 [0115.534] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.534] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.590] GetDC (hWnd=0x0) returned 0x4010b70 [0115.590] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.590] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.590] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.590] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.623] GetDC (hWnd=0x0) returned 0x4010b70 [0115.624] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.624] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.624] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.624] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.675] GetDC (hWnd=0x0) returned 0x4010b70 [0115.675] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.676] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.676] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.676] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.676] GetDC (hWnd=0x0) returned 0x4010b70 [0115.676] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.676] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.676] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.676] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.677] GetDC (hWnd=0x0) returned 0x4010b70 [0115.677] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.677] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.677] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.677] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.678] GetDC (hWnd=0x0) returned 0x4010b70 [0115.678] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.678] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.678] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.678] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.678] GetDC (hWnd=0x0) returned 0x4010b70 [0115.678] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.678] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.679] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.679] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.679] GetDC (hWnd=0x0) returned 0x4010b70 [0115.679] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.679] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.679] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.679] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.680] GetDC (hWnd=0x0) returned 0x4010b70 [0115.680] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.680] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.680] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.680] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.680] GetDC (hWnd=0x0) returned 0x4010b70 [0115.680] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.681] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.681] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.681] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.681] GetDC (hWnd=0x0) returned 0x4010b70 [0115.681] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.681] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.681] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.681] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.682] GetDC (hWnd=0x0) returned 0x4010b70 [0115.682] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.682] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.682] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.682] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.683] GetDC (hWnd=0x0) returned 0x4010b70 [0115.683] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.683] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.683] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.683] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.683] GetDC (hWnd=0x0) returned 0x4010b70 [0115.683] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.683] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.684] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.684] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.684] GetDC (hWnd=0x0) returned 0x4010b70 [0115.684] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.684] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.684] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.684] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.685] GetDC (hWnd=0x0) returned 0x4010b70 [0115.685] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.685] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.685] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.685] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.685] GetDC (hWnd=0x0) returned 0x4010b70 [0115.685] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.686] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.686] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.686] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.686] GetDC (hWnd=0x0) returned 0x4010b70 [0115.686] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.686] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.686] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.686] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.687] GetDC (hWnd=0x0) returned 0x4010b70 [0115.687] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.687] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.687] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.687] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.687] GetDC (hWnd=0x0) returned 0x4010b70 [0115.687] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.688] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.688] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.688] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.688] GetDC (hWnd=0x0) returned 0x4010b70 [0115.688] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.688] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.688] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.688] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.689] GetDC (hWnd=0x0) returned 0x4010b70 [0115.689] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.689] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.689] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.689] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.689] GetDC (hWnd=0x0) returned 0x4010b70 [0115.690] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.690] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.690] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.690] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.690] GetDC (hWnd=0x0) returned 0x4010b70 [0115.690] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.690] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.690] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.690] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.691] GetDC (hWnd=0x0) returned 0x4010b70 [0115.691] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.691] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.691] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.691] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.691] GetDC (hWnd=0x0) returned 0x4010b70 [0115.692] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.692] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.692] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.692] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.694] GetDC (hWnd=0x0) returned 0x4010b70 [0115.694] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.694] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.694] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.694] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.694] GetDC (hWnd=0x0) returned 0x4010b70 [0115.695] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.695] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.695] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.695] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.695] GetDC (hWnd=0x0) returned 0x4010b70 [0115.695] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.695] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.695] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.695] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.696] GetDC (hWnd=0x0) returned 0x4010b70 [0115.696] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.696] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.696] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.696] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.696] GetDC (hWnd=0x0) returned 0x4010b70 [0115.697] GdipCreateFromHDC (hdc=0x4010b70, graphics=0x3cdf44) returned 0x0 [0115.697] GdipGetFontHeight (font=0x5ee25c0, graphics=0x5f29118, height=0x3cdf3c) returned 0x0 [0115.697] GdipDeleteGraphics (graphics=0x5f29118) returned 0x0 [0115.697] ReleaseDC (hWnd=0x0, hDC=0x4010b70) returned 1 [0115.701] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0115.723] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe\\:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe\\:zone.identifier")) returned 0 [0115.752] GetCurrentProcessId () returned 0xa90 [0115.752] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x5b4 [0115.752] EnumProcessModules (in: hProcess=0x5b4, lphModule=0x277412c, cb=0x100, lpcbNeeded=0x3cddc8 | out: lphModule=0x277412c, lpcbNeeded=0x3cddc8) returned 1 [0115.754] EnumProcessModules (in: hProcess=0x5b4, lphModule=0x2774238, cb=0x200, lpcbNeeded=0x3cddc8 | out: lphModule=0x2774238, lpcbNeeded=0x3cddc8) returned 1 [0115.759] GetModuleInformation (in: hProcess=0x5b4, hModule=0x11e0000, lpmodinfo=0x2774478, cb=0xc | out: lpmodinfo=0x2774478*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0115.759] CoTaskMemAlloc (cb=0x804) returned 0x5c7bf00 [0115.759] GetModuleBaseNameW (in: hProcess=0x5b4, hModule=0x11e0000, lpBaseName=0x5c7bf00, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0115.759] CoTaskMemFree (pv=0x5c7bf00) [0115.759] CoTaskMemAlloc (cb=0x804) returned 0x5c7bf00 [0115.759] GetModuleFileNameExW (in: hProcess=0x5b4, hModule=0x11e0000, lpFilename=0x5c7bf00, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0115.760] CoTaskMemFree (pv=0x5c7bf00) [0115.760] CloseHandle (hObject=0x5b4) returned 1 [0115.898] GdipLoadImageFromStream (stream=0x5d0030, image=0x3cd870) returned 0x0 [0115.926] GdipImageForceValidation (image=0x5f29118) returned 0x0 [0115.935] GdipGetImageType (image=0x5f29118, type=0x3cd86c) returned 0x0 [0115.936] GdipGetImageRawFormat (image=0x5f29118, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0115.945] GdipLoadImageFromStream (stream=0x5d0010, image=0x3cd870) returned 0x0 [0115.946] GdipImageForceValidation (image=0x5f3fab0) returned 0x0 [0115.956] GdipGetImageType (image=0x5f3fab0, type=0x3cd86c) returned 0x0 [0115.956] GdipGetImageRawFormat (image=0x5f3fab0, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0115.977] GdipLoadImageFromStream (stream=0x5dfff0, image=0x3cd870) returned 0x0 [0115.978] GdipImageForceValidation (image=0x63ff1e8) returned 0x0 [0115.987] GdipGetImageType (image=0x63ff1e8, type=0x3cd86c) returned 0x0 [0115.987] GdipGetImageRawFormat (image=0x63ff1e8, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0115.999] GdipLoadImageFromStream (stream=0x5dffd0, image=0x3cd870) returned 0x0 [0116.001] GdipImageForceValidation (image=0x6405270) returned 0x0 [0116.009] GdipGetImageType (image=0x6405270, type=0x3cd86c) returned 0x0 [0116.009] GdipGetImageRawFormat (image=0x6405270, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.023] GdipLoadImageFromStream (stream=0x5dffb0, image=0x3cd870) returned 0x0 [0116.024] GdipImageForceValidation (image=0x640b330) returned 0x0 [0116.033] GdipGetImageType (image=0x640b330, type=0x3cd86c) returned 0x0 [0116.033] GdipGetImageRawFormat (image=0x640b330, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.044] GdipLoadImageFromStream (stream=0x5dff90, image=0x3cd870) returned 0x0 [0116.045] GdipImageForceValidation (image=0x64113f0) returned 0x0 [0116.054] GdipGetImageType (image=0x64113f0, type=0x3cd86c) returned 0x0 [0116.054] GdipGetImageRawFormat (image=0x64113f0, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.065] GdipLoadImageFromStream (stream=0x5dff70, image=0x3cd870) returned 0x0 [0116.066] GdipImageForceValidation (image=0x64174b0) returned 0x0 [0116.075] GdipGetImageType (image=0x64174b0, type=0x3cd86c) returned 0x0 [0116.075] GdipGetImageRawFormat (image=0x64174b0, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.086] GdipLoadImageFromStream (stream=0x5dff50, image=0x3cd870) returned 0x0 [0116.087] GdipImageForceValidation (image=0x641d570) returned 0x0 [0116.096] GdipGetImageType (image=0x641d570, type=0x3cd86c) returned 0x0 [0116.096] GdipGetImageRawFormat (image=0x641d570, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.108] GdipLoadImageFromStream (stream=0x5dff30, image=0x3cd870) returned 0x0 [0116.109] GdipImageForceValidation (image=0x6423630) returned 0x0 [0116.118] GdipGetImageType (image=0x6423630, type=0x3cd86c) returned 0x0 [0116.118] GdipGetImageRawFormat (image=0x6423630, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.129] GdipLoadImageFromStream (stream=0x5dff10, image=0x3cd870) returned 0x0 [0116.130] GdipImageForceValidation (image=0x64296f0) returned 0x0 [0116.138] GdipGetImageType (image=0x64296f0, type=0x3cd86c) returned 0x0 [0116.138] GdipGetImageRawFormat (image=0x64296f0, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.149] GdipLoadImageFromStream (stream=0x5dfef0, image=0x3cd870) returned 0x0 [0116.150] GdipImageForceValidation (image=0x642f778) returned 0x0 [0116.159] GdipGetImageType (image=0x642f778, type=0x3cd86c) returned 0x0 [0116.159] GdipGetImageRawFormat (image=0x642f778, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.171] GdipLoadImageFromStream (stream=0x5dfed0, image=0x3cd870) returned 0x0 [0116.172] GdipImageForceValidation (image=0x6435800) returned 0x0 [0116.181] GdipGetImageType (image=0x6435800, type=0x3cd86c) returned 0x0 [0116.181] GdipGetImageRawFormat (image=0x6435800, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.194] GdipLoadImageFromStream (stream=0x5dfeb0, image=0x3cd870) returned 0x0 [0116.195] GdipImageForceValidation (image=0x643b888) returned 0x0 [0116.204] GdipGetImageType (image=0x643b888, type=0x3cd86c) returned 0x0 [0116.204] GdipGetImageRawFormat (image=0x643b888, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.215] GdipLoadImageFromStream (stream=0x5dfe90, image=0x3cd870) returned 0x0 [0116.216] GdipImageForceValidation (image=0x6441910) returned 0x0 [0116.225] GdipGetImageType (image=0x6441910, type=0x3cd86c) returned 0x0 [0116.225] GdipGetImageRawFormat (image=0x6441910, format=0x3cd7e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.247] GdipGetImageWidth (image=0x5f29118, width=0x3cdda8) returned 0x0 [0116.247] GdipGetImageHeight (image=0x5f29118, height=0x3cdda8) returned 0x0 [0116.251] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.251] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5c888e8 [0116.251] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5c888e8 | out: encoders=0x5c888e8) returned 0x0 [0116.256] LocalFree (hMem=0x5c888e8) returned 0x0 [0116.262] GdipSaveImageToStream (image=0x5f29118, stream=0x5dfe70, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.290] GdipCreateBitmapFromStream (stream=0x5dfe50, bitmap=0x3cddb0) returned 0x0 [0116.292] GdipImageForceValidation (image=0x6447998) returned 0x0 [0116.295] GdipGetImageRawFormat (image=0x6447998, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.300] GdipBitmapLockBits (bitmap=0x6447998, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x284fccc) returned 0x0 [0116.309] GdipBitmapUnlockBits (bitmap=0x6447998, lockedBitmapData=0x284fccc) returned 0x0 [0116.309] GdipGetImageWidth (image=0x5f3fab0, width=0x3cdda8) returned 0x0 [0116.309] GdipGetImageHeight (image=0x5f3fab0, height=0x3cdda8) returned 0x0 [0116.310] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.310] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ca2688 [0116.310] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ca2688 | out: encoders=0x5ca2688) returned 0x0 [0116.311] LocalFree (hMem=0x5ca2688) returned 0x0 [0116.311] GdipSaveImageToStream (image=0x5f3fab0, stream=0x5dfe30, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.337] GdipCreateBitmapFromStream (stream=0x5dfe10, bitmap=0x3cddb0) returned 0x0 [0116.339] GdipImageForceValidation (image=0x644f8f0) returned 0x0 [0116.342] GdipGetImageRawFormat (image=0x644f8f0, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.342] GdipBitmapLockBits (bitmap=0x644f8f0, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x28697d4) returned 0x0 [0116.353] GdipBitmapUnlockBits (bitmap=0x644f8f0, lockedBitmapData=0x28697d4) returned 0x0 [0116.354] GdipGetImageWidth (image=0x63ff1e8, width=0x3cdda8) returned 0x0 [0116.354] GdipGetImageHeight (image=0x63ff1e8, height=0x3cdda8) returned 0x0 [0116.354] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.354] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5cb4768 [0116.354] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5cb4768 | out: encoders=0x5cb4768) returned 0x0 [0116.355] LocalFree (hMem=0x5cb4768) returned 0x0 [0116.355] GdipSaveImageToStream (image=0x63ff1e8, stream=0x5dfdf0, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.380] GdipCreateBitmapFromStream (stream=0x5dfdd0, bitmap=0x3cddb0) returned 0x0 [0116.382] GdipImageForceValidation (image=0x6455848) returned 0x0 [0116.383] GdipGetImageRawFormat (image=0x6455848, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.384] GdipBitmapLockBits (bitmap=0x6455848, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x2886f28) returned 0x0 [0116.397] GdipBitmapUnlockBits (bitmap=0x6455848, lockedBitmapData=0x2886f28) returned 0x0 [0116.397] GdipGetImageWidth (image=0x6405270, width=0x3cdda8) returned 0x0 [0116.398] GdipGetImageHeight (image=0x6405270, height=0x3cdda8) returned 0x0 [0116.398] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.398] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5cc4ad8 [0116.398] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5cc4ad8 | out: encoders=0x5cc4ad8) returned 0x0 [0116.399] LocalFree (hMem=0x5cc4ad8) returned 0x0 [0116.399] GdipSaveImageToStream (image=0x6405270, stream=0x5dfdb0, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.424] GdipCreateBitmapFromStream (stream=0x5dfd90, bitmap=0x3cddb0) returned 0x0 [0116.427] GdipImageForceValidation (image=0x645f658) returned 0x0 [0116.429] GdipGetImageRawFormat (image=0x645f658, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.429] GdipBitmapLockBits (bitmap=0x645f658, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x28abdd0) returned 0x0 [0116.441] GdipBitmapUnlockBits (bitmap=0x645f658, lockedBitmapData=0x28abdd0) returned 0x0 [0116.441] GdipGetImageWidth (image=0x640b330, width=0x3cdda8) returned 0x0 [0116.441] GdipGetImageHeight (image=0x640b330, height=0x3cdda8) returned 0x0 [0116.441] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.441] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5cd4db8 [0116.441] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5cd4db8 | out: encoders=0x5cd4db8) returned 0x0 [0116.442] LocalFree (hMem=0x5cd4db8) returned 0x0 [0116.442] GdipSaveImageToStream (image=0x640b330, stream=0x5dfd70, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.466] GdipCreateBitmapFromStream (stream=0x5dfd50, bitmap=0x3cddb0) returned 0x0 [0116.467] GdipImageForceValidation (image=0x645f9a0) returned 0x0 [0116.469] GdipGetImageRawFormat (image=0x645f9a0, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.469] GdipBitmapLockBits (bitmap=0x645f9a0, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x28c18a8) returned 0x0 [0116.481] GdipBitmapUnlockBits (bitmap=0x645f9a0, lockedBitmapData=0x28c18a8) returned 0x0 [0116.482] GdipGetImageWidth (image=0x64113f0, width=0x3cdda8) returned 0x0 [0116.482] GdipGetImageHeight (image=0x64113f0, height=0x3cdda8) returned 0x0 [0116.482] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.482] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ce5008 [0116.482] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ce5008 | out: encoders=0x5ce5008) returned 0x0 [0116.483] LocalFree (hMem=0x5ce5008) returned 0x0 [0116.483] GdipSaveImageToStream (image=0x64113f0, stream=0x5dfd30, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.508] GdipCreateBitmapFromStream (stream=0x5dfd10, bitmap=0x3cddb0) returned 0x0 [0116.510] GdipImageForceValidation (image=0x645fce8) returned 0x0 [0116.512] GdipGetImageRawFormat (image=0x645fce8, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.512] GdipBitmapLockBits (bitmap=0x645fce8, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x28d777c) returned 0x0 [0116.525] GdipBitmapUnlockBits (bitmap=0x645fce8, lockedBitmapData=0x28d777c) returned 0x0 [0116.525] GdipGetImageWidth (image=0x64174b0, width=0x3cdda8) returned 0x0 [0116.525] GdipGetImageHeight (image=0x64174b0, height=0x3cdda8) returned 0x0 [0116.525] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.525] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5cf53a8 [0116.526] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5cf53a8 | out: encoders=0x5cf53a8) returned 0x0 [0116.527] LocalFree (hMem=0x5cf53a8) returned 0x0 [0116.527] GdipSaveImageToStream (image=0x64174b0, stream=0x5dfcf0, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.548] GdipCreateBitmapFromStream (stream=0x5dfcd0, bitmap=0x3cddb0) returned 0x0 [0116.549] GdipImageForceValidation (image=0x6460030) returned 0x0 [0116.551] GdipGetImageRawFormat (image=0x6460030, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.551] GdipBitmapLockBits (bitmap=0x6460030, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x28ed518) returned 0x0 [0116.562] GdipBitmapUnlockBits (bitmap=0x6460030, lockedBitmapData=0x28ed518) returned 0x0 [0116.563] GdipGetImageWidth (image=0x641d570, width=0x3cdda8) returned 0x0 [0116.563] GdipGetImageHeight (image=0x641d570, height=0x3cdda8) returned 0x0 [0116.563] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.563] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5d056e0 [0116.563] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5d056e0 | out: encoders=0x5d056e0) returned 0x0 [0116.564] LocalFree (hMem=0x5d056e0) returned 0x0 [0116.564] GdipSaveImageToStream (image=0x641d570, stream=0x5dfcb0, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.596] GdipCreateBitmapFromStream (stream=0x5dfc90, bitmap=0x3cddb0) returned 0x0 [0116.598] GdipImageForceValidation (image=0x6460378) returned 0x0 [0116.600] GdipGetImageRawFormat (image=0x6460378, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.601] GdipBitmapLockBits (bitmap=0x6460378, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x29032b4) returned 0x0 [0116.615] GdipBitmapUnlockBits (bitmap=0x6460378, lockedBitmapData=0x29032b4) returned 0x0 [0116.615] GdipGetImageWidth (image=0x6423630, width=0x3cdda8) returned 0x0 [0116.615] GdipGetImageHeight (image=0x6423630, height=0x3cdda8) returned 0x0 [0116.615] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.615] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5d157f0 [0116.615] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5d157f0 | out: encoders=0x5d157f0) returned 0x0 [0116.616] LocalFree (hMem=0x5d157f0) returned 0x0 [0116.616] GdipSaveImageToStream (image=0x6423630, stream=0x5dfc70, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.692] GdipCreateBitmapFromStream (stream=0x5dfc50, bitmap=0x3cddb0) returned 0x0 [0116.693] GdipImageForceValidation (image=0x64606c0) returned 0x0 [0116.696] GdipGetImageRawFormat (image=0x64606c0, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.696] GdipBitmapLockBits (bitmap=0x64606c0, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x2919134) returned 0x0 [0116.707] GdipBitmapUnlockBits (bitmap=0x64606c0, lockedBitmapData=0x2919134) returned 0x0 [0116.708] GdipGetImageWidth (image=0x64296f0, width=0x3cdda8) returned 0x0 [0116.708] GdipGetImageHeight (image=0x64296f0, height=0x3cdda8) returned 0x0 [0116.708] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.708] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5d26018 [0116.708] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5d26018 | out: encoders=0x5d26018) returned 0x0 [0116.709] LocalFree (hMem=0x5d26018) returned 0x0 [0116.709] GdipSaveImageToStream (image=0x64296f0, stream=0x5dfc30, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.795] GdipCreateBitmapFromStream (stream=0x5dfe70, bitmap=0x3cddb0) returned 0x0 [0116.796] GdipImageForceValidation (image=0x6460378) returned 0x0 [0116.797] GdipGetImageRawFormat (image=0x6460378, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.797] GdipBitmapLockBits (bitmap=0x6460378, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x27a7ca0) returned 0x0 [0116.811] GdipBitmapUnlockBits (bitmap=0x6460378, lockedBitmapData=0x27a7ca0) returned 0x0 [0116.811] GdipGetImageWidth (image=0x642f778, width=0x3cdda8) returned 0x0 [0116.811] GdipGetImageHeight (image=0x642f778, height=0x3cdda8) returned 0x0 [0116.811] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.811] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5d26018 [0116.811] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5d26018 | out: encoders=0x5d26018) returned 0x0 [0116.812] LocalFree (hMem=0x5d26018) returned 0x0 [0116.813] GdipSaveImageToStream (image=0x642f778, stream=0x5dfe30, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.836] GdipCreateBitmapFromStream (stream=0x5dfdf0, bitmap=0x3cddb0) returned 0x0 [0116.838] GdipImageForceValidation (image=0x645f658) returned 0x0 [0116.839] GdipGetImageRawFormat (image=0x645f658, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.839] GdipBitmapLockBits (bitmap=0x645f658, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x27bdb5c) returned 0x0 [0116.852] GdipBitmapUnlockBits (bitmap=0x645f658, lockedBitmapData=0x27bdb5c) returned 0x0 [0116.852] GdipGetImageWidth (image=0x6435800, width=0x3cdda8) returned 0x0 [0116.852] GdipGetImageHeight (image=0x6435800, height=0x3cdda8) returned 0x0 [0116.852] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.852] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ca3a98 [0116.853] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ca3a98 | out: encoders=0x5ca3a98) returned 0x0 [0116.853] LocalFree (hMem=0x5ca3a98) returned 0x0 [0116.854] GdipSaveImageToStream (image=0x6435800, stream=0x5dfdb0, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.875] GdipCreateBitmapFromStream (stream=0x5dfd70, bitmap=0x3cddb0) returned 0x0 [0116.877] GdipImageForceValidation (image=0x645f9a0) returned 0x0 [0116.878] GdipGetImageRawFormat (image=0x645f9a0, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.878] GdipBitmapLockBits (bitmap=0x645f9a0, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x27d3a30) returned 0x0 [0116.890] GdipBitmapUnlockBits (bitmap=0x645f9a0, lockedBitmapData=0x27d3a30) returned 0x0 [0116.890] GdipGetImageWidth (image=0x643b888, width=0x3cdda8) returned 0x0 [0116.890] GdipGetImageHeight (image=0x643b888, height=0x3cdda8) returned 0x0 [0116.890] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.890] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ca4ea8 [0116.891] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ca4ea8 | out: encoders=0x5ca4ea8) returned 0x0 [0116.891] LocalFree (hMem=0x5ca4ea8) returned 0x0 [0116.892] GdipSaveImageToStream (image=0x643b888, stream=0x5dfd30, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.916] GdipCreateBitmapFromStream (stream=0x5dfcf0, bitmap=0x3cddb0) returned 0x0 [0116.917] GdipImageForceValidation (image=0x645fce8) returned 0x0 [0116.918] GdipGetImageRawFormat (image=0x645fce8, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.918] GdipBitmapLockBits (bitmap=0x645fce8, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x27e98f8) returned 0x0 [0116.930] GdipBitmapUnlockBits (bitmap=0x645fce8, lockedBitmapData=0x27e98f8) returned 0x0 [0116.930] GdipGetImageWidth (image=0x6441910, width=0x3cdda8) returned 0x0 [0116.930] GdipGetImageHeight (image=0x6441910, height=0x3cdda8) returned 0x0 [0116.930] GdipGetImageEncodersSize (numEncoders=0x3cdd5c, size=0x3cdd58) returned 0x0 [0116.930] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ca5148 [0116.931] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ca5148 | out: encoders=0x5ca5148) returned 0x0 [0116.932] LocalFree (hMem=0x5ca5148) returned 0x0 [0116.932] GdipSaveImageToStream (image=0x6441910, stream=0x5dfcb0, clsidEncoder=0x3cdd6c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0116.951] GdipCreateBitmapFromStream (stream=0x5dfc70, bitmap=0x3cddb0) returned 0x0 [0116.952] GdipImageForceValidation (image=0x6460030) returned 0x0 [0116.953] GdipGetImageRawFormat (image=0x6460030, format=0x3cdd24*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0116.953] GdipBitmapLockBits (bitmap=0x6460030, rect=0x3cdd44, flags=0x3, format=0x21808, lockedBitmapData=0x27fdbe8) returned 0x0 [0116.962] GdipBitmapUnlockBits (bitmap=0x6460030, lockedBitmapData=0x27fdbe8) returned 0x0 [0117.164] CoTaskMemAlloc (cb=0x20c) returned 0x4f4078 [0117.164] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x4f4078 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0117.164] CoTaskMemFree (pv=0x4f4078) [0117.164] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x3cd400, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0117.165] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x3cd414, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26 [0117.213] CoCreateGuid (in: pguid=0x3cd148 | out: pguid=0x3cd148*(Data1=0x42befa2a, Data2=0x378d, Data3=0x49d4, Data4=([0]=0xbd, [1]=0x85, [2]=0xd7, [3]=0x2c, [4]=0x15, [5]=0x64, [6]=0x68, [7]=0x74))) returned 0x0 [0117.215] CoCreateGuid (in: pguid=0x3cd148 | out: pguid=0x3cd148*(Data1=0x79409b8, Data2=0x6aae, Data3=0x45ae, Data4=([0]=0x82, [1]=0xd2, [2]=0x76, [3]=0x1f, [4]=0x76, [5]=0x24, [6]=0xc7, [7]=0x7b))) returned 0x0 [0117.215] CoCreateGuid (in: pguid=0x3cd148 | out: pguid=0x3cd148*(Data1=0xd3670067, Data2=0x35f6, Data3=0x48c5, Data4=([0]=0xa1, [1]=0xe4, [2]=0x7d, [3]=0x67, [4]=0x64, [5]=0x52, [6]=0x63, [7]=0x13))) returned 0x0 [0117.217] CoCreateGuid (in: pguid=0x3cd148 | out: pguid=0x3cd148*(Data1=0x919f67a0, Data2=0x12a8, Data3=0x4908, Data4=([0]=0xbc, [1]=0x3f, [2]=0x7c, [3]=0xb1, [4]=0xf, [5]=0x7d, [6]=0xd1, [7]=0x34))) returned 0x0 [0117.519] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd36c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.520] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.521] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3cd324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0117.521] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd564) returned 1 [0117.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), fInfoLevelId=0x0, lpFileInformation=0x3cd828 | out: lpFileInformation=0x3cd828*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600)) returned 1 [0117.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd560) returned 1 [0117.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd800) returned 1 [0117.523] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0117.524] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), lpFindFileData=0x3cd5b0 | out: lpFindFileData=0x3cd5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="geater.exe", cAlternateFileName="")) returned 0x5ca5400 [0117.526] FindNextFileW (in: hFindFile=0x5ca5400, lpFindFileData=0x3cd5b8 | out: lpFindFileData=0x3cd5b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0117.526] FindClose (in: hFindFile=0x5ca5400 | out: hFindFile=0x5ca5400) returned 1 [0117.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd570) returned 1 [0117.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd7d0) returned 1 [0117.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd36c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3cd324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0117.527] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd564) returned 1 [0117.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), fInfoLevelId=0x0, lpFileInformation=0x3cd828 | out: lpFileInformation=0x3cd828*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600)) returned 1 [0117.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd560) returned 1 [0117.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd800) returned 1 [0117.528] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0117.528] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), lpFindFileData=0x3cd5b0 | out: lpFindFileData=0x3cd5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="geater.exe", cAlternateFileName="")) returned 0x5ca5400 [0117.528] FindNextFileW (in: hFindFile=0x5ca5400, lpFindFileData=0x3cd5b8 | out: lpFindFileData=0x3cd5b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0117.528] FindClose (in: hFindFile=0x5ca5400 | out: hFindFile=0x5ca5400) returned 1 [0117.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd570) returned 1 [0117.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd7d0) returned 1 [0117.528] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd2fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.529] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd2fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.529] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd5a0) returned 1 [0117.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), fInfoLevelId=0x0, lpFileInformation=0x3cd864 | out: lpFileInformation=0x3cd864*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600)) returned 1 [0117.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd59c) returned 1 [0117.529] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd358, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd594) returned 1 [0117.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), fInfoLevelId=0x0, lpFileInformation=0x3cd858 | out: lpFileInformation=0x3cd858*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe58ca00, ftCreationTime.dwHighDateTime=0x1d8a135, ftLastAccessTime.dwLowDateTime=0xfef16080, ftLastAccessTime.dwHighDateTime=0x1d8a135, ftLastWriteTime.dwLowDateTime=0x8e3c4b00, ftLastWriteTime.dwHighDateTime=0x1d8a119, nFileSizeHigh=0x0, nFileSizeLow=0x9c600)) returned 1 [0117.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd590) returned 1 [0117.530] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.530] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0117.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd528) returned 1 [0117.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp"), fInfoLevelId=0x0, lpFileInformation=0x3cd7ec | out: lpFileInformation=0x3cd7ec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x2d1488c0, ftLastAccessTime.dwHighDateTime=0x1d8a136, ftLastWriteTime.dwLowDateTime=0x2d1488c0, ftLastWriteTime.dwHighDateTime=0x1d8a136, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0117.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd524) returned 1 [0117.530] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd314, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.531] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", nBufferLength=0x105, lpBuffer=0x3cd314, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe", lpFilePart=0x0) returned 0x30 [0117.531] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), bFailIfExists=0) returned 0 [0117.536] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5ac [0117.536] CloseHandle (hObject=0x5ac) returned 1 [0117.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3eebda0, Length=0x20000, ResultLength=0x3cd584 | out: SystemInformation=0x3eebda0, ResultLength=0x3cd584*=0xe100) returned 0x0 [0117.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x3ccff4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0117.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x3ccf6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0117.705] CoTaskMemAlloc (cb=0x210) returned 0x5d68d98 [0117.705] GetEnvironmentVariableW (in: lpName="COMPLUS_INSTALLROOT", lpBuffer=0x5d68d98, nSize=0x106 | out: lpBuffer="") returned 0x0 [0117.706] CoTaskMemFree (pv=0x5d68d98) [0117.706] CoTaskMemAlloc (cb=0x210) returned 0x5d68d98 [0117.706] GetEnvironmentVariableW (in: lpName="COMPLUS_VERSION", lpBuffer=0x5d68d98, nSize=0x106 | out: lpBuffer="") returned 0x0 [0117.706] CoTaskMemFree (pv=0x5d68d98) [0117.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\msbuild.exe", nBufferLength=0x105, lpBuffer=0x3ccffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\msbuild.exe", lpFilePart=0x0) returned 0x39 [0117.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd23c) returned 1 [0117.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\msbuild.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\msbuild.exe"), fInfoLevelId=0x0, lpFileInformation=0x3cd500 | out: lpFileInformation=0x3cd500*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23456500, ftCreationTime.dwHighDateTime=0x1d4e503, ftLastAccessTime.dwLowDateTime=0xc0eef950, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0x3fe38)) returned 1 [0117.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd238) returned 1 [0117.884] EtwEventRegister () returned 0x0 [0117.914] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x47bdf0*=0xf8, lpdwindex=0x3cd524 | out: lpdwindex=0x3cd524) returned 0x0 [0149.644] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x4cc458*=0x5e0, lpdwindex=0x3cd2e4 | out: lpdwindex=0x3cd2e4) returned 0x0 [0149.697] AdjustWindowRectEx (in: lpRect=0x3cd6e8, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x3cd6e8) returned 1 [0149.697] GetSystemMetrics (nIndex=59) returned 1460 [0149.697] GetSystemMetrics (nIndex=60) returned 920 [0149.697] GetSystemMetrics (nIndex=34) returned 132 [0149.697] GetSystemMetrics (nIndex=35) returned 38 [0149.697] AdjustWindowRectEx (in: lpRect=0x3cd624, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3cd624) returned 1 [0149.717] GetDC (hWnd=0x0) returned 0x3a010b54 [0149.718] GdipCreateFromHDC (hdc=0x3a010b54, graphics=0x3cd5ec) returned 0x0 [0149.720] GdipGetFontHeight (font=0x5ee25c0, graphics=0x6447998, height=0x3cd5e4) returned 0x0 [0149.720] GdipDeleteGraphics (graphics=0x6447998) returned 0x0 [0149.720] ReleaseDC (hWnd=0x0, hDC=0x3a010b54) returned 1 [0149.720] GetSystemMetrics (nIndex=5) returned 1 [0149.720] GetSystemMetrics (nIndex=6) returned 1 [0149.721] AdjustWindowRectEx (in: lpRect=0x3cd714, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3cd714) returned 1 [0149.721] GetSystemMetrics (nIndex=5) returned 1 [0149.721] GetSystemMetrics (nIndex=6) returned 1 [0149.721] AdjustWindowRectEx (in: lpRect=0x3cd678, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3cd678) returned 1 [0149.721] GetSystemMetrics (nIndex=5) returned 1 [0149.721] GetSystemMetrics (nIndex=6) returned 1 [0149.721] AdjustWindowRectEx (in: lpRect=0x3cd678, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3cd678) returned 1 [0149.722] AdjustWindowRectEx (in: lpRect=0x3cd714, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3cd714) returned 1 [0149.722] AdjustWindowRectEx (in: lpRect=0x3cd6a4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3cd6a4) returned 1 [0149.750] AdjustWindowRectEx (in: lpRect=0x3cd6a4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3cd6a4) returned 1 [0149.750] GetCurrentThreadId () returned 0xa94 [0149.751] GetCurrentThreadId () returned 0xa94 [0149.752] UpdateWindow (hWnd=0x0) returned 0 [0149.788] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config", nBufferLength=0x105, lpBuffer=0x3cceb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config", lpFilePart=0x0) returned 0x37 [0149.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3cd100) returned 1 [0149.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3cd3c4 | out: lpFileInformation=0x3cd3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3cd0fc) returned 1 [0150.113] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11e00, lpName=0x0) returned 0x5e8 [0150.114] memcpy (in: _Dst=0xb80000, _Src=0x282e054, _Size=0x11e00 | out: _Dst=0xb80000) returned 0xb80000 [0150.115] CloseHandle (hObject=0x5e8) returned 1 [0150.197] GetCurrentThreadId () returned 0xa94 [0150.197] GetCurrentThreadId () returned 0xa94 [0150.261] VirtualProtect (in: lpAddress=0xb80400, dwSize=0x9600, flNewProtect=0x40, lpflOldProtect=0x3cc32c | out: lpflOldProtect=0x3cc32c*=0x38aee8) returned 0 [0150.870] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x5e0 [0150.871] memcpy (in: _Dst=0xfb0000, _Src=0x27a05b4, _Size=0x800 | out: _Dst=0xfb0000) returned 0xfb0000 [0150.871] CloseHandle (hObject=0x5e0) returned 1 [0151.703] VirtualProtect (in: lpAddress=0xb80178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.708] VirtualProtect (in: lpAddress=0xb801a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x33e0) returned 0 [0151.710] VirtualProtect (in: lpAddress=0xb801c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x33e0) returned 0 [0151.711] VirtualProtect (in: lpAddress=0xb801f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x33e0) returned 0 [0151.713] VirtualProtect (in: lpAddress=0xb80218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.714] VirtualProtect (in: lpAddress=0xb8a1be, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.715] VirtualProtect (in: lpAddress=0xb8a1b2, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.717] VirtualProtect (in: lpAddress=0xb89a00, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.719] VirtualProtect (in: lpAddress=0xb8a1cc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.720] VirtualProtect (in: lpAddress=0xb8a1f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.722] VirtualProtect (in: lpAddress=0xb8a1f8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.723] VirtualProtect (in: lpAddress=0xb8a1fc, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.725] VirtualProtect (in: lpAddress=0xb8a204, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.726] VirtualProtect (in: lpAddress=0xb8a208, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.727] VirtualProtect (in: lpAddress=0xb8a20c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.730] VirtualProtect (in: lpAddress=0xb8a210, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.731] VirtualProtect (in: lpAddress=0xb8a218, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.732] VirtualProtect (in: lpAddress=0xb8a21c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.733] VirtualProtect (in: lpAddress=0xb8a220, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.735] VirtualProtect (in: lpAddress=0xb8a228, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.736] VirtualProtect (in: lpAddress=0xb8a22c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.738] VirtualProtect (in: lpAddress=0xb8a230, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.739] VirtualProtect (in: lpAddress=0xb8a238, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.740] VirtualProtect (in: lpAddress=0xb8a23c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.742] VirtualProtect (in: lpAddress=0xb8a240, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.744] VirtualProtect (in: lpAddress=0xb8a248, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.745] VirtualProtect (in: lpAddress=0xb8a24c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.746] VirtualProtect (in: lpAddress=0xb8a250, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.748] VirtualProtect (in: lpAddress=0xb8a254, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.749] VirtualProtect (in: lpAddress=0xb8a25c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.750] VirtualProtect (in: lpAddress=0xb8a260, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.752] VirtualProtect (in: lpAddress=0xb8a264, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.754] VirtualProtect (in: lpAddress=0xb8a26c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.755] VirtualProtect (in: lpAddress=0xb8a270, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x3cc354 | out: lpflOldProtect=0x3cc354*=0x0) returned 0 [0151.841] CoTaskMemAlloc (cb=0x210) returned 0x5d68d98 [0151.841] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x5d68d98, nSize=0x106 | out: lpBuffer="") returned 0x0 [0151.841] CoTaskMemFree (pv=0x5d68d98) [0152.358] CoCreateGuid (in: pguid=0x3cb95c | out: pguid=0x3cb95c*(Data1=0xb181fa0c, Data2=0x68fd, Data3=0x42d3, Data4=([0]=0xbf, [1]=0xb, [2]=0xd6, [3]=0x68, [4]=0x23, [5]=0xcb, [6]=0x9d, [7]=0xde))) returned 0x0 [0152.372] CoTaskMemAlloc (cb=0x210) returned 0x5d68d98 [0152.372] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x5d68d98 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a [0152.372] CoTaskMemFree (pv=0x5d68d98) [0152.560] CreateProcessAsUserW (in: hToken=0x0, lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x3cc7f4*(cb=0x48, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x27aadb0 | out: lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe\"", lpProcessInformation=0x27aadb0*(hProcess=0x638, hThread=0x634, dwProcessId=0xb28, dwThreadId=0xb2c)) returned 1 [0152.738] GetCurrentProcessId () returned 0xa90 [0152.742] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x640 [0152.743] EnumProcessModules (in: hProcess=0x640, lphModule=0x27bf688, cb=0x100, lpcbNeeded=0x3cc760 | out: lphModule=0x27bf688, lpcbNeeded=0x3cc760) returned 1 [0152.744] EnumProcessModules (in: hProcess=0x640, lphModule=0x27bf794, cb=0x200, lpcbNeeded=0x3cc760 | out: lphModule=0x27bf794, lpcbNeeded=0x3cc760) returned 1 [0152.746] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x27bf9d4, cb=0xc | out: lpmodinfo=0x27bf9d4*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0152.746] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.746] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0152.747] CoTaskMemFree (pv=0x5ca4ba0) [0152.747] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.747] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0152.747] CoTaskMemFree (pv=0x5ca4ba0) [0152.747] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x27c1b2c, cb=0xc | out: lpmodinfo=0x27c1b2c*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0152.748] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.748] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0152.748] CoTaskMemFree (pv=0x5ca4ba0) [0152.748] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.748] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0152.748] CoTaskMemFree (pv=0x5ca4ba0) [0152.748] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x27c3c3c, cb=0xc | out: lpmodinfo=0x27c3c3c*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0152.749] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.749] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0152.749] CoTaskMemFree (pv=0x5ca4ba0) [0152.749] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.749] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0152.749] CoTaskMemFree (pv=0x5ca4ba0) [0152.750] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x27c5d54, cb=0xc | out: lpmodinfo=0x27c5d54*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0152.750] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.750] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0152.750] CoTaskMemFree (pv=0x5ca4ba0) [0152.750] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.750] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0152.751] CoTaskMemFree (pv=0x5ca4ba0) [0152.751] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x27c7e74, cb=0xc | out: lpmodinfo=0x27c7e74*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0152.751] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.751] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0152.752] CoTaskMemFree (pv=0x5ca4ba0) [0152.752] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.752] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0152.752] CoTaskMemFree (pv=0x5ca4ba0) [0152.752] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x27c9fc8, cb=0xc | out: lpmodinfo=0x27c9fc8*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0152.753] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.753] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0152.753] CoTaskMemFree (pv=0x5ca4ba0) [0152.753] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.753] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0152.754] CoTaskMemFree (pv=0x5ca4ba0) [0152.754] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x27cc0e8, cb=0xc | out: lpmodinfo=0x27cc0e8*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0152.754] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.754] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0152.755] CoTaskMemFree (pv=0x5ca4ba0) [0152.755] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.755] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0152.755] CoTaskMemFree (pv=0x5ca4ba0) [0152.755] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x27ce200, cb=0xc | out: lpmodinfo=0x27ce200*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0152.756] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.756] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0152.756] CoTaskMemFree (pv=0x5ca4ba0) [0152.756] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.756] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0152.756] CoTaskMemFree (pv=0x5ca4ba0) [0152.757] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x27d0324, cb=0xc | out: lpmodinfo=0x27d0324*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0152.757] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.757] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0152.758] CoTaskMemFree (pv=0x5ca4ba0) [0152.758] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.758] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0152.758] CoTaskMemFree (pv=0x5ca4ba0) [0152.758] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x27d2488, cb=0xc | out: lpmodinfo=0x27d2488*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0152.759] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.759] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0152.759] CoTaskMemFree (pv=0x5ca4ba0) [0152.759] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.759] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0152.760] CoTaskMemFree (pv=0x5ca4ba0) [0152.760] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x27d45a0, cb=0xc | out: lpmodinfo=0x27d45a0*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0152.760] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.760] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0152.761] CoTaskMemFree (pv=0x5ca4ba0) [0152.761] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.761] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0152.761] CoTaskMemFree (pv=0x5ca4ba0) [0152.761] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x27d66c0, cb=0xc | out: lpmodinfo=0x27d66c0*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0152.762] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.762] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0152.762] CoTaskMemFree (pv=0x5ca4ba0) [0152.762] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.762] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0152.763] CoTaskMemFree (pv=0x5ca4ba0) [0152.763] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x27d8814, cb=0xc | out: lpmodinfo=0x27d8814*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0152.763] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.764] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0152.764] CoTaskMemFree (pv=0x5ca4ba0) [0152.764] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.764] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0152.765] CoTaskMemFree (pv=0x5ca4ba0) [0152.765] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x27da984, cb=0xc | out: lpmodinfo=0x27da984*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0152.765] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.765] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0152.766] CoTaskMemFree (pv=0x5ca4ba0) [0152.766] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.766] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0152.767] CoTaskMemFree (pv=0x5ca4ba0) [0152.767] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x27dca9c, cb=0xc | out: lpmodinfo=0x27dca9c*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0152.767] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.767] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0152.768] CoTaskMemFree (pv=0x5ca4ba0) [0152.768] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.768] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0152.768] CoTaskMemFree (pv=0x5ca4ba0) [0152.768] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x27debac, cb=0xc | out: lpmodinfo=0x27debac*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0152.769] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.769] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0152.770] CoTaskMemFree (pv=0x5ca4ba0) [0152.770] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.770] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0152.770] CoTaskMemFree (pv=0x5ca4ba0) [0152.770] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x27e0cc4, cb=0xc | out: lpmodinfo=0x27e0cc4*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0152.771] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.771] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0152.771] CoTaskMemFree (pv=0x5ca4ba0) [0152.772] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.772] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0152.772] CoTaskMemFree (pv=0x5ca4ba0) [0152.772] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x27e2e58, cb=0xc | out: lpmodinfo=0x27e2e58*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0152.773] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.773] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0152.774] CoTaskMemFree (pv=0x5ca4ba0) [0152.774] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.774] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0152.775] CoTaskMemFree (pv=0x5ca4ba0) [0152.775] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x27e4f68, cb=0xc | out: lpmodinfo=0x27e4f68*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0152.775] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.775] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0152.776] CoTaskMemFree (pv=0x5ca4ba0) [0152.776] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.776] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0152.777] CoTaskMemFree (pv=0x5ca4ba0) [0152.777] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x27e7078, cb=0xc | out: lpmodinfo=0x27e7078*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0152.778] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.778] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0152.778] CoTaskMemFree (pv=0x5ca4ba0) [0152.778] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.779] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0152.779] CoTaskMemFree (pv=0x5ca4ba0) [0152.779] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x27e9188, cb=0xc | out: lpmodinfo=0x27e9188*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0152.780] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.780] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0152.780] CoTaskMemFree (pv=0x5ca4ba0) [0152.781] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.781] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0152.781] CoTaskMemFree (pv=0x5ca4ba0) [0152.781] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x27eb2a0, cb=0xc | out: lpmodinfo=0x27eb2a0*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0152.782] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.782] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0152.783] CoTaskMemFree (pv=0x5ca4ba0) [0152.783] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.783] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0152.784] CoTaskMemFree (pv=0x5ca4ba0) [0152.784] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x27ed3dc, cb=0xc | out: lpmodinfo=0x27ed3dc*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0152.784] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.784] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0152.785] CoTaskMemFree (pv=0x5ca4ba0) [0152.785] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.785] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0152.786] CoTaskMemFree (pv=0x5ca4ba0) [0152.786] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x27ef52c, cb=0xc | out: lpmodinfo=0x27ef52c*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0152.787] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.787] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0152.788] CoTaskMemFree (pv=0x5ca4ba0) [0152.788] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.788] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0152.789] CoTaskMemFree (pv=0x5ca4ba0) [0152.789] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x27f166c, cb=0xc | out: lpmodinfo=0x27f166c*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0152.789] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.790] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0152.790] CoTaskMemFree (pv=0x5ca4ba0) [0152.791] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.791] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0152.791] CoTaskMemFree (pv=0x5ca4ba0) [0152.791] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x27f3820, cb=0xc | out: lpmodinfo=0x27f3820*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0152.792] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.792] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0152.793] CoTaskMemFree (pv=0x5ca4ba0) [0152.793] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.793] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0152.794] CoTaskMemFree (pv=0x5ca4ba0) [0152.794] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x27f5930, cb=0xc | out: lpmodinfo=0x27f5930*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0152.795] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.795] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0152.796] CoTaskMemFree (pv=0x5ca4ba0) [0152.796] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.796] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0152.796] CoTaskMemFree (pv=0x5ca4ba0) [0152.796] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x27f7a48, cb=0xc | out: lpmodinfo=0x27f7a48*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0152.797] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.797] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0152.798] CoTaskMemFree (pv=0x5ca4ba0) [0152.798] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.798] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0152.799] CoTaskMemFree (pv=0x5ca4ba0) [0152.799] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x27f9bb8, cb=0xc | out: lpmodinfo=0x27f9bb8*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0152.800] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.800] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0152.801] CoTaskMemFree (pv=0x5ca4ba0) [0152.801] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.801] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0152.802] CoTaskMemFree (pv=0x5ca4ba0) [0152.802] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x27fbd04, cb=0xc | out: lpmodinfo=0x27fbd04*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0152.803] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.803] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0152.804] CoTaskMemFree (pv=0x5ca4ba0) [0152.804] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.804] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0152.805] CoTaskMemFree (pv=0x5ca4ba0) [0152.805] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x27fde24, cb=0xc | out: lpmodinfo=0x27fde24*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0152.806] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.806] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0152.807] CoTaskMemFree (pv=0x5ca4ba0) [0152.807] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.807] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0152.808] CoTaskMemFree (pv=0x5ca4ba0) [0152.808] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x27fffcc, cb=0xc | out: lpmodinfo=0x27fffcc*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0152.809] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.809] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0152.810] CoTaskMemFree (pv=0x5ca4ba0) [0152.810] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.810] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0152.811] CoTaskMemFree (pv=0x5ca4ba0) [0152.811] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x28021a4, cb=0xc | out: lpmodinfo=0x28021a4*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0152.812] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.812] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0152.813] CoTaskMemFree (pv=0x5ca4ba0) [0152.813] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.813] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0152.814] CoTaskMemFree (pv=0x5ca4ba0) [0152.814] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x28044b8, cb=0xc | out: lpmodinfo=0x28044b8*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0152.815] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.815] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0152.816] CoTaskMemFree (pv=0x5ca4ba0) [0152.816] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.816] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0152.817] CoTaskMemFree (pv=0x5ca4ba0) [0152.817] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x2806680, cb=0xc | out: lpmodinfo=0x2806680*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0152.818] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.818] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0152.819] CoTaskMemFree (pv=0x5ca4ba0) [0152.819] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.819] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0152.820] CoTaskMemFree (pv=0x5ca4ba0) [0152.820] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x2808880, cb=0xc | out: lpmodinfo=0x2808880*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0152.821] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.821] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0152.822] CoTaskMemFree (pv=0x5ca4ba0) [0152.822] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.822] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0152.823] CoTaskMemFree (pv=0x5ca4ba0) [0152.823] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x280aa7c, cb=0xc | out: lpmodinfo=0x280aa7c*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0152.824] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.824] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0152.825] CoTaskMemFree (pv=0x5ca4ba0) [0152.826] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.826] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0152.827] CoTaskMemFree (pv=0x5ca4ba0) [0152.827] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x280cc3c, cb=0xc | out: lpmodinfo=0x280cc3c*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0152.828] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.828] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0152.829] CoTaskMemFree (pv=0x5ca4ba0) [0152.829] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.829] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0152.830] CoTaskMemFree (pv=0x5ca4ba0) [0152.830] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x280ed98, cb=0xc | out: lpmodinfo=0x280ed98*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0152.831] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.831] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0152.832] CoTaskMemFree (pv=0x5ca4ba0) [0152.832] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.832] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0152.833] CoTaskMemFree (pv=0x5ca4ba0) [0152.833] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x2810eb0, cb=0xc | out: lpmodinfo=0x2810eb0*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0152.834] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.834] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0152.835] CoTaskMemFree (pv=0x5ca4ba0) [0152.836] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.837] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0152.838] CoTaskMemFree (pv=0x5ca4ba0) [0152.838] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x2812fc8, cb=0xc | out: lpmodinfo=0x2812fc8*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0152.839] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.839] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0152.840] CoTaskMemFree (pv=0x5ca4ba0) [0152.840] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.840] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0152.841] CoTaskMemFree (pv=0x5ca4ba0) [0152.842] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x28150e0, cb=0xc | out: lpmodinfo=0x28150e0*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0152.843] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.843] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0152.844] CoTaskMemFree (pv=0x5ca4ba0) [0152.844] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.844] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0152.845] CoTaskMemFree (pv=0x5ca4ba0) [0152.845] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x28171f8, cb=0xc | out: lpmodinfo=0x28171f8*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0152.846] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.846] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0152.847] CoTaskMemFree (pv=0x5ca4ba0) [0152.848] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.848] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0152.849] CoTaskMemFree (pv=0x5ca4ba0) [0152.849] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x2819310, cb=0xc | out: lpmodinfo=0x2819310*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0152.850] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.850] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0152.851] CoTaskMemFree (pv=0x5ca4ba0) [0152.851] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.852] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0152.853] CoTaskMemFree (pv=0x5ca4ba0) [0152.853] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x281b420, cb=0xc | out: lpmodinfo=0x281b420*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0152.854] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.854] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0152.855] CoTaskMemFree (pv=0x5ca4ba0) [0152.855] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.855] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0152.856] CoTaskMemFree (pv=0x5ca4ba0) [0152.856] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x281d540, cb=0xc | out: lpmodinfo=0x281d540*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0152.858] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.858] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0152.859] CoTaskMemFree (pv=0x5ca4ba0) [0152.859] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.859] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0152.860] CoTaskMemFree (pv=0x5ca4ba0) [0152.860] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x281f658, cb=0xc | out: lpmodinfo=0x281f658*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0152.861] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.861] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0152.863] CoTaskMemFree (pv=0x5ca4ba0) [0152.863] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.863] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0152.864] CoTaskMemFree (pv=0x5ca4ba0) [0152.864] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x2821770, cb=0xc | out: lpmodinfo=0x2821770*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0152.865] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.865] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0152.867] CoTaskMemFree (pv=0x5ca4ba0) [0152.867] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.867] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0152.868] CoTaskMemFree (pv=0x5ca4ba0) [0152.868] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x2823878, cb=0xc | out: lpmodinfo=0x2823878*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0152.869] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.869] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0152.871] CoTaskMemFree (pv=0x5ca4ba0) [0152.871] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.871] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0152.872] CoTaskMemFree (pv=0x5ca4ba0) [0152.872] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x2825990, cb=0xc | out: lpmodinfo=0x2825990*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0152.873] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.873] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0152.875] CoTaskMemFree (pv=0x5ca4ba0) [0152.875] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.875] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0152.876] CoTaskMemFree (pv=0x5ca4ba0) [0152.876] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x2827aa8, cb=0xc | out: lpmodinfo=0x2827aa8*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0152.877] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.878] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0152.879] CoTaskMemFree (pv=0x5ca4ba0) [0152.879] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.879] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0152.880] CoTaskMemFree (pv=0x5ca4ba0) [0152.880] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x2829bc8, cb=0xc | out: lpmodinfo=0x2829bc8*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0152.882] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.882] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0152.883] CoTaskMemFree (pv=0x5ca4ba0) [0152.883] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.883] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0152.884] CoTaskMemFree (pv=0x5ca4ba0) [0152.884] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x282bce0, cb=0xc | out: lpmodinfo=0x282bce0*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0152.886] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.886] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0152.887] CoTaskMemFree (pv=0x5ca4ba0) [0152.887] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.887] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0152.889] CoTaskMemFree (pv=0x5ca4ba0) [0152.889] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x282ddf8, cb=0xc | out: lpmodinfo=0x282ddf8*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0152.890] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.890] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0152.891] CoTaskMemFree (pv=0x5ca4ba0) [0152.891] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.891] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0152.893] CoTaskMemFree (pv=0x5ca4ba0) [0152.893] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x282ff08, cb=0xc | out: lpmodinfo=0x282ff08*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0152.894] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.894] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0152.896] CoTaskMemFree (pv=0x5ca4ba0) [0152.896] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.896] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0152.897] CoTaskMemFree (pv=0x5ca4ba0) [0152.897] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x2832020, cb=0xc | out: lpmodinfo=0x2832020*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0152.899] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.899] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0152.900] CoTaskMemFree (pv=0x5ca4ba0) [0152.900] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.900] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0152.902] CoTaskMemFree (pv=0x5ca4ba0) [0152.902] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x2834140, cb=0xc | out: lpmodinfo=0x2834140*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0152.903] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.903] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0152.905] CoTaskMemFree (pv=0x5ca4ba0) [0152.905] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.905] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0152.906] CoTaskMemFree (pv=0x5ca4ba0) [0152.906] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x2836258, cb=0xc | out: lpmodinfo=0x2836258*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0152.908] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.908] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0152.909] CoTaskMemFree (pv=0x5ca4ba0) [0152.909] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.909] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0152.911] CoTaskMemFree (pv=0x5ca4ba0) [0152.911] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x2838384, cb=0xc | out: lpmodinfo=0x2838384*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0152.913] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.913] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0152.914] CoTaskMemFree (pv=0x5ca4ba0) [0152.914] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.914] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0152.916] CoTaskMemFree (pv=0x5ca4ba0) [0152.916] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x283a4a4, cb=0xc | out: lpmodinfo=0x283a4a4*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0152.917] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.917] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0152.919] CoTaskMemFree (pv=0x5ca4ba0) [0152.919] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.919] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0152.920] CoTaskMemFree (pv=0x5ca4ba0) [0152.920] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x283c5cc, cb=0xc | out: lpmodinfo=0x283c5cc*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0152.922] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.922] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0152.923] CoTaskMemFree (pv=0x5ca4ba0) [0152.923] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.923] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0152.925] CoTaskMemFree (pv=0x5ca4ba0) [0152.925] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x283e6e4, cb=0xc | out: lpmodinfo=0x283e6e4*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0152.927] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.927] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0152.928] CoTaskMemFree (pv=0x5ca4ba0) [0152.928] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.928] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0152.930] CoTaskMemFree (pv=0x5ca4ba0) [0152.930] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x2840804, cb=0xc | out: lpmodinfo=0x2840804*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0152.932] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.932] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0152.933] CoTaskMemFree (pv=0x5ca4ba0) [0152.933] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.933] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0152.935] CoTaskMemFree (pv=0x5ca4ba0) [0152.935] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x2842924, cb=0xc | out: lpmodinfo=0x2842924*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0152.936] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.936] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0152.938] CoTaskMemFree (pv=0x5ca4ba0) [0152.938] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.938] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0152.940] CoTaskMemFree (pv=0x5ca4ba0) [0152.940] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x2844a3c, cb=0xc | out: lpmodinfo=0x2844a3c*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0152.941] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.941] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0152.943] CoTaskMemFree (pv=0x5ca4ba0) [0152.943] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.943] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0152.945] CoTaskMemFree (pv=0x5ca4ba0) [0152.945] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x2846d68, cb=0xc | out: lpmodinfo=0x2846d68*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0152.948] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.948] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0152.949] CoTaskMemFree (pv=0x5ca4ba0) [0152.950] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.950] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0152.951] CoTaskMemFree (pv=0x5ca4ba0) [0152.951] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x2848e80, cb=0xc | out: lpmodinfo=0x2848e80*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0152.953] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.953] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0152.954] CoTaskMemFree (pv=0x5ca4ba0) [0152.955] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.955] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0152.956] CoTaskMemFree (pv=0x5ca4ba0) [0152.956] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x284af98, cb=0xc | out: lpmodinfo=0x284af98*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0152.958] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.958] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0152.960] CoTaskMemFree (pv=0x5ca4ba0) [0152.960] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.960] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0152.962] CoTaskMemFree (pv=0x5ca4ba0) [0152.962] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x284d0b0, cb=0xc | out: lpmodinfo=0x284d0b0*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0152.963] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.963] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0152.965] CoTaskMemFree (pv=0x5ca4ba0) [0152.965] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.965] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0152.967] CoTaskMemFree (pv=0x5ca4ba0) [0152.967] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x284f1f0, cb=0xc | out: lpmodinfo=0x284f1f0*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0152.969] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.969] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0152.970] CoTaskMemFree (pv=0x5ca4ba0) [0152.971] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.971] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0152.972] CoTaskMemFree (pv=0x5ca4ba0) [0152.972] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x2851308, cb=0xc | out: lpmodinfo=0x2851308*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0152.974] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.974] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0152.976] CoTaskMemFree (pv=0x5ca4ba0) [0152.976] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.976] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0152.978] CoTaskMemFree (pv=0x5ca4ba0) [0152.978] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x2853418, cb=0xc | out: lpmodinfo=0x2853418*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0152.980] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.980] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0152.982] CoTaskMemFree (pv=0x5ca4ba0) [0152.982] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.982] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0152.983] CoTaskMemFree (pv=0x5ca4ba0) [0152.983] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x28555ec, cb=0xc | out: lpmodinfo=0x28555ec*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0152.985] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.985] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0152.987] CoTaskMemFree (pv=0x5ca4ba0) [0152.987] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.987] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0152.989] CoTaskMemFree (pv=0x5ca4ba0) [0152.989] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x28577a8, cb=0xc | out: lpmodinfo=0x28577a8*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0152.991] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.991] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0152.993] CoTaskMemFree (pv=0x5ca4ba0) [0152.993] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.993] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0152.995] CoTaskMemFree (pv=0x5ca4ba0) [0152.995] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x28598d8, cb=0xc | out: lpmodinfo=0x28598d8*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0152.996] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.996] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0152.998] CoTaskMemFree (pv=0x5ca4ba0) [0152.998] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0152.998] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0153.000] CoTaskMemFree (pv=0x5ca4ba0) [0153.000] CloseHandle (hObject=0x640) returned 1 [0153.077] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0153.077] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0153.077] lstrlenA (lpString="ActivateActCtx") returned 14 [0153.077] lstrlenA (lpString="AddAtomA") returned 8 [0153.077] lstrlenA (lpString="AddAtomW") returned 8 [0153.077] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0153.078] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0153.078] lstrlenA (lpString="AddDllDirectory") returned 15 [0153.078] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0153.078] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0153.078] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0153.078] lstrlenA (lpString="AddRefActCtx") returned 12 [0153.078] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0153.078] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0153.078] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0153.079] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0153.079] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0153.079] lstrlenA (lpString="AllocConsole") returned 12 [0153.079] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0153.079] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0153.079] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0153.079] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0153.079] lstrlenA (lpString="AreFileApisANSI") returned 15 [0153.080] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0153.080] lstrlenA (lpString="AttachConsole") returned 13 [0153.080] lstrlenA (lpString="BackupRead") returned 10 [0153.080] lstrlenA (lpString="BackupSeek") returned 10 [0153.080] lstrlenA (lpString="BackupWrite") returned 11 [0153.080] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0153.080] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0153.080] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0153.080] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0153.081] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0153.081] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0153.081] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0153.081] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0153.081] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0153.081] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0153.081] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0153.081] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0153.081] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0153.082] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0153.082] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0153.082] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0153.082] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0153.082] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0153.082] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0153.082] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0153.082] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0153.083] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0153.083] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0153.083] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0153.083] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0153.083] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0153.083] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0153.083] lstrlenA (lpString="Beep") returned 4 [0153.083] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0153.083] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0153.084] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0153.084] lstrlenA (lpString="BuildCommDCBA") returned 13 [0153.084] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0153.084] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0153.084] lstrlenA (lpString="BuildCommDCBW") returned 13 [0153.084] lstrlenA (lpString="CallNamedPipeA") returned 14 [0153.084] lstrlenA (lpString="CallNamedPipeW") returned 14 [0153.084] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0153.084] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0153.085] lstrlenA (lpString="CancelIo") returned 8 [0153.085] lstrlenA (lpString="CancelIoEx") returned 10 [0153.085] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0153.085] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0153.085] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0153.085] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0153.085] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0153.086] lstrlenA (lpString="CheckElevation") returned 14 [0153.086] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0153.086] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0153.086] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0153.086] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0153.086] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0153.086] lstrlenA (lpString="ClearCommBreak") returned 14 [0153.086] lstrlenA (lpString="ClearCommError") returned 14 [0153.086] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0153.087] lstrlenA (lpString="CloseHandle") returned 11 [0153.087] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0153.087] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0153.087] lstrlenA (lpString="CloseThreadpool") returned 15 [0153.087] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0153.087] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0153.087] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0153.087] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0153.087] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0153.088] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0153.088] lstrlenA (lpString="CmdBatNotification") returned 18 [0153.088] lstrlenA (lpString="CommConfigDialogA") returned 17 [0153.088] lstrlenA (lpString="CommConfigDialogW") returned 17 [0153.088] lstrlenA (lpString="CompareCalendarDates") returned 20 [0153.088] lstrlenA (lpString="CompareFileTime") returned 15 [0153.088] lstrlenA (lpString="CompareStringA") returned 14 [0153.088] lstrlenA (lpString="CompareStringEx") returned 15 [0153.088] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0153.089] lstrlenA (lpString="CompareStringW") returned 14 [0153.089] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0153.089] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0153.089] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0153.089] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0153.089] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0153.089] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0153.089] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0153.089] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0153.090] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0153.090] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0153.090] lstrlenA (lpString="CopyContext") returned 11 [0153.090] lstrlenA (lpString="CopyFileA") returned 9 [0153.090] lstrlenA (lpString="CopyFileExA") returned 11 [0153.090] lstrlenA (lpString="CopyFileExW") returned 11 [0153.091] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0153.091] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0153.091] lstrlenA (lpString="CopyFileW") returned 9 [0153.091] lstrlenA (lpString="CopyLZFile") returned 10 [0153.091] lstrlenA (lpString="CreateActCtxA") returned 13 [0153.091] lstrlenA (lpString="CreateActCtxW") returned 13 [0153.091] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0153.091] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0153.092] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0153.092] lstrlenA (lpString="CreateDirectoryA") returned 16 [0153.092] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0153.092] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0153.092] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0153.092] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0153.092] lstrlenA (lpString="CreateDirectoryW") returned 16 [0153.092] lstrlenA (lpString="CreateEventA") returned 12 [0153.092] lstrlenA (lpString="CreateEventExA") returned 14 [0153.092] lstrlenA (lpString="CreateEventExW") returned 14 [0153.092] lstrlenA (lpString="CreateEventW") returned 12 [0153.092] lstrlenA (lpString="CreateFiber") returned 11 [0153.093] lstrlenA (lpString="CreateFiberEx") returned 13 [0153.093] lstrlenA (lpString="CreateFileA") returned 11 [0153.093] lstrlenA (lpString="CreateFileMappingA") returned 18 [0153.093] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0153.093] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0153.093] lstrlenA (lpString="CreateFileMappingW") returned 18 [0153.093] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0153.093] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0153.093] lstrlenA (lpString="CreateFileW") returned 11 [0153.093] lstrlenA (lpString="CreateHardLinkA") returned 15 [0153.093] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0153.093] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0153.093] lstrlenA (lpString="CreateHardLinkW") returned 15 [0153.094] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0153.094] lstrlenA (lpString="CreateJobObjectA") returned 16 [0153.094] lstrlenA (lpString="CreateJobObjectW") returned 16 [0153.094] lstrlenA (lpString="CreateJobSet") returned 12 [0153.094] lstrlenA (lpString="CreateMailslotA") returned 15 [0153.094] lstrlenA (lpString="CreateMailslotW") returned 15 [0153.094] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0153.094] lstrlenA (lpString="CreateMutexA") returned 12 [0153.094] lstrlenA (lpString="CreateMutexExA") returned 14 [0153.094] lstrlenA (lpString="CreateMutexExW") returned 14 [0153.094] lstrlenA (lpString="CreateMutexW") returned 12 [0153.094] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0153.094] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0153.094] lstrlenA (lpString="CreatePipe") returned 10 [0153.095] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0153.095] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0153.095] lstrlenA (lpString="CreateProcessA") returned 14 [0153.095] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0153.095] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0153.095] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0153.095] lstrlenA (lpString="CreateProcessW") returned 14 [0153.095] lstrlenA (lpString="CreateRemoteThread") returned 18 [0153.095] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0153.095] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0153.095] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0153.095] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0153.095] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0153.096] lstrlenA (lpString="CreateSocketHandle") returned 18 [0153.096] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0153.096] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0153.096] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0153.096] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0153.096] lstrlenA (lpString="CreateTapePartition") returned 19 [0153.096] lstrlenA (lpString="CreateThread") returned 12 [0153.096] lstrlenA (lpString="CreateThreadpool") returned 16 [0153.096] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0153.096] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0153.096] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0153.096] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0153.096] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0153.097] lstrlenA (lpString="CreateTimerQueue") returned 16 [0153.097] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0153.097] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0153.097] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0153.097] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0153.097] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0153.097] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0153.097] lstrlenA (lpString="CtrlRoutine") returned 11 [0153.097] lstrlenA (lpString="DeactivateActCtx") returned 16 [0153.097] lstrlenA (lpString="DebugActiveProcess") returned 18 [0153.097] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0153.097] lstrlenA (lpString="DebugBreak") returned 10 [0153.097] lstrlenA (lpString="DebugBreakProcess") returned 17 [0153.098] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0153.098] lstrlenA (lpString="DecodePointer") returned 13 [0153.098] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0153.098] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0153.098] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0153.098] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0153.098] lstrlenA (lpString="DeleteAtom") returned 10 [0153.098] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0153.098] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0153.098] lstrlenA (lpString="DeleteFiber") returned 11 [0153.098] lstrlenA (lpString="DeleteFileA") returned 11 [0153.098] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0153.098] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0153.099] lstrlenA (lpString="DeleteFileW") returned 11 [0153.099] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0153.099] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0153.099] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0153.099] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0153.099] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0153.099] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0153.099] lstrlenA (lpString="DeviceIoControl") returned 15 [0153.099] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0153.099] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0153.099] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0153.099] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0153.099] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0153.100] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0153.100] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0153.100] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0153.100] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0153.100] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0153.100] lstrlenA (lpString="DuplicateHandle") returned 15 [0153.100] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0153.100] lstrlenA (lpString="EncodePointer") returned 13 [0153.100] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0153.100] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0153.100] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0153.100] lstrlenA (lpString="EnterCriticalSection") returned 20 [0153.100] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0153.100] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0153.101] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0153.101] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0153.101] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0153.101] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0153.101] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0153.101] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0153.101] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0153.101] lstrlenA (lpString="EnumDateFormatsW") returned 16 [0153.125] GetThreadContext (in: hThread=0x634, lpContext=0x27b7d34 | out: lpContext=0x27b7d34*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1067286, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0153.224] EnumProcessModules (in: hProcess=0x640, lphModule=0x286cbe0, cb=0x100, lpcbNeeded=0x3cc73c | out: lphModule=0x286cbe0, lpcbNeeded=0x3cc73c) returned 1 [0153.225] EnumProcessModules (in: hProcess=0x640, lphModule=0x286ccec, cb=0x200, lpcbNeeded=0x3cc73c | out: lphModule=0x286ccec, lpcbNeeded=0x3cc73c) returned 1 [0153.227] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x286cf2c, cb=0xc | out: lpmodinfo=0x286cf2c*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0153.227] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.227] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0153.228] CoTaskMemFree (pv=0x5ca4ba0) [0153.228] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.228] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0153.228] CoTaskMemFree (pv=0x5ca4ba0) [0153.228] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x286f084, cb=0xc | out: lpmodinfo=0x286f084*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0153.228] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.228] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0153.229] CoTaskMemFree (pv=0x5ca4ba0) [0153.229] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.229] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0153.229] CoTaskMemFree (pv=0x5ca4ba0) [0153.229] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x2871194, cb=0xc | out: lpmodinfo=0x2871194*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0153.229] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.229] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0153.230] CoTaskMemFree (pv=0x5ca4ba0) [0153.230] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.230] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0153.230] CoTaskMemFree (pv=0x5ca4ba0) [0153.230] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x28732ac, cb=0xc | out: lpmodinfo=0x28732ac*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0153.230] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.230] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0153.231] CoTaskMemFree (pv=0x5ca4ba0) [0153.231] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.231] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0153.231] CoTaskMemFree (pv=0x5ca4ba0) [0153.231] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x28753cc, cb=0xc | out: lpmodinfo=0x28753cc*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0153.231] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.231] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0153.232] CoTaskMemFree (pv=0x5ca4ba0) [0153.232] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.232] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0153.232] CoTaskMemFree (pv=0x5ca4ba0) [0153.232] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x2877520, cb=0xc | out: lpmodinfo=0x2877520*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0153.232] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.233] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0153.233] CoTaskMemFree (pv=0x5ca4ba0) [0153.233] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.233] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0153.233] CoTaskMemFree (pv=0x5ca4ba0) [0153.233] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x2879640, cb=0xc | out: lpmodinfo=0x2879640*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0153.234] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.234] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0153.234] CoTaskMemFree (pv=0x5ca4ba0) [0153.234] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.234] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0153.235] CoTaskMemFree (pv=0x5ca4ba0) [0153.235] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x287b758, cb=0xc | out: lpmodinfo=0x287b758*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0153.235] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.235] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0153.235] CoTaskMemFree (pv=0x5ca4ba0) [0153.235] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.235] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0153.236] CoTaskMemFree (pv=0x5ca4ba0) [0153.236] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x287d870, cb=0xc | out: lpmodinfo=0x287d870*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0153.236] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.236] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0153.237] CoTaskMemFree (pv=0x5ca4ba0) [0153.237] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.237] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0153.237] CoTaskMemFree (pv=0x5ca4ba0) [0153.237] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x287f9d4, cb=0xc | out: lpmodinfo=0x287f9d4*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0153.238] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.238] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0153.238] CoTaskMemFree (pv=0x5ca4ba0) [0153.238] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.238] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0153.239] CoTaskMemFree (pv=0x5ca4ba0) [0153.239] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x2881aec, cb=0xc | out: lpmodinfo=0x2881aec*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0153.239] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.239] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0153.240] CoTaskMemFree (pv=0x5ca4ba0) [0153.240] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.240] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0153.240] CoTaskMemFree (pv=0x5ca4ba0) [0153.240] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x2883c0c, cb=0xc | out: lpmodinfo=0x2883c0c*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0153.241] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.241] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0153.241] CoTaskMemFree (pv=0x5ca4ba0) [0153.241] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.241] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0153.242] CoTaskMemFree (pv=0x5ca4ba0) [0153.242] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x2885d60, cb=0xc | out: lpmodinfo=0x2885d60*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0153.242] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.242] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0153.243] CoTaskMemFree (pv=0x5ca4ba0) [0153.243] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.243] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0153.243] CoTaskMemFree (pv=0x5ca4ba0) [0153.243] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x2887ed0, cb=0xc | out: lpmodinfo=0x2887ed0*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0153.244] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.244] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0153.244] CoTaskMemFree (pv=0x5ca4ba0) [0153.244] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.244] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0153.245] CoTaskMemFree (pv=0x5ca4ba0) [0153.245] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x2889fe8, cb=0xc | out: lpmodinfo=0x2889fe8*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0153.246] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.246] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0153.246] CoTaskMemFree (pv=0x5ca4ba0) [0153.246] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.246] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0153.247] CoTaskMemFree (pv=0x5ca4ba0) [0153.247] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x288c0f8, cb=0xc | out: lpmodinfo=0x288c0f8*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0153.247] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.247] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0153.248] CoTaskMemFree (pv=0x5ca4ba0) [0153.248] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.248] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0153.248] CoTaskMemFree (pv=0x5ca4ba0) [0153.248] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x288e210, cb=0xc | out: lpmodinfo=0x288e210*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0153.249] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.249] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0153.250] CoTaskMemFree (pv=0x5ca4ba0) [0153.250] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.250] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0153.250] CoTaskMemFree (pv=0x5ca4ba0) [0153.250] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x28903b0, cb=0xc | out: lpmodinfo=0x28903b0*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0153.251] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.251] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0153.252] CoTaskMemFree (pv=0x5ca4ba0) [0153.252] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.252] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0153.252] CoTaskMemFree (pv=0x5ca4ba0) [0153.252] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x28924c0, cb=0xc | out: lpmodinfo=0x28924c0*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0153.253] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.253] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0153.254] CoTaskMemFree (pv=0x5ca4ba0) [0153.254] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.254] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0153.254] CoTaskMemFree (pv=0x5ca4ba0) [0153.254] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x28945d0, cb=0xc | out: lpmodinfo=0x28945d0*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0153.255] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.255] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0153.256] CoTaskMemFree (pv=0x5ca4ba0) [0153.256] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.256] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0153.256] CoTaskMemFree (pv=0x5ca4ba0) [0153.257] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x28966e0, cb=0xc | out: lpmodinfo=0x28966e0*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0153.257] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.257] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0153.258] CoTaskMemFree (pv=0x5ca4ba0) [0153.258] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.258] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0153.259] CoTaskMemFree (pv=0x5ca4ba0) [0153.259] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x28987f8, cb=0xc | out: lpmodinfo=0x28987f8*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0153.259] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.259] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0153.260] CoTaskMemFree (pv=0x5ca4ba0) [0153.260] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.260] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0153.261] CoTaskMemFree (pv=0x5ca4ba0) [0153.261] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x289a934, cb=0xc | out: lpmodinfo=0x289a934*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0153.262] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.262] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0153.262] CoTaskMemFree (pv=0x5ca4ba0) [0153.262] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.262] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0153.263] CoTaskMemFree (pv=0x5ca4ba0) [0153.263] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x289ca84, cb=0xc | out: lpmodinfo=0x289ca84*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0153.264] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.264] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0153.265] CoTaskMemFree (pv=0x5ca4ba0) [0153.265] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.265] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0153.266] CoTaskMemFree (pv=0x5ca4ba0) [0153.266] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x289ebc4, cb=0xc | out: lpmodinfo=0x289ebc4*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0153.266] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.266] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0153.267] CoTaskMemFree (pv=0x5ca4ba0) [0153.267] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.267] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0153.268] CoTaskMemFree (pv=0x5ca4ba0) [0153.268] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x28a0d78, cb=0xc | out: lpmodinfo=0x28a0d78*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0153.269] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.269] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0153.270] CoTaskMemFree (pv=0x5ca4ba0) [0153.270] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.270] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0153.271] CoTaskMemFree (pv=0x5ca4ba0) [0153.271] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x28a2e88, cb=0xc | out: lpmodinfo=0x28a2e88*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0153.271] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.271] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0153.272] CoTaskMemFree (pv=0x5ca4ba0) [0153.272] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.272] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0153.273] CoTaskMemFree (pv=0x5ca4ba0) [0153.273] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x28a4fa0, cb=0xc | out: lpmodinfo=0x28a4fa0*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0153.274] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.274] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0153.275] CoTaskMemFree (pv=0x5ca4ba0) [0153.275] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.275] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0153.276] CoTaskMemFree (pv=0x5ca4ba0) [0153.276] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x28a7110, cb=0xc | out: lpmodinfo=0x28a7110*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0153.277] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.277] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0153.278] CoTaskMemFree (pv=0x5ca4ba0) [0153.278] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.278] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0153.279] CoTaskMemFree (pv=0x5ca4ba0) [0153.279] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x28a925c, cb=0xc | out: lpmodinfo=0x28a925c*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0153.279] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.279] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0153.280] CoTaskMemFree (pv=0x5ca4ba0) [0153.280] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.280] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0153.281] CoTaskMemFree (pv=0x5ca4ba0) [0153.281] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x28ab37c, cb=0xc | out: lpmodinfo=0x28ab37c*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0153.282] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.282] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0153.283] CoTaskMemFree (pv=0x5ca4ba0) [0153.283] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.283] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0153.284] CoTaskMemFree (pv=0x5ca4ba0) [0153.284] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x28ad524, cb=0xc | out: lpmodinfo=0x28ad524*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0153.285] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.285] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0153.286] CoTaskMemFree (pv=0x5ca4ba0) [0153.286] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.286] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0153.287] CoTaskMemFree (pv=0x5ca4ba0) [0153.287] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x28af6fc, cb=0xc | out: lpmodinfo=0x28af6fc*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0153.288] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.288] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0153.289] CoTaskMemFree (pv=0x5ca4ba0) [0153.289] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.289] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0153.290] CoTaskMemFree (pv=0x5ca4ba0) [0153.290] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x28b1a04, cb=0xc | out: lpmodinfo=0x28b1a04*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0153.291] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.291] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0153.292] CoTaskMemFree (pv=0x5ca4ba0) [0153.292] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.292] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0153.293] CoTaskMemFree (pv=0x5ca4ba0) [0153.293] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x28b3bcc, cb=0xc | out: lpmodinfo=0x28b3bcc*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0153.294] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.294] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0153.295] CoTaskMemFree (pv=0x5ca4ba0) [0153.295] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.296] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0153.297] CoTaskMemFree (pv=0x5ca4ba0) [0153.297] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x28b5dcc, cb=0xc | out: lpmodinfo=0x28b5dcc*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0153.298] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.298] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0153.299] CoTaskMemFree (pv=0x5ca4ba0) [0153.299] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.299] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0153.300] CoTaskMemFree (pv=0x5ca4ba0) [0153.300] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x28b7fc8, cb=0xc | out: lpmodinfo=0x28b7fc8*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0153.301] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.301] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0153.302] CoTaskMemFree (pv=0x5ca4ba0) [0153.302] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.302] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0153.303] CoTaskMemFree (pv=0x5ca4ba0) [0153.303] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x28ba188, cb=0xc | out: lpmodinfo=0x28ba188*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0153.304] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.304] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0153.305] CoTaskMemFree (pv=0x5ca4ba0) [0153.305] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.305] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0153.308] CoTaskMemFree (pv=0x5ca4ba0) [0153.308] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x28bc2f0, cb=0xc | out: lpmodinfo=0x28bc2f0*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0153.309] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.309] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0153.310] CoTaskMemFree (pv=0x5ca4ba0) [0153.310] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.310] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0153.311] CoTaskMemFree (pv=0x5ca4ba0) [0153.311] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x28be408, cb=0xc | out: lpmodinfo=0x28be408*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0153.312] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.313] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0153.314] CoTaskMemFree (pv=0x5ca4ba0) [0153.314] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.314] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0153.315] CoTaskMemFree (pv=0x5ca4ba0) [0153.315] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x28c0520, cb=0xc | out: lpmodinfo=0x28c0520*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0153.316] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.316] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0153.317] CoTaskMemFree (pv=0x5ca4ba0) [0153.317] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.317] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0153.318] CoTaskMemFree (pv=0x5ca4ba0) [0153.318] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x28c2638, cb=0xc | out: lpmodinfo=0x28c2638*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0153.320] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.320] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0153.321] CoTaskMemFree (pv=0x5ca4ba0) [0153.321] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.321] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0153.322] CoTaskMemFree (pv=0x5ca4ba0) [0153.322] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x28c4750, cb=0xc | out: lpmodinfo=0x28c4750*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0153.323] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.323] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0153.324] CoTaskMemFree (pv=0x5ca4ba0) [0153.324] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.324] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0153.325] CoTaskMemFree (pv=0x5ca4ba0) [0153.325] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x28c6868, cb=0xc | out: lpmodinfo=0x28c6868*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0153.327] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.327] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0153.328] CoTaskMemFree (pv=0x5ca4ba0) [0153.328] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.328] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0153.329] CoTaskMemFree (pv=0x5ca4ba0) [0153.329] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x28c8978, cb=0xc | out: lpmodinfo=0x28c8978*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0153.330] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.330] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0153.331] CoTaskMemFree (pv=0x5ca4ba0) [0153.331] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.331] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0153.333] CoTaskMemFree (pv=0x5ca4ba0) [0153.333] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x28caa98, cb=0xc | out: lpmodinfo=0x28caa98*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0153.334] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.334] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0153.336] CoTaskMemFree (pv=0x5ca4ba0) [0153.336] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.336] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0153.338] CoTaskMemFree (pv=0x5ca4ba0) [0153.338] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x28ccbb0, cb=0xc | out: lpmodinfo=0x28ccbb0*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0153.339] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.339] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0153.340] CoTaskMemFree (pv=0x5ca4ba0) [0153.340] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.340] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0153.341] CoTaskMemFree (pv=0x5ca4ba0) [0153.342] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x28cecc8, cb=0xc | out: lpmodinfo=0x28cecc8*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0153.343] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.343] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0153.344] CoTaskMemFree (pv=0x5ca4ba0) [0153.344] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.344] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0153.345] CoTaskMemFree (pv=0x5ca4ba0) [0153.345] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x28d0dd0, cb=0xc | out: lpmodinfo=0x28d0dd0*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0153.347] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.347] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0153.348] CoTaskMemFree (pv=0x5ca4ba0) [0153.348] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.348] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0153.349] CoTaskMemFree (pv=0x5ca4ba0) [0153.349] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x28d2ee8, cb=0xc | out: lpmodinfo=0x28d2ee8*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0153.350] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.350] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0153.354] CoTaskMemFree (pv=0x5ca4ba0) [0153.354] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.354] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0153.355] CoTaskMemFree (pv=0x5ca4ba0) [0153.355] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x28d5000, cb=0xc | out: lpmodinfo=0x28d5000*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0153.357] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.357] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0153.358] CoTaskMemFree (pv=0x5ca4ba0) [0153.358] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.358] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0153.360] CoTaskMemFree (pv=0x5ca4ba0) [0153.360] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x28d7120, cb=0xc | out: lpmodinfo=0x28d7120*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0153.361] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.361] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0153.362] CoTaskMemFree (pv=0x5ca4ba0) [0153.362] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.362] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0153.364] CoTaskMemFree (pv=0x5ca4ba0) [0153.364] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x28d9238, cb=0xc | out: lpmodinfo=0x28d9238*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0153.365] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.365] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0153.366] CoTaskMemFree (pv=0x5ca4ba0) [0153.366] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.366] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0153.368] CoTaskMemFree (pv=0x5ca4ba0) [0153.368] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x28db350, cb=0xc | out: lpmodinfo=0x28db350*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0153.369] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.369] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0153.370] CoTaskMemFree (pv=0x5ca4ba0) [0153.370] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.370] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0153.372] CoTaskMemFree (pv=0x5ca4ba0) [0153.372] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x28dd460, cb=0xc | out: lpmodinfo=0x28dd460*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0153.373] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.373] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0153.374] CoTaskMemFree (pv=0x5ca4ba0) [0153.374] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.375] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0153.376] CoTaskMemFree (pv=0x5ca4ba0) [0153.376] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x28df578, cb=0xc | out: lpmodinfo=0x28df578*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0153.377] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.377] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0153.379] CoTaskMemFree (pv=0x5ca4ba0) [0153.379] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.379] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0153.380] CoTaskMemFree (pv=0x5ca4ba0) [0153.380] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x28e1698, cb=0xc | out: lpmodinfo=0x28e1698*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0153.382] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.382] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0153.383] CoTaskMemFree (pv=0x5ca4ba0) [0153.383] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.383] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0153.385] CoTaskMemFree (pv=0x5ca4ba0) [0153.385] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x28e37b0, cb=0xc | out: lpmodinfo=0x28e37b0*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0153.386] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.386] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0153.388] CoTaskMemFree (pv=0x5ca4ba0) [0153.388] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.388] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0153.390] CoTaskMemFree (pv=0x5ca4ba0) [0153.390] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x28e58d0, cb=0xc | out: lpmodinfo=0x28e58d0*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0153.391] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.391] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0153.393] CoTaskMemFree (pv=0x5ca4ba0) [0153.393] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.393] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0153.395] CoTaskMemFree (pv=0x5ca4ba0) [0153.395] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x28e79f0, cb=0xc | out: lpmodinfo=0x28e79f0*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0153.397] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.397] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0153.399] CoTaskMemFree (pv=0x5ca4ba0) [0153.399] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.399] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0153.401] CoTaskMemFree (pv=0x5ca4ba0) [0153.401] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x28e9b18, cb=0xc | out: lpmodinfo=0x28e9b18*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0153.402] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.402] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0153.404] CoTaskMemFree (pv=0x5ca4ba0) [0153.404] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.404] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0153.406] CoTaskMemFree (pv=0x5ca4ba0) [0153.406] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x28ebc30, cb=0xc | out: lpmodinfo=0x28ebc30*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0153.408] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.408] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0153.410] CoTaskMemFree (pv=0x5ca4ba0) [0153.410] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.410] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0153.411] CoTaskMemFree (pv=0x5ca4ba0) [0153.411] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x28edd50, cb=0xc | out: lpmodinfo=0x28edd50*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0153.413] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.413] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0153.415] CoTaskMemFree (pv=0x5ca4ba0) [0153.415] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.415] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0153.417] CoTaskMemFree (pv=0x5ca4ba0) [0153.417] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x28efe70, cb=0xc | out: lpmodinfo=0x28efe70*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0153.419] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.419] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0153.421] CoTaskMemFree (pv=0x5ca4ba0) [0153.421] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.421] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0153.422] CoTaskMemFree (pv=0x5ca4ba0) [0153.422] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x28f1f88, cb=0xc | out: lpmodinfo=0x28f1f88*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0153.424] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.424] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0153.426] CoTaskMemFree (pv=0x5ca4ba0) [0153.426] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.426] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0153.428] CoTaskMemFree (pv=0x5ca4ba0) [0153.428] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x28f42c0, cb=0xc | out: lpmodinfo=0x28f42c0*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0153.440] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.440] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0153.442] CoTaskMemFree (pv=0x5ca4ba0) [0153.442] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.442] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0153.444] CoTaskMemFree (pv=0x5ca4ba0) [0153.444] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x28f63d8, cb=0xc | out: lpmodinfo=0x28f63d8*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0153.447] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.447] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0153.449] CoTaskMemFree (pv=0x5ca4ba0) [0153.449] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.449] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0153.451] CoTaskMemFree (pv=0x5ca4ba0) [0153.451] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x28f84f0, cb=0xc | out: lpmodinfo=0x28f84f0*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0153.453] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.453] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0153.455] CoTaskMemFree (pv=0x5ca4ba0) [0153.455] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.455] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0153.456] CoTaskMemFree (pv=0x5ca4ba0) [0153.456] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x28fa608, cb=0xc | out: lpmodinfo=0x28fa608*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0153.458] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.458] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0153.460] CoTaskMemFree (pv=0x5ca4ba0) [0153.460] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.460] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0153.462] CoTaskMemFree (pv=0x5ca4ba0) [0153.462] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x28fc748, cb=0xc | out: lpmodinfo=0x28fc748*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0153.464] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.464] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0153.466] CoTaskMemFree (pv=0x5ca4ba0) [0153.466] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.466] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0153.467] CoTaskMemFree (pv=0x5ca4ba0) [0153.467] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x28fe860, cb=0xc | out: lpmodinfo=0x28fe860*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0153.469] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.469] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0153.471] CoTaskMemFree (pv=0x5ca4ba0) [0153.471] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.471] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0153.472] CoTaskMemFree (pv=0x5ca4ba0) [0153.473] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x2900970, cb=0xc | out: lpmodinfo=0x2900970*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0153.474] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.474] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0153.476] CoTaskMemFree (pv=0x5ca4ba0) [0153.476] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.476] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0153.478] CoTaskMemFree (pv=0x5ca4ba0) [0153.478] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x2902b44, cb=0xc | out: lpmodinfo=0x2902b44*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0153.479] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.479] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0153.481] CoTaskMemFree (pv=0x5ca4ba0) [0153.481] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.481] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0153.483] CoTaskMemFree (pv=0x5ca4ba0) [0153.483] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x2904d00, cb=0xc | out: lpmodinfo=0x2904d00*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0153.485] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.485] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0153.487] CoTaskMemFree (pv=0x5ca4ba0) [0153.487] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.487] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0153.489] CoTaskMemFree (pv=0x5ca4ba0) [0153.489] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x2906e30, cb=0xc | out: lpmodinfo=0x2906e30*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0153.490] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.490] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0153.498] CoTaskMemFree (pv=0x5ca4ba0) [0153.498] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.499] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0153.500] CoTaskMemFree (pv=0x5ca4ba0) [0153.500] CloseHandle (hObject=0x640) returned 1 [0153.501] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0153.501] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0153.501] lstrlenA (lpString="ActivateActCtx") returned 14 [0153.501] lstrlenA (lpString="AddAtomA") returned 8 [0153.501] lstrlenA (lpString="AddAtomW") returned 8 [0153.502] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0153.502] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0153.502] lstrlenA (lpString="AddDllDirectory") returned 15 [0153.502] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0153.502] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0153.502] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0153.502] lstrlenA (lpString="AddRefActCtx") returned 12 [0153.502] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0153.502] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0153.503] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0153.503] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0153.503] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0153.503] lstrlenA (lpString="AllocConsole") returned 12 [0153.503] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0153.503] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0153.503] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0153.503] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0153.503] lstrlenA (lpString="AreFileApisANSI") returned 15 [0153.504] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0153.504] lstrlenA (lpString="AttachConsole") returned 13 [0153.504] lstrlenA (lpString="BackupRead") returned 10 [0153.504] lstrlenA (lpString="BackupSeek") returned 10 [0153.504] lstrlenA (lpString="BackupWrite") returned 11 [0153.504] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0153.504] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0153.504] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0153.504] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0153.505] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0153.505] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0153.505] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0153.505] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0153.505] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0153.505] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0153.505] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0153.505] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0153.505] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0153.506] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0153.506] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0153.506] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0153.506] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0153.506] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0153.506] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0153.506] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0153.506] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0153.506] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0153.507] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0153.507] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0153.507] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0153.507] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0153.507] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0153.507] lstrlenA (lpString="Beep") returned 4 [0153.508] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0153.508] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0153.508] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0153.508] lstrlenA (lpString="BuildCommDCBA") returned 13 [0153.508] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0153.508] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0153.508] lstrlenA (lpString="BuildCommDCBW") returned 13 [0153.508] lstrlenA (lpString="CallNamedPipeA") returned 14 [0153.508] lstrlenA (lpString="CallNamedPipeW") returned 14 [0153.509] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0153.509] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0153.509] lstrlenA (lpString="CancelIo") returned 8 [0153.509] lstrlenA (lpString="CancelIoEx") returned 10 [0153.509] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0153.509] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0153.509] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0153.509] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0153.509] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0153.509] lstrlenA (lpString="CheckElevation") returned 14 [0153.510] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0153.510] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0153.510] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0153.510] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0153.510] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0153.510] lstrlenA (lpString="ClearCommBreak") returned 14 [0153.510] lstrlenA (lpString="ClearCommError") returned 14 [0153.510] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0153.510] lstrlenA (lpString="CloseHandle") returned 11 [0153.511] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0153.511] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0153.511] lstrlenA (lpString="CloseThreadpool") returned 15 [0153.511] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0153.511] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0153.511] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0153.511] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0153.511] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0153.511] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0153.512] lstrlenA (lpString="CmdBatNotification") returned 18 [0153.512] lstrlenA (lpString="CommConfigDialogA") returned 17 [0153.512] lstrlenA (lpString="CommConfigDialogW") returned 17 [0153.512] lstrlenA (lpString="CompareCalendarDates") returned 20 [0153.512] lstrlenA (lpString="CompareFileTime") returned 15 [0153.512] lstrlenA (lpString="CompareStringA") returned 14 [0153.512] lstrlenA (lpString="CompareStringEx") returned 15 [0153.512] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0153.512] lstrlenA (lpString="CompareStringW") returned 14 [0153.512] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0153.513] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0153.513] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0153.513] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0153.513] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0153.513] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0153.513] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0153.513] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0153.513] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0153.513] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0153.514] lstrlenA (lpString="CopyContext") returned 11 [0153.514] lstrlenA (lpString="CopyFileA") returned 9 [0153.514] lstrlenA (lpString="CopyFileExA") returned 11 [0153.514] lstrlenA (lpString="CopyFileExW") returned 11 [0153.514] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0153.514] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0153.514] lstrlenA (lpString="CopyFileW") returned 9 [0153.514] lstrlenA (lpString="CopyLZFile") returned 10 [0153.514] lstrlenA (lpString="CreateActCtxA") returned 13 [0153.515] lstrlenA (lpString="CreateActCtxW") returned 13 [0153.515] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0153.515] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0153.515] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0153.515] lstrlenA (lpString="CreateDirectoryA") returned 16 [0153.515] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0153.515] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0153.515] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0153.515] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0153.515] lstrlenA (lpString="CreateDirectoryW") returned 16 [0153.515] lstrlenA (lpString="CreateEventA") returned 12 [0153.516] lstrlenA (lpString="CreateEventExA") returned 14 [0153.516] lstrlenA (lpString="CreateEventExW") returned 14 [0153.516] lstrlenA (lpString="CreateEventW") returned 12 [0153.516] lstrlenA (lpString="CreateFiber") returned 11 [0153.516] lstrlenA (lpString="CreateFiberEx") returned 13 [0153.516] lstrlenA (lpString="CreateFileA") returned 11 [0153.516] lstrlenA (lpString="CreateFileMappingA") returned 18 [0153.516] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0153.516] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0153.516] lstrlenA (lpString="CreateFileMappingW") returned 18 [0153.516] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0153.516] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0153.516] lstrlenA (lpString="CreateFileW") returned 11 [0153.517] lstrlenA (lpString="CreateHardLinkA") returned 15 [0153.517] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0153.517] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0153.517] lstrlenA (lpString="CreateHardLinkW") returned 15 [0153.517] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0153.517] lstrlenA (lpString="CreateJobObjectA") returned 16 [0153.517] lstrlenA (lpString="CreateJobObjectW") returned 16 [0153.517] lstrlenA (lpString="CreateJobSet") returned 12 [0153.517] lstrlenA (lpString="CreateMailslotA") returned 15 [0153.517] lstrlenA (lpString="CreateMailslotW") returned 15 [0153.517] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0153.517] lstrlenA (lpString="CreateMutexA") returned 12 [0153.517] lstrlenA (lpString="CreateMutexExA") returned 14 [0153.518] lstrlenA (lpString="CreateMutexExW") returned 14 [0153.518] lstrlenA (lpString="CreateMutexW") returned 12 [0153.518] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0153.518] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0153.518] lstrlenA (lpString="CreatePipe") returned 10 [0153.518] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0153.518] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0153.518] lstrlenA (lpString="CreateProcessA") returned 14 [0153.518] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0153.518] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0153.518] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0153.518] lstrlenA (lpString="CreateProcessW") returned 14 [0153.519] lstrlenA (lpString="CreateRemoteThread") returned 18 [0153.519] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0153.519] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0153.519] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0153.519] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0153.519] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0153.519] lstrlenA (lpString="CreateSocketHandle") returned 18 [0153.519] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0153.519] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0153.519] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0153.519] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0153.519] lstrlenA (lpString="CreateTapePartition") returned 19 [0153.519] lstrlenA (lpString="CreateThread") returned 12 [0153.520] lstrlenA (lpString="CreateThreadpool") returned 16 [0153.520] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0153.520] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0153.520] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0153.520] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0153.520] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0153.520] lstrlenA (lpString="CreateTimerQueue") returned 16 [0153.520] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0153.520] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0153.520] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0153.520] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0153.520] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0153.520] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0153.520] lstrlenA (lpString="CtrlRoutine") returned 11 [0153.521] lstrlenA (lpString="DeactivateActCtx") returned 16 [0153.521] lstrlenA (lpString="DebugActiveProcess") returned 18 [0153.521] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0153.521] lstrlenA (lpString="DebugBreak") returned 10 [0153.521] lstrlenA (lpString="DebugBreakProcess") returned 17 [0153.521] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0153.521] lstrlenA (lpString="DecodePointer") returned 13 [0153.521] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0153.521] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0153.521] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0153.521] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0153.521] lstrlenA (lpString="DeleteAtom") returned 10 [0153.521] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0153.522] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0153.522] lstrlenA (lpString="DeleteFiber") returned 11 [0153.522] lstrlenA (lpString="DeleteFileA") returned 11 [0153.522] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0153.522] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0153.522] lstrlenA (lpString="DeleteFileW") returned 11 [0153.522] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0153.522] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0153.522] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0153.522] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0153.522] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0153.522] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0153.522] lstrlenA (lpString="DeviceIoControl") returned 15 [0153.523] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0153.523] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0153.523] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0153.523] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0153.523] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0153.523] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0153.523] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0153.523] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0153.523] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0153.523] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0153.524] lstrlenA (lpString="DuplicateHandle") returned 15 [0153.524] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0153.524] lstrlenA (lpString="EncodePointer") returned 13 [0153.524] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0153.524] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0153.524] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0153.524] lstrlenA (lpString="EnterCriticalSection") returned 20 [0153.524] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0153.524] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0153.524] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0153.524] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0153.524] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0153.524] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0153.525] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0153.525] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0153.525] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0153.533] ReadProcessMemory (in: hProcess=0x638, lpBaseAddress=0x7efde008, lpBuffer=0x0, nSize=0x4, lpNumberOfBytesRead=0x2916754 | out: lpBuffer=0x0, lpNumberOfBytesRead=0x2916754) returned 0 [0153.647] EnumProcessModules (in: hProcess=0x640, lphModule=0x291ddcc, cb=0x100, lpcbNeeded=0x3cc744 | out: lphModule=0x291ddcc, lpcbNeeded=0x3cc744) returned 1 [0153.649] EnumProcessModules (in: hProcess=0x640, lphModule=0x291ded8, cb=0x200, lpcbNeeded=0x3cc744 | out: lphModule=0x291ded8, lpcbNeeded=0x3cc744) returned 1 [0153.651] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x291e118, cb=0xc | out: lpmodinfo=0x291e118*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0153.651] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.651] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0153.652] CoTaskMemFree (pv=0x5ca4ba0) [0153.652] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.652] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0153.652] CoTaskMemFree (pv=0x5ca4ba0) [0153.652] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x2920270, cb=0xc | out: lpmodinfo=0x2920270*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0153.652] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.652] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0153.653] CoTaskMemFree (pv=0x5ca4ba0) [0153.653] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.653] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0153.653] CoTaskMemFree (pv=0x5ca4ba0) [0153.653] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x292238c, cb=0xc | out: lpmodinfo=0x292238c*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0153.653] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.653] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0153.654] CoTaskMemFree (pv=0x5ca4ba0) [0153.654] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.654] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0153.654] CoTaskMemFree (pv=0x5ca4ba0) [0153.654] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x29244a4, cb=0xc | out: lpmodinfo=0x29244a4*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0153.654] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.654] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0153.655] CoTaskMemFree (pv=0x5ca4ba0) [0153.655] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.655] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0153.655] CoTaskMemFree (pv=0x5ca4ba0) [0153.655] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x29265c4, cb=0xc | out: lpmodinfo=0x29265c4*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0153.656] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.656] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0153.656] CoTaskMemFree (pv=0x5ca4ba0) [0153.656] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.656] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0153.656] CoTaskMemFree (pv=0x5ca4ba0) [0153.656] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x2928718, cb=0xc | out: lpmodinfo=0x2928718*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0153.657] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.657] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0153.657] CoTaskMemFree (pv=0x5ca4ba0) [0153.657] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.657] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0153.658] CoTaskMemFree (pv=0x5ca4ba0) [0153.658] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x292a838, cb=0xc | out: lpmodinfo=0x292a838*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0153.658] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.658] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0153.658] CoTaskMemFree (pv=0x5ca4ba0) [0153.658] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.658] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0153.659] CoTaskMemFree (pv=0x5ca4ba0) [0153.659] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x292c950, cb=0xc | out: lpmodinfo=0x292c950*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0153.659] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.659] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0153.660] CoTaskMemFree (pv=0x5ca4ba0) [0153.660] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.660] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0153.660] CoTaskMemFree (pv=0x5ca4ba0) [0153.660] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x292ea68, cb=0xc | out: lpmodinfo=0x292ea68*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0153.661] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.661] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0153.661] CoTaskMemFree (pv=0x5ca4ba0) [0153.661] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.661] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0153.662] CoTaskMemFree (pv=0x5ca4ba0) [0153.662] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x2930bcc, cb=0xc | out: lpmodinfo=0x2930bcc*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0153.662] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.662] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0153.663] CoTaskMemFree (pv=0x5ca4ba0) [0153.663] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.663] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0153.664] CoTaskMemFree (pv=0x5ca4ba0) [0153.664] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x2932ce4, cb=0xc | out: lpmodinfo=0x2932ce4*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0153.664] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.664] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0153.664] CoTaskMemFree (pv=0x5ca4ba0) [0153.665] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.665] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0153.665] CoTaskMemFree (pv=0x5ca4ba0) [0153.665] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x2934e04, cb=0xc | out: lpmodinfo=0x2934e04*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0153.666] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.666] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0153.666] CoTaskMemFree (pv=0x5ca4ba0) [0153.666] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.666] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0153.667] CoTaskMemFree (pv=0x5ca4ba0) [0153.667] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x2936f58, cb=0xc | out: lpmodinfo=0x2936f58*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0153.667] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.667] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0153.668] CoTaskMemFree (pv=0x5ca4ba0) [0153.668] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.668] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0153.668] CoTaskMemFree (pv=0x5ca4ba0) [0153.668] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x29390c8, cb=0xc | out: lpmodinfo=0x29390c8*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0153.669] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.669] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0153.669] CoTaskMemFree (pv=0x5ca4ba0) [0153.670] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.670] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0153.670] CoTaskMemFree (pv=0x5ca4ba0) [0153.670] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x293b1e0, cb=0xc | out: lpmodinfo=0x293b1e0*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0153.671] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.671] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0153.671] CoTaskMemFree (pv=0x5ca4ba0) [0153.671] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.671] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0153.672] CoTaskMemFree (pv=0x5ca4ba0) [0153.672] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x293d2f0, cb=0xc | out: lpmodinfo=0x293d2f0*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0153.672] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.672] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0153.673] CoTaskMemFree (pv=0x5ca4ba0) [0153.673] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.673] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0153.674] CoTaskMemFree (pv=0x5ca4ba0) [0153.674] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x293f408, cb=0xc | out: lpmodinfo=0x293f408*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0153.674] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.674] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0153.675] CoTaskMemFree (pv=0x5ca4ba0) [0153.675] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.675] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0153.676] CoTaskMemFree (pv=0x5ca4ba0) [0153.676] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x294159c, cb=0xc | out: lpmodinfo=0x294159c*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0153.676] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.676] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0153.677] CoTaskMemFree (pv=0x5ca4ba0) [0153.677] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.677] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0153.678] CoTaskMemFree (pv=0x5ca4ba0) [0153.678] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x29436ac, cb=0xc | out: lpmodinfo=0x29436ac*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0153.679] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.679] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0153.679] CoTaskMemFree (pv=0x5ca4ba0) [0153.679] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.679] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0153.680] CoTaskMemFree (pv=0x5ca4ba0) [0153.680] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x29457bc, cb=0xc | out: lpmodinfo=0x29457bc*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0153.681] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.681] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0153.681] CoTaskMemFree (pv=0x5ca4ba0) [0153.681] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.682] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0153.682] CoTaskMemFree (pv=0x5ca4ba0) [0153.682] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x29478cc, cb=0xc | out: lpmodinfo=0x29478cc*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0153.683] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.683] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0153.684] CoTaskMemFree (pv=0x5ca4ba0) [0153.684] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.684] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0153.684] CoTaskMemFree (pv=0x5ca4ba0) [0153.684] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x29499e4, cb=0xc | out: lpmodinfo=0x29499e4*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0153.685] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.685] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0153.686] CoTaskMemFree (pv=0x5ca4ba0) [0153.686] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.686] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0153.686] CoTaskMemFree (pv=0x5ca4ba0) [0153.687] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x294bb20, cb=0xc | out: lpmodinfo=0x294bb20*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0153.687] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.687] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0153.688] CoTaskMemFree (pv=0x5ca4ba0) [0153.688] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.688] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0153.689] CoTaskMemFree (pv=0x5ca4ba0) [0153.689] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x294dc70, cb=0xc | out: lpmodinfo=0x294dc70*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0153.690] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.690] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0153.690] CoTaskMemFree (pv=0x5ca4ba0) [0153.690] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.690] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0153.691] CoTaskMemFree (pv=0x5ca4ba0) [0153.691] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x294fdb0, cb=0xc | out: lpmodinfo=0x294fdb0*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0153.692] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.692] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0153.693] CoTaskMemFree (pv=0x5ca4ba0) [0153.693] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.693] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0153.693] CoTaskMemFree (pv=0x5ca4ba0) [0153.694] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x2951f64, cb=0xc | out: lpmodinfo=0x2951f64*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0153.694] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.694] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0153.695] CoTaskMemFree (pv=0x5ca4ba0) [0153.695] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.695] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0153.696] CoTaskMemFree (pv=0x5ca4ba0) [0153.696] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x2954074, cb=0xc | out: lpmodinfo=0x2954074*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0153.697] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.697] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0153.698] CoTaskMemFree (pv=0x5ca4ba0) [0153.698] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.698] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0153.698] CoTaskMemFree (pv=0x5ca4ba0) [0153.699] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x295618c, cb=0xc | out: lpmodinfo=0x295618c*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0153.699] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.699] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0153.700] CoTaskMemFree (pv=0x5ca4ba0) [0153.700] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.700] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0153.701] CoTaskMemFree (pv=0x5ca4ba0) [0153.701] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x2958308, cb=0xc | out: lpmodinfo=0x2958308*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0153.702] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.702] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0153.703] CoTaskMemFree (pv=0x5ca4ba0) [0153.703] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.703] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0153.704] CoTaskMemFree (pv=0x5ca4ba0) [0153.704] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x295a454, cb=0xc | out: lpmodinfo=0x295a454*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0153.705] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.705] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0153.706] CoTaskMemFree (pv=0x5ca4ba0) [0153.706] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.706] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0153.707] CoTaskMemFree (pv=0x5ca4ba0) [0153.707] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x295c574, cb=0xc | out: lpmodinfo=0x295c574*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0153.707] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.708] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0153.708] CoTaskMemFree (pv=0x5ca4ba0) [0153.708] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.708] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0153.711] CoTaskMemFree (pv=0x5ca4ba0) [0153.711] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x295e71c, cb=0xc | out: lpmodinfo=0x295e71c*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0153.711] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.712] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0153.712] CoTaskMemFree (pv=0x5ca4ba0) [0153.712] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.712] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0153.713] CoTaskMemFree (pv=0x5ca4ba0) [0153.714] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x29608f4, cb=0xc | out: lpmodinfo=0x29608f4*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0153.714] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.714] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0153.715] CoTaskMemFree (pv=0x5ca4ba0) [0153.715] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.715] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0153.716] CoTaskMemFree (pv=0x5ca4ba0) [0153.716] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x2962bfc, cb=0xc | out: lpmodinfo=0x2962bfc*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0153.717] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.717] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0153.718] CoTaskMemFree (pv=0x5ca4ba0) [0153.718] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.718] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0153.719] CoTaskMemFree (pv=0x5ca4ba0) [0153.719] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x2964dc4, cb=0xc | out: lpmodinfo=0x2964dc4*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0153.720] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.720] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0153.721] CoTaskMemFree (pv=0x5ca4ba0) [0153.721] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.721] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0153.722] CoTaskMemFree (pv=0x5ca4ba0) [0153.723] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x2966fc4, cb=0xc | out: lpmodinfo=0x2966fc4*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0153.723] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.723] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0153.724] CoTaskMemFree (pv=0x5ca4ba0) [0153.725] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.725] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0153.726] CoTaskMemFree (pv=0x5ca4ba0) [0153.726] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x29691c0, cb=0xc | out: lpmodinfo=0x29691c0*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0153.727] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.727] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0153.728] CoTaskMemFree (pv=0x5ca4ba0) [0153.728] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.728] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0153.729] CoTaskMemFree (pv=0x5ca4ba0) [0153.729] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x296b380, cb=0xc | out: lpmodinfo=0x296b380*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0153.730] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.730] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0153.731] CoTaskMemFree (pv=0x5ca4ba0) [0153.731] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.731] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0153.732] CoTaskMemFree (pv=0x5ca4ba0) [0153.732] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x296d4dc, cb=0xc | out: lpmodinfo=0x296d4dc*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0153.733] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.733] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0153.734] CoTaskMemFree (pv=0x5ca4ba0) [0153.734] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.734] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0153.736] CoTaskMemFree (pv=0x5ca4ba0) [0153.736] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x296f5f4, cb=0xc | out: lpmodinfo=0x296f5f4*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0153.737] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.737] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0153.738] CoTaskMemFree (pv=0x5ca4ba0) [0153.738] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.738] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0153.739] CoTaskMemFree (pv=0x5ca4ba0) [0153.739] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x297170c, cb=0xc | out: lpmodinfo=0x297170c*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0153.740] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.740] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0153.741] CoTaskMemFree (pv=0x5ca4ba0) [0153.741] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.741] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0153.742] CoTaskMemFree (pv=0x5ca4ba0) [0153.742] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x2973824, cb=0xc | out: lpmodinfo=0x2973824*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0153.743] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.743] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0153.745] CoTaskMemFree (pv=0x5ca4ba0) [0153.745] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.745] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0153.746] CoTaskMemFree (pv=0x5ca4ba0) [0153.746] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x297593c, cb=0xc | out: lpmodinfo=0x297593c*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0153.747] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.747] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0153.748] CoTaskMemFree (pv=0x5ca4ba0) [0153.748] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.748] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0153.749] CoTaskMemFree (pv=0x5ca4ba0) [0153.749] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x2977a54, cb=0xc | out: lpmodinfo=0x2977a54*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0153.751] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.751] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0153.752] CoTaskMemFree (pv=0x5ca4ba0) [0153.752] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.752] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0153.753] CoTaskMemFree (pv=0x5ca4ba0) [0153.753] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x2979b64, cb=0xc | out: lpmodinfo=0x2979b64*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0153.754] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.754] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0153.755] CoTaskMemFree (pv=0x5ca4ba0) [0153.756] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.756] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0153.757] CoTaskMemFree (pv=0x5ca4ba0) [0153.757] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x297bc84, cb=0xc | out: lpmodinfo=0x297bc84*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0153.758] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.758] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0153.759] CoTaskMemFree (pv=0x5ca4ba0) [0153.759] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.759] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0153.761] CoTaskMemFree (pv=0x5ca4ba0) [0153.761] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x297dd9c, cb=0xc | out: lpmodinfo=0x297dd9c*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0153.762] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.762] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0153.763] CoTaskMemFree (pv=0x5ca4ba0) [0153.763] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.763] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0153.764] CoTaskMemFree (pv=0x5ca4ba0) [0153.764] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x297feb4, cb=0xc | out: lpmodinfo=0x297feb4*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0153.766] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.766] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0153.767] CoTaskMemFree (pv=0x5ca4ba0) [0153.767] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.767] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0153.768] CoTaskMemFree (pv=0x5ca4ba0) [0153.768] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x2981fbc, cb=0xc | out: lpmodinfo=0x2981fbc*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0153.770] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.770] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0153.771] CoTaskMemFree (pv=0x5ca4ba0) [0153.771] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.771] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0153.773] CoTaskMemFree (pv=0x5ca4ba0) [0153.773] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x29840d4, cb=0xc | out: lpmodinfo=0x29840d4*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0153.774] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.774] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0153.775] CoTaskMemFree (pv=0x5ca4ba0) [0153.775] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.775] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0153.777] CoTaskMemFree (pv=0x5ca4ba0) [0153.777] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x29861ec, cb=0xc | out: lpmodinfo=0x29861ec*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0153.778] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.778] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0153.779] CoTaskMemFree (pv=0x5ca4ba0) [0153.779] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.779] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0153.781] CoTaskMemFree (pv=0x5ca4ba0) [0153.781] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x2988318, cb=0xc | out: lpmodinfo=0x2988318*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0153.782] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.782] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0153.784] CoTaskMemFree (pv=0x5ca4ba0) [0153.784] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.784] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0153.785] CoTaskMemFree (pv=0x5ca4ba0) [0153.785] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x298a430, cb=0xc | out: lpmodinfo=0x298a430*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0153.786] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.787] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0153.788] CoTaskMemFree (pv=0x5ca4ba0) [0153.788] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.788] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0153.790] CoTaskMemFree (pv=0x5ca4ba0) [0153.790] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x298c548, cb=0xc | out: lpmodinfo=0x298c548*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0153.791] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.791] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0153.792] CoTaskMemFree (pv=0x5ca4ba0) [0153.792] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.793] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0153.794] CoTaskMemFree (pv=0x5ca4ba0) [0153.794] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x298e658, cb=0xc | out: lpmodinfo=0x298e658*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0153.795] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.795] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0153.797] CoTaskMemFree (pv=0x5ca4ba0) [0153.797] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.797] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0153.798] CoTaskMemFree (pv=0x5ca4ba0) [0153.798] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x2990770, cb=0xc | out: lpmodinfo=0x2990770*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0153.800] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.800] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0153.801] CoTaskMemFree (pv=0x5ca4ba0) [0153.801] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.801] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0153.803] CoTaskMemFree (pv=0x5ca4ba0) [0153.803] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x2992890, cb=0xc | out: lpmodinfo=0x2992890*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0153.804] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.804] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0153.806] CoTaskMemFree (pv=0x5ca4ba0) [0153.806] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.806] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0153.807] CoTaskMemFree (pv=0x5ca4ba0) [0153.808] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x29949a8, cb=0xc | out: lpmodinfo=0x29949a8*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0153.809] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.809] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0153.810] CoTaskMemFree (pv=0x5ca4ba0) [0153.810] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.810] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0153.812] CoTaskMemFree (pv=0x5ca4ba0) [0153.812] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x2996ac8, cb=0xc | out: lpmodinfo=0x2996ac8*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0153.814] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.814] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0153.815] CoTaskMemFree (pv=0x5ca4ba0) [0153.815] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.815] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0153.817] CoTaskMemFree (pv=0x5ca4ba0) [0153.817] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x2998be8, cb=0xc | out: lpmodinfo=0x2998be8*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0153.818] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.818] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0153.821] CoTaskMemFree (pv=0x5ca4ba0) [0153.821] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.821] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0153.823] CoTaskMemFree (pv=0x5ca4ba0) [0153.823] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x299ad10, cb=0xc | out: lpmodinfo=0x299ad10*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0153.824] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.824] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0153.826] CoTaskMemFree (pv=0x5ca4ba0) [0153.826] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.826] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0153.827] CoTaskMemFree (pv=0x5ca4ba0) [0153.827] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x299ce28, cb=0xc | out: lpmodinfo=0x299ce28*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0153.829] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.829] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0153.830] CoTaskMemFree (pv=0x5ca4ba0) [0153.831] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.831] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0153.832] CoTaskMemFree (pv=0x5ca4ba0) [0153.832] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x299ef48, cb=0xc | out: lpmodinfo=0x299ef48*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0153.834] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.834] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0153.836] CoTaskMemFree (pv=0x5ca4ba0) [0153.836] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.836] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0153.837] CoTaskMemFree (pv=0x5ca4ba0) [0153.837] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x29a1068, cb=0xc | out: lpmodinfo=0x29a1068*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0153.839] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.839] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0153.841] CoTaskMemFree (pv=0x5ca4ba0) [0153.841] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.841] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0153.842] CoTaskMemFree (pv=0x5ca4ba0) [0153.842] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x29a3180, cb=0xc | out: lpmodinfo=0x29a3180*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0153.844] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.844] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0153.845] CoTaskMemFree (pv=0x5ca4ba0) [0153.846] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.846] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0153.847] CoTaskMemFree (pv=0x5ca4ba0) [0153.847] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x29a54ac, cb=0xc | out: lpmodinfo=0x29a54ac*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0153.849] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.849] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0153.851] CoTaskMemFree (pv=0x5ca4ba0) [0153.851] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.851] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0153.852] CoTaskMemFree (pv=0x5ca4ba0) [0153.852] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x29a75c4, cb=0xc | out: lpmodinfo=0x29a75c4*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0153.854] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.854] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0153.856] CoTaskMemFree (pv=0x5ca4ba0) [0153.856] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.856] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0153.857] CoTaskMemFree (pv=0x5ca4ba0) [0153.857] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x29a96dc, cb=0xc | out: lpmodinfo=0x29a96dc*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0153.859] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.859] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0153.861] CoTaskMemFree (pv=0x5ca4ba0) [0153.861] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.861] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0153.863] CoTaskMemFree (pv=0x5ca4ba0) [0153.863] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x29ab7f4, cb=0xc | out: lpmodinfo=0x29ab7f4*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0153.864] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.864] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0153.973] CoTaskMemFree (pv=0x5ca4ba0) [0153.973] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.973] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0153.975] CoTaskMemFree (pv=0x5ca4ba0) [0153.975] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x29ad928, cb=0xc | out: lpmodinfo=0x29ad928*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0153.977] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.977] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0153.979] CoTaskMemFree (pv=0x5ca4ba0) [0153.979] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.979] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0153.981] CoTaskMemFree (pv=0x5ca4ba0) [0153.981] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x29afa40, cb=0xc | out: lpmodinfo=0x29afa40*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0153.983] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.983] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0153.984] CoTaskMemFree (pv=0x5ca4ba0) [0153.984] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.984] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0153.986] CoTaskMemFree (pv=0x5ca4ba0) [0153.986] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x29b1b50, cb=0xc | out: lpmodinfo=0x29b1b50*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0153.988] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.988] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0153.990] CoTaskMemFree (pv=0x5ca4ba0) [0153.990] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.990] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0153.992] CoTaskMemFree (pv=0x5ca4ba0) [0153.992] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x29b3d24, cb=0xc | out: lpmodinfo=0x29b3d24*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0153.994] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.994] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0153.996] CoTaskMemFree (pv=0x5ca4ba0) [0153.996] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0153.996] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0153.997] CoTaskMemFree (pv=0x5ca4ba0) [0153.997] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x29b5ee0, cb=0xc | out: lpmodinfo=0x29b5ee0*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0153.999] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0154.000] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0154.001] CoTaskMemFree (pv=0x5ca4ba0) [0154.001] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0154.001] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0154.003] CoTaskMemFree (pv=0x5ca4ba0) [0154.003] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x29b8010, cb=0xc | out: lpmodinfo=0x29b8010*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0154.005] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0154.005] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5ca4ba0, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0154.066] CoTaskMemFree (pv=0x5ca4ba0) [0154.066] CoTaskMemAlloc (cb=0x804) returned 0x5ca4ba0 [0154.066] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5ca4ba0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0154.068] CoTaskMemFree (pv=0x5ca4ba0) [0154.068] CloseHandle (hObject=0x640) returned 1 [0154.081] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0154.081] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0154.081] lstrlenA (lpString="ActivateActCtx") returned 14 [0154.081] lstrlenA (lpString="AddAtomA") returned 8 [0154.081] lstrlenA (lpString="AddAtomW") returned 8 [0154.081] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0154.081] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0154.081] lstrlenA (lpString="AddDllDirectory") returned 15 [0154.082] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0154.082] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0154.082] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0154.082] lstrlenA (lpString="AddRefActCtx") returned 12 [0154.082] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0154.082] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0154.082] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0154.082] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0154.082] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0154.083] lstrlenA (lpString="AllocConsole") returned 12 [0154.083] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0154.083] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0154.083] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0154.083] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0154.083] lstrlenA (lpString="AreFileApisANSI") returned 15 [0154.083] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0154.083] lstrlenA (lpString="AttachConsole") returned 13 [0154.083] lstrlenA (lpString="BackupRead") returned 10 [0154.083] lstrlenA (lpString="BackupSeek") returned 10 [0154.084] lstrlenA (lpString="BackupWrite") returned 11 [0154.084] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0154.084] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0154.084] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0154.084] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0154.084] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0154.084] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0154.084] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0154.084] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0154.085] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0154.085] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0154.085] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0154.085] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0154.085] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0154.085] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0154.085] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0154.086] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0154.086] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0154.086] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0154.086] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0154.086] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0154.086] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0154.086] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0154.086] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0154.086] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0154.086] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0154.087] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0154.087] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0154.087] lstrlenA (lpString="Beep") returned 4 [0154.087] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0154.087] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0154.087] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0154.087] lstrlenA (lpString="BuildCommDCBA") returned 13 [0154.087] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0154.087] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0154.088] lstrlenA (lpString="BuildCommDCBW") returned 13 [0154.088] lstrlenA (lpString="CallNamedPipeA") returned 14 [0154.088] lstrlenA (lpString="CallNamedPipeW") returned 14 [0154.088] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0154.088] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0154.088] lstrlenA (lpString="CancelIo") returned 8 [0154.088] lstrlenA (lpString="CancelIoEx") returned 10 [0154.089] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0154.089] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0154.089] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0154.089] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0154.089] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0154.089] lstrlenA (lpString="CheckElevation") returned 14 [0154.089] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0154.089] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0154.089] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0154.090] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0154.090] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0154.090] lstrlenA (lpString="ClearCommBreak") returned 14 [0154.090] lstrlenA (lpString="ClearCommError") returned 14 [0154.090] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0154.090] lstrlenA (lpString="CloseHandle") returned 11 [0154.090] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0154.090] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0154.090] lstrlenA (lpString="CloseThreadpool") returned 15 [0154.090] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0154.091] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0154.091] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0154.091] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0154.091] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0154.091] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0154.091] lstrlenA (lpString="CmdBatNotification") returned 18 [0154.091] lstrlenA (lpString="CommConfigDialogA") returned 17 [0154.091] lstrlenA (lpString="CommConfigDialogW") returned 17 [0154.091] lstrlenA (lpString="CompareCalendarDates") returned 20 [0154.091] lstrlenA (lpString="CompareFileTime") returned 15 [0154.092] lstrlenA (lpString="CompareStringA") returned 14 [0154.092] lstrlenA (lpString="CompareStringEx") returned 15 [0154.092] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0154.092] lstrlenA (lpString="CompareStringW") returned 14 [0154.092] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0154.092] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0154.092] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0154.092] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0154.092] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0154.093] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0154.093] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0154.093] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0154.093] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0154.093] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0154.093] lstrlenA (lpString="CopyContext") returned 11 [0154.093] lstrlenA (lpString="CopyFileA") returned 9 [0154.093] lstrlenA (lpString="CopyFileExA") returned 11 [0154.093] lstrlenA (lpString="CopyFileExW") returned 11 [0154.093] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0154.094] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0154.094] lstrlenA (lpString="CopyFileW") returned 9 [0154.094] lstrlenA (lpString="CopyLZFile") returned 10 [0154.094] lstrlenA (lpString="CreateActCtxA") returned 13 [0154.094] lstrlenA (lpString="CreateActCtxW") returned 13 [0154.094] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0154.094] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0154.094] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0154.094] lstrlenA (lpString="CreateDirectoryA") returned 16 [0154.095] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0154.095] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0154.095] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0154.095] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0154.095] lstrlenA (lpString="CreateDirectoryW") returned 16 [0154.095] lstrlenA (lpString="CreateEventA") returned 12 [0154.095] lstrlenA (lpString="CreateEventExA") returned 14 [0154.095] lstrlenA (lpString="CreateEventExW") returned 14 [0154.095] lstrlenA (lpString="CreateEventW") returned 12 [0154.095] lstrlenA (lpString="CreateFiber") returned 11 [0154.095] lstrlenA (lpString="CreateFiberEx") returned 13 [0154.095] lstrlenA (lpString="CreateFileA") returned 11 [0154.095] lstrlenA (lpString="CreateFileMappingA") returned 18 [0154.095] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0154.096] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0154.096] lstrlenA (lpString="CreateFileMappingW") returned 18 [0154.096] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0154.096] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0154.096] lstrlenA (lpString="CreateFileW") returned 11 [0154.096] lstrlenA (lpString="CreateHardLinkA") returned 15 [0154.096] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0154.096] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0154.096] lstrlenA (lpString="CreateHardLinkW") returned 15 [0154.096] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0154.096] lstrlenA (lpString="CreateJobObjectA") returned 16 [0154.096] lstrlenA (lpString="CreateJobObjectW") returned 16 [0154.096] lstrlenA (lpString="CreateJobSet") returned 12 [0154.097] lstrlenA (lpString="CreateMailslotA") returned 15 [0154.097] lstrlenA (lpString="CreateMailslotW") returned 15 [0154.097] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0154.097] lstrlenA (lpString="CreateMutexA") returned 12 [0154.097] lstrlenA (lpString="CreateMutexExA") returned 14 [0154.097] lstrlenA (lpString="CreateMutexExW") returned 14 [0154.097] lstrlenA (lpString="CreateMutexW") returned 12 [0154.097] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0154.097] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0154.097] lstrlenA (lpString="CreatePipe") returned 10 [0154.097] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0154.097] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0154.097] lstrlenA (lpString="CreateProcessA") returned 14 [0154.097] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0154.098] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0154.098] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0154.098] lstrlenA (lpString="CreateProcessW") returned 14 [0154.098] lstrlenA (lpString="CreateRemoteThread") returned 18 [0154.098] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0154.098] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0154.098] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0154.098] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0154.098] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0154.098] lstrlenA (lpString="CreateSocketHandle") returned 18 [0154.098] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0154.098] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0154.098] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0154.098] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0154.099] lstrlenA (lpString="CreateTapePartition") returned 19 [0154.099] lstrlenA (lpString="CreateThread") returned 12 [0154.099] lstrlenA (lpString="CreateThreadpool") returned 16 [0154.099] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0154.099] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0154.099] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0154.099] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0154.099] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0154.099] lstrlenA (lpString="CreateTimerQueue") returned 16 [0154.099] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0154.105] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0154.273] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0154.273] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0154.273] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0154.273] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0154.273] lstrlenA (lpString="CtrlRoutine") returned 11 [0154.273] lstrlenA (lpString="DeactivateActCtx") returned 16 [0154.273] lstrlenA (lpString="DebugActiveProcess") returned 18 [0154.273] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0154.273] lstrlenA (lpString="DebugBreak") returned 10 [0154.273] lstrlenA (lpString="DebugBreakProcess") returned 17 [0154.273] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0154.274] lstrlenA (lpString="DecodePointer") returned 13 [0154.274] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0154.274] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0154.274] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0154.274] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0154.274] lstrlenA (lpString="DeleteAtom") returned 10 [0154.274] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0154.274] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0154.274] lstrlenA (lpString="DeleteFiber") returned 11 [0154.274] lstrlenA (lpString="DeleteFileA") returned 11 [0154.274] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0154.274] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0154.274] lstrlenA (lpString="DeleteFileW") returned 11 [0154.274] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0154.275] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0154.275] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0154.275] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0154.275] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0154.275] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0154.275] lstrlenA (lpString="DeviceIoControl") returned 15 [0154.275] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0154.275] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0154.275] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0154.275] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0154.275] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0154.275] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0154.275] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0154.276] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0154.276] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0154.276] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0154.276] lstrlenA (lpString="DuplicateHandle") returned 15 [0154.276] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0154.276] lstrlenA (lpString="EncodePointer") returned 13 [0154.276] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0154.276] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0154.276] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0154.276] lstrlenA (lpString="EnterCriticalSection") returned 20 [0154.276] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0154.276] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0154.276] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0154.276] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0154.277] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0154.277] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0154.277] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0154.277] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0154.277] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0154.291] VirtualAllocEx (hProcess=0x638, lpAddress=0x400000, dwSize=0x3a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0154.444] EnumProcessModules (in: hProcess=0x640, lphModule=0x27ba61c, cb=0x100, lpcbNeeded=0x3cc748 | out: lphModule=0x27ba61c, lpcbNeeded=0x3cc748) returned 1 [0154.446] EnumProcessModules (in: hProcess=0x640, lphModule=0x27ba728, cb=0x200, lpcbNeeded=0x3cc748 | out: lphModule=0x27ba728, lpcbNeeded=0x3cc748) returned 1 [0154.448] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x27ba968, cb=0xc | out: lpmodinfo=0x27ba968*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0154.448] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.448] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0154.448] CoTaskMemFree (pv=0x5c74c60) [0154.448] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.448] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0154.449] CoTaskMemFree (pv=0x5c74c60) [0154.449] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x27bcc3c, cb=0xc | out: lpmodinfo=0x27bcc3c*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0154.449] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.449] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0154.449] CoTaskMemFree (pv=0x5c74c60) [0154.449] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.449] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0154.450] CoTaskMemFree (pv=0x5c74c60) [0154.450] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x27bf560, cb=0xc | out: lpmodinfo=0x27bf560*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0154.450] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.450] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0154.450] CoTaskMemFree (pv=0x5c74c60) [0154.450] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.450] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0154.451] CoTaskMemFree (pv=0x5c74c60) [0154.451] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x27c23a4, cb=0xc | out: lpmodinfo=0x27c23a4*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0154.451] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.451] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0154.451] CoTaskMemFree (pv=0x5c74c60) [0154.451] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.451] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0154.452] CoTaskMemFree (pv=0x5c74c60) [0154.452] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x27c5530, cb=0xc | out: lpmodinfo=0x27c5530*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0154.452] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.452] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0154.452] CoTaskMemFree (pv=0x5c74c60) [0154.452] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.452] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0154.453] CoTaskMemFree (pv=0x5c74c60) [0154.453] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x27c8720, cb=0xc | out: lpmodinfo=0x27c8720*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0154.453] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.453] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0154.454] CoTaskMemFree (pv=0x5c74c60) [0154.454] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.454] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0154.454] CoTaskMemFree (pv=0x5c74c60) [0154.454] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x27cb8c0, cb=0xc | out: lpmodinfo=0x27cb8c0*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0154.455] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.455] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0154.455] CoTaskMemFree (pv=0x5c74c60) [0154.455] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.455] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0154.455] CoTaskMemFree (pv=0x5c74c60) [0154.456] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x27cea78, cb=0xc | out: lpmodinfo=0x27cea78*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0154.456] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.456] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0154.456] CoTaskMemFree (pv=0x5c74c60) [0154.456] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.456] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0154.457] CoTaskMemFree (pv=0x5c74c60) [0154.457] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x27d1c08, cb=0xc | out: lpmodinfo=0x27d1c08*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0154.457] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.457] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0154.458] CoTaskMemFree (pv=0x5c74c60) [0154.458] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.458] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0154.459] CoTaskMemFree (pv=0x5c74c60) [0154.459] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x27d4658, cb=0xc | out: lpmodinfo=0x27d4658*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0154.460] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.460] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0154.460] CoTaskMemFree (pv=0x5c74c60) [0154.460] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.460] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0154.461] CoTaskMemFree (pv=0x5c74c60) [0154.461] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x27d779c, cb=0xc | out: lpmodinfo=0x27d779c*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0154.461] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.461] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0154.462] CoTaskMemFree (pv=0x5c74c60) [0154.462] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.462] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0154.463] CoTaskMemFree (pv=0x5c74c60) [0154.463] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x27da9f4, cb=0xc | out: lpmodinfo=0x27da9f4*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0154.463] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.463] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0154.464] CoTaskMemFree (pv=0x5c74c60) [0154.464] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.464] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0154.464] CoTaskMemFree (pv=0x5c74c60) [0154.464] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x27ddba8, cb=0xc | out: lpmodinfo=0x27ddba8*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0154.465] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.465] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0154.465] CoTaskMemFree (pv=0x5c74c60) [0154.465] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.465] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0154.466] CoTaskMemFree (pv=0x5c74c60) [0154.466] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x27e0d5c, cb=0xc | out: lpmodinfo=0x27e0d5c*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0154.467] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.467] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0154.467] CoTaskMemFree (pv=0x5c74c60) [0154.467] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.467] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0154.468] CoTaskMemFree (pv=0x5c74c60) [0154.468] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x27e3f2c, cb=0xc | out: lpmodinfo=0x27e3f2c*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0154.468] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.468] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0154.469] CoTaskMemFree (pv=0x5c74c60) [0154.469] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.469] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0154.470] CoTaskMemFree (pv=0x5c74c60) [0154.470] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x27e70e0, cb=0xc | out: lpmodinfo=0x27e70e0*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0154.470] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.470] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0154.471] CoTaskMemFree (pv=0x5c74c60) [0154.471] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.471] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0154.472] CoTaskMemFree (pv=0x5c74c60) [0154.472] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x27ea260, cb=0xc | out: lpmodinfo=0x27ea260*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0154.472] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.472] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0154.473] CoTaskMemFree (pv=0x5c74c60) [0154.473] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.473] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0154.484] CoTaskMemFree (pv=0x5c74c60) [0154.484] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x27ed4cc, cb=0xc | out: lpmodinfo=0x27ed4cc*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0154.485] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.485] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0154.486] CoTaskMemFree (pv=0x5c74c60) [0154.486] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.486] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0154.486] CoTaskMemFree (pv=0x5c74c60) [0154.486] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x27f0620, cb=0xc | out: lpmodinfo=0x27f0620*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0154.487] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.487] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0154.488] CoTaskMemFree (pv=0x5c74c60) [0154.488] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.488] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0154.488] CoTaskMemFree (pv=0x5c74c60) [0154.488] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x27f3888, cb=0xc | out: lpmodinfo=0x27f3888*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0154.489] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.489] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0154.490] CoTaskMemFree (pv=0x5c74c60) [0154.490] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.490] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0154.490] CoTaskMemFree (pv=0x5c74c60) [0154.491] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x27f6a10, cb=0xc | out: lpmodinfo=0x27f6a10*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0154.491] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.491] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0154.492] CoTaskMemFree (pv=0x5c74c60) [0154.492] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.492] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0154.493] CoTaskMemFree (pv=0x5c74c60) [0154.493] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x27f9c24, cb=0xc | out: lpmodinfo=0x27f9c24*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0154.494] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.494] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0154.494] CoTaskMemFree (pv=0x5c74c60) [0154.494] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.494] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0154.495] CoTaskMemFree (pv=0x5c74c60) [0154.495] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x27fce18, cb=0xc | out: lpmodinfo=0x27fce18*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0154.496] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.496] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0154.497] CoTaskMemFree (pv=0x5c74c60) [0154.497] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.497] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0154.498] CoTaskMemFree (pv=0x5c74c60) [0154.498] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x2800054, cb=0xc | out: lpmodinfo=0x2800054*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0154.499] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.499] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0154.500] CoTaskMemFree (pv=0x5c74c60) [0154.500] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.500] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0154.501] CoTaskMemFree (pv=0x5c74c60) [0154.501] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x28032bc, cb=0xc | out: lpmodinfo=0x28032bc*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0154.502] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.502] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0154.502] CoTaskMemFree (pv=0x5c74c60) [0154.503] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.503] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0154.503] CoTaskMemFree (pv=0x5c74c60) [0154.503] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x2806780, cb=0xc | out: lpmodinfo=0x2806780*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0154.504] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.504] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0154.507] CoTaskMemFree (pv=0x5c74c60) [0154.507] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.507] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0154.508] CoTaskMemFree (pv=0x5c74c60) [0154.508] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x2809974, cb=0xc | out: lpmodinfo=0x2809974*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0154.509] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.509] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0154.510] CoTaskMemFree (pv=0x5c74c60) [0154.510] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.510] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0154.511] CoTaskMemFree (pv=0x5c74c60) [0154.511] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x280cca8, cb=0xc | out: lpmodinfo=0x280cca8*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0154.511] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.511] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0154.512] CoTaskMemFree (pv=0x5c74c60) [0154.512] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.512] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0154.513] CoTaskMemFree (pv=0x5c74c60) [0154.513] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x280fe9c, cb=0xc | out: lpmodinfo=0x280fe9c*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0154.514] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.514] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0154.515] CoTaskMemFree (pv=0x5c74c60) [0154.515] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.515] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0154.516] CoTaskMemFree (pv=0x5c74c60) [0154.516] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x2813068, cb=0xc | out: lpmodinfo=0x2813068*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0154.517] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.517] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0154.518] CoTaskMemFree (pv=0x5c74c60) [0154.518] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.518] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0154.519] CoTaskMemFree (pv=0x5c74c60) [0154.519] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x28161bc, cb=0xc | out: lpmodinfo=0x28161bc*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0154.520] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.520] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0154.521] CoTaskMemFree (pv=0x5c74c60) [0154.521] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.521] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0154.522] CoTaskMemFree (pv=0x5c74c60) [0154.522] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x2819408, cb=0xc | out: lpmodinfo=0x2819408*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0154.523] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.523] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0154.524] CoTaskMemFree (pv=0x5c74c60) [0154.524] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.524] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0154.525] CoTaskMemFree (pv=0x5c74c60) [0154.525] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x281c5b4, cb=0xc | out: lpmodinfo=0x281c5b4*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0154.526] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.526] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0154.527] CoTaskMemFree (pv=0x5c74c60) [0154.527] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.528] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0154.528] CoTaskMemFree (pv=0x5c74c60) [0154.529] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x281f894, cb=0xc | out: lpmodinfo=0x281f894*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0154.530] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.530] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0154.531] CoTaskMemFree (pv=0x5c74c60) [0154.531] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.531] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0154.532] CoTaskMemFree (pv=0x5c74c60) [0154.532] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x28228ec, cb=0xc | out: lpmodinfo=0x28228ec*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0154.533] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.533] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0154.534] CoTaskMemFree (pv=0x5c74c60) [0154.534] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.534] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0154.535] CoTaskMemFree (pv=0x5c74c60) [0154.535] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x2825ac0, cb=0xc | out: lpmodinfo=0x2825ac0*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0154.536] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.536] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0154.543] CoTaskMemFree (pv=0x5c74c60) [0154.543] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.543] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0154.544] CoTaskMemFree (pv=0x5c74c60) [0154.544] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x2828c54, cb=0xc | out: lpmodinfo=0x2828c54*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0154.545] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.546] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0154.547] CoTaskMemFree (pv=0x5c74c60) [0154.547] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.547] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0154.548] CoTaskMemFree (pv=0x5c74c60) [0154.548] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x282bde8, cb=0xc | out: lpmodinfo=0x282bde8*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0154.549] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.549] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0154.550] CoTaskMemFree (pv=0x5c74c60) [0154.550] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.550] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0154.551] CoTaskMemFree (pv=0x5c74c60) [0154.551] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x282ef14, cb=0xc | out: lpmodinfo=0x282ef14*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0154.553] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.553] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0154.554] CoTaskMemFree (pv=0x5c74c60) [0154.554] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.554] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0154.555] CoTaskMemFree (pv=0x5c74c60) [0154.555] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x283208c, cb=0xc | out: lpmodinfo=0x283208c*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0154.556] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.556] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0154.558] CoTaskMemFree (pv=0x5c74c60) [0154.558] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.558] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0154.559] CoTaskMemFree (pv=0x5c74c60) [0154.559] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x2835224, cb=0xc | out: lpmodinfo=0x2835224*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0154.560] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.560] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0154.561] CoTaskMemFree (pv=0x5c74c60) [0154.561] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.561] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0154.562] CoTaskMemFree (pv=0x5c74c60) [0154.563] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x28383f0, cb=0xc | out: lpmodinfo=0x28383f0*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0154.564] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.564] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0154.565] CoTaskMemFree (pv=0x5c74c60) [0154.565] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.565] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0154.567] CoTaskMemFree (pv=0x5c74c60) [0154.567] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x283b584, cb=0xc | out: lpmodinfo=0x283b584*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0154.583] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.583] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0154.585] CoTaskMemFree (pv=0x5c74c60) [0154.585] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.585] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0154.586] CoTaskMemFree (pv=0x5c74c60) [0154.587] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x283e750, cb=0xc | out: lpmodinfo=0x283e750*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0154.588] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.588] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0154.589] CoTaskMemFree (pv=0x5c74c60) [0154.589] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.589] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0154.591] CoTaskMemFree (pv=0x5c74c60) [0154.591] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x28418dc, cb=0xc | out: lpmodinfo=0x28418dc*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0154.592] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.592] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0154.593] CoTaskMemFree (pv=0x5c74c60) [0154.593] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.593] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0154.594] CoTaskMemFree (pv=0x5c74c60) [0154.594] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x2844aac, cb=0xc | out: lpmodinfo=0x2844aac*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0154.596] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.596] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0154.597] CoTaskMemFree (pv=0x5c74c60) [0154.597] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.597] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0154.598] CoTaskMemFree (pv=0x5c74c60) [0154.599] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x2847e40, cb=0xc | out: lpmodinfo=0x2847e40*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0154.600] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.600] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0154.602] CoTaskMemFree (pv=0x5c74c60) [0154.602] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.602] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0154.603] CoTaskMemFree (pv=0x5c74c60) [0154.603] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x284b004, cb=0xc | out: lpmodinfo=0x284b004*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0154.604] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.604] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0154.606] CoTaskMemFree (pv=0x5c74c60) [0154.606] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.606] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0154.607] CoTaskMemFree (pv=0x5c74c60) [0154.607] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x284e194, cb=0xc | out: lpmodinfo=0x284e194*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0154.609] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.609] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0154.610] CoTaskMemFree (pv=0x5c74c60) [0154.610] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.610] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0154.611] CoTaskMemFree (pv=0x5c74c60) [0154.611] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x2851374, cb=0xc | out: lpmodinfo=0x2851374*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0154.613] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.613] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0154.614] CoTaskMemFree (pv=0x5c74c60) [0154.614] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.614] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0154.616] CoTaskMemFree (pv=0x5c74c60) [0154.616] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x2854500, cb=0xc | out: lpmodinfo=0x2854500*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0154.617] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.617] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0154.618] CoTaskMemFree (pv=0x5c74c60) [0154.618] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.618] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0154.620] CoTaskMemFree (pv=0x5c74c60) [0154.620] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x2857818, cb=0xc | out: lpmodinfo=0x2857818*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0154.621] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.621] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0154.623] CoTaskMemFree (pv=0x5c74c60) [0154.623] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.623] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0154.624] CoTaskMemFree (pv=0x5c74c60) [0154.624] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x285a9c8, cb=0xc | out: lpmodinfo=0x285a9c8*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0154.626] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.626] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0154.627] CoTaskMemFree (pv=0x5c74c60) [0154.627] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.627] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0154.629] CoTaskMemFree (pv=0x5c74c60) [0154.629] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x285e1a8, cb=0xc | out: lpmodinfo=0x285e1a8*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0154.631] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.631] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0154.633] CoTaskMemFree (pv=0x5c74c60) [0154.633] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.633] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0154.634] CoTaskMemFree (pv=0x5c74c60) [0154.634] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x28602b8, cb=0xc | out: lpmodinfo=0x28602b8*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0154.636] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.636] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0154.638] CoTaskMemFree (pv=0x5c74c60) [0154.638] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.638] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0154.639] CoTaskMemFree (pv=0x5c74c60) [0154.639] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x28623d0, cb=0xc | out: lpmodinfo=0x28623d0*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0154.641] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.641] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0154.642] CoTaskMemFree (pv=0x5c74c60) [0154.642] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.643] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0154.644] CoTaskMemFree (pv=0x5c74c60) [0154.644] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x28644f0, cb=0xc | out: lpmodinfo=0x28644f0*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0154.646] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.646] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0154.648] CoTaskMemFree (pv=0x5c74c60) [0154.648] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.648] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0154.650] CoTaskMemFree (pv=0x5c74c60) [0154.650] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x28666c0, cb=0xc | out: lpmodinfo=0x28666c0*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0154.651] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.651] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0154.653] CoTaskMemFree (pv=0x5c74c60) [0154.653] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.653] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0154.655] CoTaskMemFree (pv=0x5c74c60) [0154.655] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x2868fe0, cb=0xc | out: lpmodinfo=0x2868fe0*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0154.656] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.656] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0154.658] CoTaskMemFree (pv=0x5c74c60) [0154.658] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.658] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0154.659] CoTaskMemFree (pv=0x5c74c60) [0154.659] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x286b1d0, cb=0xc | out: lpmodinfo=0x286b1d0*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0154.661] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.661] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0154.662] CoTaskMemFree (pv=0x5c74c60) [0154.663] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.663] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0154.664] CoTaskMemFree (pv=0x5c74c60) [0154.664] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x286e00c, cb=0xc | out: lpmodinfo=0x286e00c*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0154.666] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.666] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0154.667] CoTaskMemFree (pv=0x5c74c60) [0154.668] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.668] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0154.669] CoTaskMemFree (pv=0x5c74c60) [0154.669] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x2871200, cb=0xc | out: lpmodinfo=0x2871200*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0154.671] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.671] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0154.673] CoTaskMemFree (pv=0x5c74c60) [0154.673] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.673] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0154.674] CoTaskMemFree (pv=0x5c74c60) [0154.674] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x2874398, cb=0xc | out: lpmodinfo=0x2874398*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0154.676] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.676] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0154.678] CoTaskMemFree (pv=0x5c74c60) [0154.678] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.678] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0154.679] CoTaskMemFree (pv=0x5c74c60) [0154.680] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x2877590, cb=0xc | out: lpmodinfo=0x2877590*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0154.681] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.681] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0154.683] CoTaskMemFree (pv=0x5c74c60) [0154.683] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.683] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0154.685] CoTaskMemFree (pv=0x5c74c60) [0154.685] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x287a724, cb=0xc | out: lpmodinfo=0x287a724*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0154.686] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.686] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0154.688] CoTaskMemFree (pv=0x5c74c60) [0154.688] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.688] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0154.690] CoTaskMemFree (pv=0x5c74c60) [0154.690] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x287daec, cb=0xc | out: lpmodinfo=0x287daec*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0154.692] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.692] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0154.694] CoTaskMemFree (pv=0x5c74c60) [0154.694] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.694] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0154.695] CoTaskMemFree (pv=0x5c74c60) [0154.696] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x2880ab8, cb=0xc | out: lpmodinfo=0x2880ab8*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0154.697] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.697] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0154.699] CoTaskMemFree (pv=0x5c74c60) [0154.699] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.699] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0154.701] CoTaskMemFree (pv=0x5c74c60) [0154.701] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x2883c78, cb=0xc | out: lpmodinfo=0x2883c78*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0154.702] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.702] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0154.704] CoTaskMemFree (pv=0x5c74c60) [0154.704] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.704] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0154.706] CoTaskMemFree (pv=0x5c74c60) [0154.706] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x2886e70, cb=0xc | out: lpmodinfo=0x2886e70*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0154.708] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.708] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0154.710] CoTaskMemFree (pv=0x5c74c60) [0154.710] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.710] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0154.712] CoTaskMemFree (pv=0x5c74c60) [0154.712] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x288a068, cb=0xc | out: lpmodinfo=0x288a068*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0154.713] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.713] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0154.715] CoTaskMemFree (pv=0x5c74c60) [0154.715] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.715] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0154.717] CoTaskMemFree (pv=0x5c74c60) [0154.717] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x288d1dc, cb=0xc | out: lpmodinfo=0x288d1dc*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0154.719] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.719] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0154.721] CoTaskMemFree (pv=0x5c74c60) [0154.721] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.721] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0154.723] CoTaskMemFree (pv=0x5c74c60) [0154.723] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x289036c, cb=0xc | out: lpmodinfo=0x289036c*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0154.725] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.725] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0154.727] CoTaskMemFree (pv=0x5c74c60) [0154.727] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.727] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0154.729] CoTaskMemFree (pv=0x5c74c60) [0154.729] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x2892df0, cb=0xc | out: lpmodinfo=0x2892df0*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0154.731] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.731] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0154.733] CoTaskMemFree (pv=0x5c74c60) [0154.733] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.733] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0154.735] CoTaskMemFree (pv=0x5c74c60) [0154.735] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x2895f54, cb=0xc | out: lpmodinfo=0x2895f54*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0154.737] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.737] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0154.739] CoTaskMemFree (pv=0x5c74c60) [0154.739] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.739] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0154.743] CoTaskMemFree (pv=0x5c74c60) [0154.743] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x289907c, cb=0xc | out: lpmodinfo=0x289907c*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0154.744] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.745] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0154.746] CoTaskMemFree (pv=0x5c74c60) [0154.747] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.747] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0154.749] CoTaskMemFree (pv=0x5c74c60) [0154.749] CloseHandle (hObject=0x640) returned 1 [0154.750] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0154.751] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0154.751] lstrlenA (lpString="ActivateActCtx") returned 14 [0154.751] lstrlenA (lpString="AddAtomA") returned 8 [0154.751] lstrlenA (lpString="AddAtomW") returned 8 [0154.751] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0154.751] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0154.751] lstrlenA (lpString="AddDllDirectory") returned 15 [0154.751] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0154.751] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0154.752] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0154.752] lstrlenA (lpString="AddRefActCtx") returned 12 [0154.752] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0154.752] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0154.752] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0154.752] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0154.752] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0154.752] lstrlenA (lpString="AllocConsole") returned 12 [0154.752] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0154.752] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0154.753] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0154.753] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0154.753] lstrlenA (lpString="AreFileApisANSI") returned 15 [0154.753] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0154.753] lstrlenA (lpString="AttachConsole") returned 13 [0154.753] lstrlenA (lpString="BackupRead") returned 10 [0154.753] lstrlenA (lpString="BackupSeek") returned 10 [0154.753] lstrlenA (lpString="BackupWrite") returned 11 [0154.753] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0154.754] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0154.754] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0154.754] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0154.754] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0154.754] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0154.754] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0154.754] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0154.754] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0154.754] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0154.755] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0154.755] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0154.755] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0154.755] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0154.755] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0154.755] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0154.755] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0154.756] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0154.756] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0154.756] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0154.756] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0154.756] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0154.756] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0154.756] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0154.756] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0154.756] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0154.757] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0154.757] lstrlenA (lpString="Beep") returned 4 [0154.757] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0154.757] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0154.757] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0154.757] lstrlenA (lpString="BuildCommDCBA") returned 13 [0154.757] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0154.757] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0154.757] lstrlenA (lpString="BuildCommDCBW") returned 13 [0154.757] lstrlenA (lpString="CallNamedPipeA") returned 14 [0154.758] lstrlenA (lpString="CallNamedPipeW") returned 14 [0154.758] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0154.758] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0154.758] lstrlenA (lpString="CancelIo") returned 8 [0154.758] lstrlenA (lpString="CancelIoEx") returned 10 [0154.758] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0154.758] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0154.758] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0154.758] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0154.759] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0154.759] lstrlenA (lpString="CheckElevation") returned 14 [0154.759] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0154.759] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0154.759] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0154.759] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0154.759] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0154.759] lstrlenA (lpString="ClearCommBreak") returned 14 [0154.759] lstrlenA (lpString="ClearCommError") returned 14 [0154.760] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0154.760] lstrlenA (lpString="CloseHandle") returned 11 [0154.760] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0154.760] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0154.760] lstrlenA (lpString="CloseThreadpool") returned 15 [0154.760] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0154.760] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0154.760] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0154.760] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0154.760] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0154.761] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0154.761] lstrlenA (lpString="CmdBatNotification") returned 18 [0154.761] lstrlenA (lpString="CommConfigDialogA") returned 17 [0154.761] lstrlenA (lpString="CommConfigDialogW") returned 17 [0154.761] lstrlenA (lpString="CompareCalendarDates") returned 20 [0154.761] lstrlenA (lpString="CompareFileTime") returned 15 [0154.761] lstrlenA (lpString="CompareStringA") returned 14 [0154.761] lstrlenA (lpString="CompareStringEx") returned 15 [0154.762] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0154.762] lstrlenA (lpString="CompareStringW") returned 14 [0154.762] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0154.762] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0154.762] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0154.762] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0154.762] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0154.762] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0154.762] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0154.762] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0154.763] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0154.763] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0154.763] lstrlenA (lpString="CopyContext") returned 11 [0154.763] lstrlenA (lpString="CopyFileA") returned 9 [0154.763] lstrlenA (lpString="CopyFileExA") returned 11 [0154.763] lstrlenA (lpString="CopyFileExW") returned 11 [0154.763] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0154.763] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0154.764] lstrlenA (lpString="CopyFileW") returned 9 [0154.764] lstrlenA (lpString="CopyLZFile") returned 10 [0154.764] lstrlenA (lpString="CreateActCtxA") returned 13 [0154.764] lstrlenA (lpString="CreateActCtxW") returned 13 [0154.764] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0154.764] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0154.764] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0154.764] lstrlenA (lpString="CreateDirectoryA") returned 16 [0154.764] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0154.765] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0154.765] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0154.765] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0154.765] lstrlenA (lpString="CreateDirectoryW") returned 16 [0154.765] lstrlenA (lpString="CreateEventA") returned 12 [0154.765] lstrlenA (lpString="CreateEventExA") returned 14 [0154.765] lstrlenA (lpString="CreateEventExW") returned 14 [0154.765] lstrlenA (lpString="CreateEventW") returned 12 [0154.765] lstrlenA (lpString="CreateFiber") returned 11 [0154.765] lstrlenA (lpString="CreateFiberEx") returned 13 [0154.765] lstrlenA (lpString="CreateFileA") returned 11 [0154.765] lstrlenA (lpString="CreateFileMappingA") returned 18 [0154.765] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0154.766] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0154.766] lstrlenA (lpString="CreateFileMappingW") returned 18 [0154.766] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0154.766] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0154.766] lstrlenA (lpString="CreateFileW") returned 11 [0154.766] lstrlenA (lpString="CreateHardLinkA") returned 15 [0154.766] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0154.766] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0154.766] lstrlenA (lpString="CreateHardLinkW") returned 15 [0154.766] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0154.766] lstrlenA (lpString="CreateJobObjectA") returned 16 [0154.766] lstrlenA (lpString="CreateJobObjectW") returned 16 [0154.766] lstrlenA (lpString="CreateJobSet") returned 12 [0154.767] lstrlenA (lpString="CreateMailslotA") returned 15 [0154.767] lstrlenA (lpString="CreateMailslotW") returned 15 [0154.767] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0154.767] lstrlenA (lpString="CreateMutexA") returned 12 [0154.767] lstrlenA (lpString="CreateMutexExA") returned 14 [0154.767] lstrlenA (lpString="CreateMutexExW") returned 14 [0154.767] lstrlenA (lpString="CreateMutexW") returned 12 [0154.767] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0154.767] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0154.767] lstrlenA (lpString="CreatePipe") returned 10 [0154.767] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0154.767] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0154.768] lstrlenA (lpString="CreateProcessA") returned 14 [0154.768] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0154.768] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0154.768] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0154.768] lstrlenA (lpString="CreateProcessW") returned 14 [0154.768] lstrlenA (lpString="CreateRemoteThread") returned 18 [0154.768] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0154.768] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0154.768] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0154.768] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0154.768] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0154.768] lstrlenA (lpString="CreateSocketHandle") returned 18 [0154.768] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0154.769] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0154.769] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0154.769] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0154.769] lstrlenA (lpString="CreateTapePartition") returned 19 [0154.769] lstrlenA (lpString="CreateThread") returned 12 [0154.769] lstrlenA (lpString="CreateThreadpool") returned 16 [0154.769] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0154.769] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0154.769] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0154.769] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0154.769] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0154.769] lstrlenA (lpString="CreateTimerQueue") returned 16 [0154.769] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0154.770] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0154.770] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0154.770] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0154.770] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0154.770] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0154.770] lstrlenA (lpString="CtrlRoutine") returned 11 [0154.770] lstrlenA (lpString="DeactivateActCtx") returned 16 [0154.770] lstrlenA (lpString="DebugActiveProcess") returned 18 [0154.770] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0154.770] lstrlenA (lpString="DebugBreak") returned 10 [0154.770] lstrlenA (lpString="DebugBreakProcess") returned 17 [0154.771] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0154.771] lstrlenA (lpString="DecodePointer") returned 13 [0154.771] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0154.771] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0154.771] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0154.771] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0154.771] lstrlenA (lpString="DeleteAtom") returned 10 [0154.771] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0154.771] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0154.771] lstrlenA (lpString="DeleteFiber") returned 11 [0154.771] lstrlenA (lpString="DeleteFileA") returned 11 [0154.771] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0154.771] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0154.771] lstrlenA (lpString="DeleteFileW") returned 11 [0154.772] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0154.772] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0154.772] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0154.772] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0154.772] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0154.772] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0154.772] lstrlenA (lpString="DeviceIoControl") returned 15 [0154.772] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0154.772] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0154.772] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0154.772] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0154.772] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0154.773] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0154.773] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0154.773] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0154.773] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0154.773] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0154.773] lstrlenA (lpString="DuplicateHandle") returned 15 [0154.773] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0154.773] lstrlenA (lpString="EncodePointer") returned 13 [0154.773] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0154.773] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0154.773] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0154.773] lstrlenA (lpString="EnterCriticalSection") returned 20 [0154.773] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0154.774] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0154.774] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0154.774] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0154.774] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0154.774] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0154.774] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0154.774] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0154.774] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0154.791] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x400000, lpBuffer=0x3881ea8*, nSize=0x200, lpNumberOfBytesWritten=0x28af08c | out: lpBuffer=0x3881ea8*, lpNumberOfBytesWritten=0x28af08c*=0x200) returned 1 [0154.899] EnumProcessModules (in: hProcess=0x640, lphModule=0x28b6e68, cb=0x100, lpcbNeeded=0x3cc748 | out: lphModule=0x28b6e68, lpcbNeeded=0x3cc748) returned 1 [0154.900] EnumProcessModules (in: hProcess=0x640, lphModule=0x28b6f74, cb=0x200, lpcbNeeded=0x3cc748 | out: lphModule=0x28b6f74, lpcbNeeded=0x3cc748) returned 1 [0154.902] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x28b71b4, cb=0xc | out: lpmodinfo=0x28b71b4*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0154.902] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.902] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0154.903] CoTaskMemFree (pv=0x5c74c60) [0154.903] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.903] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0154.903] CoTaskMemFree (pv=0x5c74c60) [0154.903] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x28ba234, cb=0xc | out: lpmodinfo=0x28ba234*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0154.903] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.903] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0154.904] CoTaskMemFree (pv=0x5c74c60) [0154.904] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.904] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0154.904] CoTaskMemFree (pv=0x5c74c60) [0154.904] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x28bd3c4, cb=0xc | out: lpmodinfo=0x28bd3c4*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0154.904] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.904] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0154.905] CoTaskMemFree (pv=0x5c74c60) [0154.905] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.905] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0154.905] CoTaskMemFree (pv=0x5c74c60) [0154.905] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x28c058c, cb=0xc | out: lpmodinfo=0x28c058c*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0154.905] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.905] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0154.906] CoTaskMemFree (pv=0x5c74c60) [0154.906] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.906] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0154.906] CoTaskMemFree (pv=0x5c74c60) [0154.906] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x28c3714, cb=0xc | out: lpmodinfo=0x28c3714*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0154.907] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.907] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0154.907] CoTaskMemFree (pv=0x5c74c60) [0154.907] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.907] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0154.907] CoTaskMemFree (pv=0x5c74c60) [0154.907] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x28c6908, cb=0xc | out: lpmodinfo=0x28c6908*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0154.908] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.908] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0154.908] CoTaskMemFree (pv=0x5c74c60) [0154.908] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.908] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0154.908] CoTaskMemFree (pv=0x5c74c60) [0154.909] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x28c9a58, cb=0xc | out: lpmodinfo=0x28c9a58*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0154.909] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.909] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0154.909] CoTaskMemFree (pv=0x5c74c60) [0154.909] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.909] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0154.910] CoTaskMemFree (pv=0x5c74c60) [0154.910] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x28ccc1c, cb=0xc | out: lpmodinfo=0x28ccc1c*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0154.910] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.910] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0154.911] CoTaskMemFree (pv=0x5c74c60) [0154.911] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.911] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0154.911] CoTaskMemFree (pv=0x5c74c60) [0154.911] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x28cfd98, cb=0xc | out: lpmodinfo=0x28cfd98*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0154.912] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.912] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0154.912] CoTaskMemFree (pv=0x5c74c60) [0154.912] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.912] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0154.912] CoTaskMemFree (pv=0x5c74c60) [0154.913] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x28d2fa0, cb=0xc | out: lpmodinfo=0x28d2fa0*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0154.913] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.913] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0154.913] CoTaskMemFree (pv=0x5c74c60) [0154.914] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.914] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0154.914] CoTaskMemFree (pv=0x5c74c60) [0154.914] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x28d60dc, cb=0xc | out: lpmodinfo=0x28d60dc*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0154.914] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.914] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0154.915] CoTaskMemFree (pv=0x5c74c60) [0154.915] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.915] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0154.915] CoTaskMemFree (pv=0x5c74c60) [0154.916] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x28d92a8, cb=0xc | out: lpmodinfo=0x28d92a8*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0154.916] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.916] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0154.916] CoTaskMemFree (pv=0x5c74c60) [0154.917] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.917] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0154.917] CoTaskMemFree (pv=0x5c74c60) [0154.917] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x28dc468, cb=0xc | out: lpmodinfo=0x28dc468*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0154.918] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.918] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0154.918] CoTaskMemFree (pv=0x5c74c60) [0154.918] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.918] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0154.919] CoTaskMemFree (pv=0x5c74c60) [0154.919] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x28df610, cb=0xc | out: lpmodinfo=0x28df610*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0154.919] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.919] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0154.920] CoTaskMemFree (pv=0x5c74c60) [0154.920] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.920] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0154.921] CoTaskMemFree (pv=0x5c74c60) [0154.921] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x28e277c, cb=0xc | out: lpmodinfo=0x28e277c*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0154.921] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.921] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0154.922] CoTaskMemFree (pv=0x5c74c60) [0154.922] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.922] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0154.922] CoTaskMemFree (pv=0x5c74c60) [0154.922] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x28e5938, cb=0xc | out: lpmodinfo=0x28e5938*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0154.923] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.923] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0154.924] CoTaskMemFree (pv=0x5c74c60) [0154.924] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.924] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0154.924] CoTaskMemFree (pv=0x5c74c60) [0154.924] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x28e8adc, cb=0xc | out: lpmodinfo=0x28e8adc*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0154.925] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.925] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0154.926] CoTaskMemFree (pv=0x5c74c60) [0154.926] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.926] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0154.926] CoTaskMemFree (pv=0x5c74c60) [0154.926] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x28ebd20, cb=0xc | out: lpmodinfo=0x28ebd20*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0154.927] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.927] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0154.928] CoTaskMemFree (pv=0x5c74c60) [0154.928] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.928] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0154.928] CoTaskMemFree (pv=0x5c74c60) [0154.928] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x28eee34, cb=0xc | out: lpmodinfo=0x28eee34*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0154.929] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.929] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0154.930] CoTaskMemFree (pv=0x5c74c60) [0154.930] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.930] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0154.930] CoTaskMemFree (pv=0x5c74c60) [0154.931] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x28f1ff0, cb=0xc | out: lpmodinfo=0x28f1ff0*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0154.931] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.931] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0154.932] CoTaskMemFree (pv=0x5c74c60) [0154.932] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.932] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0154.932] CoTaskMemFree (pv=0x5c74c60) [0154.933] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x28f5394, cb=0xc | out: lpmodinfo=0x28f5394*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0154.933] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.933] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0154.934] CoTaskMemFree (pv=0x5c74c60) [0154.934] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.934] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0154.935] CoTaskMemFree (pv=0x5c74c60) [0154.935] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x28f855c, cb=0xc | out: lpmodinfo=0x28f855c*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0154.935] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.935] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0154.936] CoTaskMemFree (pv=0x5c74c60) [0154.936] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.936] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0154.937] CoTaskMemFree (pv=0x5c74c60) [0154.937] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x28fb720, cb=0xc | out: lpmodinfo=0x28fb720*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0154.938] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.938] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0154.938] CoTaskMemFree (pv=0x5c74c60) [0154.939] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.939] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0154.939] CoTaskMemFree (pv=0x5c74c60) [0154.939] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x28fe8e8, cb=0xc | out: lpmodinfo=0x28fe8e8*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0154.940] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.940] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0154.941] CoTaskMemFree (pv=0x5c74c60) [0154.941] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.941] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0154.942] CoTaskMemFree (pv=0x5c74c60) [0154.942] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x2901a60, cb=0xc | out: lpmodinfo=0x2901a60*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0154.943] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.943] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0154.943] CoTaskMemFree (pv=0x5c74c60) [0154.943] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.944] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0154.944] CoTaskMemFree (pv=0x5c74c60) [0154.944] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x2904e00, cb=0xc | out: lpmodinfo=0x2904e00*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0154.945] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.945] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0154.946] CoTaskMemFree (pv=0x5c74c60) [0154.946] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.946] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0154.947] CoTaskMemFree (pv=0x5c74c60) [0154.947] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x2907f10, cb=0xc | out: lpmodinfo=0x2907f10*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0154.948] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.948] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0154.949] CoTaskMemFree (pv=0x5c74c60) [0154.949] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.949] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0154.950] CoTaskMemFree (pv=0x5c74c60) [0154.950] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x290b4a0, cb=0xc | out: lpmodinfo=0x290b4a0*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0154.951] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.951] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0154.951] CoTaskMemFree (pv=0x5c74c60) [0154.952] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.952] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0154.952] CoTaskMemFree (pv=0x5c74c60) [0154.952] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x290d610, cb=0xc | out: lpmodinfo=0x290d610*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0154.953] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.953] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0154.954] CoTaskMemFree (pv=0x5c74c60) [0154.954] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.954] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0154.955] CoTaskMemFree (pv=0x5c74c60) [0154.955] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x290f75c, cb=0xc | out: lpmodinfo=0x290f75c*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0154.956] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.956] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0154.957] CoTaskMemFree (pv=0x5c74c60) [0154.957] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.957] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0154.958] CoTaskMemFree (pv=0x5c74c60) [0154.958] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x291187c, cb=0xc | out: lpmodinfo=0x291187c*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0154.959] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.959] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0154.960] CoTaskMemFree (pv=0x5c74c60) [0154.960] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.960] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0154.961] CoTaskMemFree (pv=0x5c74c60) [0154.961] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x2913a24, cb=0xc | out: lpmodinfo=0x2913a24*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0154.962] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.962] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0154.963] CoTaskMemFree (pv=0x5c74c60) [0154.963] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.963] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0154.964] CoTaskMemFree (pv=0x5c74c60) [0154.964] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x2915c08, cb=0xc | out: lpmodinfo=0x2915c08*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0154.965] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.965] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0154.966] CoTaskMemFree (pv=0x5c74c60) [0154.966] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.966] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0154.967] CoTaskMemFree (pv=0x5c74c60) [0154.967] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x2918314, cb=0xc | out: lpmodinfo=0x2918314*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0154.968] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.968] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0154.969] CoTaskMemFree (pv=0x5c74c60) [0154.969] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.969] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0154.970] CoTaskMemFree (pv=0x5c74c60) [0154.970] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x291ac00, cb=0xc | out: lpmodinfo=0x291ac00*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0154.971] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.971] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0154.972] CoTaskMemFree (pv=0x5c74c60) [0154.972] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.972] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0154.973] CoTaskMemFree (pv=0x5c74c60) [0154.973] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x291ce00, cb=0xc | out: lpmodinfo=0x291ce00*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0154.974] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.974] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0154.975] CoTaskMemFree (pv=0x5c74c60) [0154.975] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.975] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0154.976] CoTaskMemFree (pv=0x5c74c60) [0154.976] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x29203a0, cb=0xc | out: lpmodinfo=0x29203a0*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0154.977] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.977] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0154.978] CoTaskMemFree (pv=0x5c74c60) [0154.978] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.978] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0154.979] CoTaskMemFree (pv=0x5c74c60) [0154.980] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x2923500, cb=0xc | out: lpmodinfo=0x2923500*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0154.981] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.981] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0154.982] CoTaskMemFree (pv=0x5c74c60) [0154.982] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.982] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0154.983] CoTaskMemFree (pv=0x5c74c60) [0154.983] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x292666c, cb=0xc | out: lpmodinfo=0x292666c*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0154.984] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.984] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0154.985] CoTaskMemFree (pv=0x5c74c60) [0154.985] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.985] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0154.986] CoTaskMemFree (pv=0x5c74c60) [0154.986] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x29297f4, cb=0xc | out: lpmodinfo=0x29297f4*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0154.987] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.987] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0154.988] CoTaskMemFree (pv=0x5c74c60) [0154.988] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.988] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0154.989] CoTaskMemFree (pv=0x5c74c60) [0154.989] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x292c9bc, cb=0xc | out: lpmodinfo=0x292c9bc*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0154.990] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.990] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0154.992] CoTaskMemFree (pv=0x5c74c60) [0154.992] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.992] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0154.993] CoTaskMemFree (pv=0x5c74c60) [0154.993] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x292fb40, cb=0xc | out: lpmodinfo=0x292fb40*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0154.994] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.994] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0154.995] CoTaskMemFree (pv=0x5c74c60) [0154.995] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.995] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0154.996] CoTaskMemFree (pv=0x5c74c60) [0154.996] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x2932d50, cb=0xc | out: lpmodinfo=0x2932d50*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0154.997] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.997] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0154.999] CoTaskMemFree (pv=0x5c74c60) [0154.999] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0154.999] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0155.000] CoTaskMemFree (pv=0x5c74c60) [0155.000] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x2935ee0, cb=0xc | out: lpmodinfo=0x2935ee0*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0155.001] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.001] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0155.002] CoTaskMemFree (pv=0x5c74c60) [0155.002] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.003] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0155.004] CoTaskMemFree (pv=0x5c74c60) [0155.004] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x2939130, cb=0xc | out: lpmodinfo=0x2939130*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0155.006] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.006] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0155.008] CoTaskMemFree (pv=0x5c74c60) [0155.008] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.008] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0155.009] CoTaskMemFree (pv=0x5c74c60) [0155.009] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x293c2b8, cb=0xc | out: lpmodinfo=0x293c2b8*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0155.010] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.010] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0155.011] CoTaskMemFree (pv=0x5c74c60) [0155.011] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.012] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0155.013] CoTaskMemFree (pv=0x5c74c60) [0155.013] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x293f474, cb=0xc | out: lpmodinfo=0x293f474*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0155.014] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.014] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0155.015] CoTaskMemFree (pv=0x5c74c60) [0155.015] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.015] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0155.017] CoTaskMemFree (pv=0x5c74c60) [0155.017] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x294267c, cb=0xc | out: lpmodinfo=0x294267c*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0155.018] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.018] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0155.019] CoTaskMemFree (pv=0x5c74c60) [0155.019] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.019] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0155.021] CoTaskMemFree (pv=0x5c74c60) [0155.021] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x2945820, cb=0xc | out: lpmodinfo=0x2945820*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0155.022] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.022] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0155.023] CoTaskMemFree (pv=0x5c74c60) [0155.023] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.023] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0155.025] CoTaskMemFree (pv=0x5c74c60) [0155.025] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x29489b0, cb=0xc | out: lpmodinfo=0x29489b0*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0155.026] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.026] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0155.027] CoTaskMemFree (pv=0x5c74c60) [0155.028] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.028] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0155.029] CoTaskMemFree (pv=0x5c74c60) [0155.029] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x294bb8c, cb=0xc | out: lpmodinfo=0x294bb8c*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0155.030] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.030] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0155.032] CoTaskMemFree (pv=0x5c74c60) [0155.032] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.032] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0155.033] CoTaskMemFree (pv=0x5c74c60) [0155.033] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x294ed6c, cb=0xc | out: lpmodinfo=0x294ed6c*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0155.034] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.034] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0155.036] CoTaskMemFree (pv=0x5c74c60) [0155.036] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.036] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0155.037] CoTaskMemFree (pv=0x5c74c60) [0155.037] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x2951fd0, cb=0xc | out: lpmodinfo=0x2951fd0*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0155.039] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.039] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0155.040] CoTaskMemFree (pv=0x5c74c60) [0155.040] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.040] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0155.042] CoTaskMemFree (pv=0x5c74c60) [0155.042] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x2955158, cb=0xc | out: lpmodinfo=0x2955158*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0155.043] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.043] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0155.045] CoTaskMemFree (pv=0x5c74c60) [0155.045] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.045] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0155.046] CoTaskMemFree (pv=0x5c74c60) [0155.046] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x2958370, cb=0xc | out: lpmodinfo=0x2958370*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0155.048] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.048] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0155.049] CoTaskMemFree (pv=0x5c74c60) [0155.049] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.049] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0155.050] CoTaskMemFree (pv=0x5c74c60) [0155.051] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x295b530, cb=0xc | out: lpmodinfo=0x295b530*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0155.052] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.052] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0155.053] CoTaskMemFree (pv=0x5c74c60) [0155.053] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.054] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0155.055] CoTaskMemFree (pv=0x5c74c60) [0155.055] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x295e78c, cb=0xc | out: lpmodinfo=0x295e78c*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0155.056] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.056] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0155.058] CoTaskMemFree (pv=0x5c74c60) [0155.058] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.058] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0155.059] CoTaskMemFree (pv=0x5c74c60) [0155.059] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x29619ec, cb=0xc | out: lpmodinfo=0x29619ec*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0155.061] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.061] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0155.062] CoTaskMemFree (pv=0x5c74c60) [0155.062] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.063] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0155.064] CoTaskMemFree (pv=0x5c74c60) [0155.064] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x2964e34, cb=0xc | out: lpmodinfo=0x2964e34*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0155.066] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.066] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0155.076] CoTaskMemFree (pv=0x5c74c60) [0155.077] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.077] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0155.078] CoTaskMemFree (pv=0x5c74c60) [0155.078] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x29680c0, cb=0xc | out: lpmodinfo=0x29680c0*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0155.080] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.080] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0155.081] CoTaskMemFree (pv=0x5c74c60) [0155.081] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.082] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0155.091] CoTaskMemFree (pv=0x5c74c60) [0155.091] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x296b3f4, cb=0xc | out: lpmodinfo=0x296b3f4*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0155.093] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.093] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0155.094] CoTaskMemFree (pv=0x5c74c60) [0155.094] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.094] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0155.096] CoTaskMemFree (pv=0x5c74c60) [0155.096] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x296e5c0, cb=0xc | out: lpmodinfo=0x296e5c0*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0155.098] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.098] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0155.099] CoTaskMemFree (pv=0x5c74c60) [0155.099] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.099] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0155.101] CoTaskMemFree (pv=0x5c74c60) [0155.101] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x297177c, cb=0xc | out: lpmodinfo=0x297177c*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0155.102] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.102] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0155.104] CoTaskMemFree (pv=0x5c74c60) [0155.104] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.104] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0155.106] CoTaskMemFree (pv=0x5c74c60) [0155.106] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x297490c, cb=0xc | out: lpmodinfo=0x297490c*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0155.107] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.107] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0155.109] CoTaskMemFree (pv=0x5c74c60) [0155.109] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.109] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0155.111] CoTaskMemFree (pv=0x5c74c60) [0155.111] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x2977ac0, cb=0xc | out: lpmodinfo=0x2977ac0*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0155.113] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.113] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0155.114] CoTaskMemFree (pv=0x5c74c60) [0155.114] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.114] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0155.116] CoTaskMemFree (pv=0x5c74c60) [0155.116] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x297ae5c, cb=0xc | out: lpmodinfo=0x297ae5c*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0155.118] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.118] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0155.119] CoTaskMemFree (pv=0x5c74c60) [0155.120] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.120] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0155.121] CoTaskMemFree (pv=0x5c74c60) [0155.121] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x297de08, cb=0xc | out: lpmodinfo=0x297de08*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0155.123] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.123] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0155.125] CoTaskMemFree (pv=0x5c74c60) [0155.125] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.125] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0155.127] CoTaskMemFree (pv=0x5c74c60) [0155.127] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x2980f90, cb=0xc | out: lpmodinfo=0x2980f90*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0155.128] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.128] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0155.136] CoTaskMemFree (pv=0x5c74c60) [0155.136] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.136] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0155.138] CoTaskMemFree (pv=0x5c74c60) [0155.138] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x2984140, cb=0xc | out: lpmodinfo=0x2984140*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0155.140] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.140] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0155.142] CoTaskMemFree (pv=0x5c74c60) [0155.142] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.142] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0155.144] CoTaskMemFree (pv=0x5c74c60) [0155.144] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x29872e8, cb=0xc | out: lpmodinfo=0x29872e8*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0155.146] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.146] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0155.147] CoTaskMemFree (pv=0x5c74c60) [0155.147] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.147] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0155.149] CoTaskMemFree (pv=0x5c74c60) [0155.149] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x298a49c, cb=0xc | out: lpmodinfo=0x298a49c*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0155.151] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.151] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0155.153] CoTaskMemFree (pv=0x5c74c60) [0155.153] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.153] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0155.155] CoTaskMemFree (pv=0x5c74c60) [0155.155] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x298d618, cb=0xc | out: lpmodinfo=0x298d618*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0155.156] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.156] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0155.158] CoTaskMemFree (pv=0x5c74c60) [0155.158] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.158] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0155.160] CoTaskMemFree (pv=0x5c74c60) [0155.160] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x2990894, cb=0xc | out: lpmodinfo=0x2990894*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0155.162] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.162] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0155.164] CoTaskMemFree (pv=0x5c74c60) [0155.164] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.164] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0155.166] CoTaskMemFree (pv=0x5c74c60) [0155.166] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x2993a0c, cb=0xc | out: lpmodinfo=0x2993a0c*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0155.168] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.168] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0155.170] CoTaskMemFree (pv=0x5c74c60) [0155.170] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.170] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0155.172] CoTaskMemFree (pv=0x5c74c60) [0155.172] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x2996b40, cb=0xc | out: lpmodinfo=0x2996b40*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0155.174] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.174] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0155.175] CoTaskMemFree (pv=0x5c74c60) [0155.175] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.175] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0155.179] CoTaskMemFree (pv=0x5c74c60) [0155.179] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0155.179] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0155.179] lstrlenA (lpString="ActivateActCtx") returned 14 [0155.179] lstrlenA (lpString="AddAtomA") returned 8 [0155.180] lstrlenA (lpString="AddAtomW") returned 8 [0155.180] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0155.180] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0155.180] lstrlenA (lpString="AddDllDirectory") returned 15 [0155.180] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0155.180] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0155.180] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0155.180] lstrlenA (lpString="AddRefActCtx") returned 12 [0155.180] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0155.180] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0155.181] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0155.181] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0155.181] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0155.181] lstrlenA (lpString="AllocConsole") returned 12 [0155.181] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0155.181] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0155.181] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0155.181] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0155.181] lstrlenA (lpString="AreFileApisANSI") returned 15 [0155.182] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0155.182] lstrlenA (lpString="AttachConsole") returned 13 [0155.182] lstrlenA (lpString="BackupRead") returned 10 [0155.182] lstrlenA (lpString="BackupSeek") returned 10 [0155.182] lstrlenA (lpString="BackupWrite") returned 11 [0155.182] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0155.182] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0155.183] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0155.183] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0155.183] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0155.183] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0155.183] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0155.183] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0155.183] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0155.183] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0155.183] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0155.184] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0155.184] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0155.184] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0155.184] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0155.184] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0155.184] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0155.184] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0155.184] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0155.185] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0155.185] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0155.185] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0155.185] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0155.185] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0155.185] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0155.185] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0155.185] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0155.186] lstrlenA (lpString="Beep") returned 4 [0155.186] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0155.186] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0155.186] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0155.186] lstrlenA (lpString="BuildCommDCBA") returned 13 [0155.186] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0155.186] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0155.186] lstrlenA (lpString="BuildCommDCBW") returned 13 [0155.187] lstrlenA (lpString="CallNamedPipeA") returned 14 [0155.187] lstrlenA (lpString="CallNamedPipeW") returned 14 [0155.187] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0155.187] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0155.187] lstrlenA (lpString="CancelIo") returned 8 [0155.187] lstrlenA (lpString="CancelIoEx") returned 10 [0155.187] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0155.187] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0155.187] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0155.188] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0155.188] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0155.188] lstrlenA (lpString="CheckElevation") returned 14 [0155.188] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0155.188] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0155.188] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0155.188] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0155.188] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0155.188] lstrlenA (lpString="ClearCommBreak") returned 14 [0155.188] lstrlenA (lpString="ClearCommError") returned 14 [0155.189] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0155.189] lstrlenA (lpString="CloseHandle") returned 11 [0155.189] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0155.189] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0155.189] lstrlenA (lpString="CloseThreadpool") returned 15 [0155.189] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0155.189] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0155.189] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0155.189] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0155.190] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0155.190] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0155.190] lstrlenA (lpString="CmdBatNotification") returned 18 [0155.190] lstrlenA (lpString="CommConfigDialogA") returned 17 [0155.190] lstrlenA (lpString="CommConfigDialogW") returned 17 [0155.190] lstrlenA (lpString="CompareCalendarDates") returned 20 [0155.190] lstrlenA (lpString="CompareFileTime") returned 15 [0155.190] lstrlenA (lpString="CompareStringA") returned 14 [0155.190] lstrlenA (lpString="CompareStringEx") returned 15 [0155.190] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0155.191] lstrlenA (lpString="CompareStringW") returned 14 [0155.191] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0155.191] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0155.191] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0155.191] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0155.191] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0155.192] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0155.192] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0155.192] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0155.192] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0155.192] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0155.192] lstrlenA (lpString="CopyContext") returned 11 [0155.192] lstrlenA (lpString="CopyFileA") returned 9 [0155.192] lstrlenA (lpString="CopyFileExA") returned 11 [0155.193] lstrlenA (lpString="CopyFileExW") returned 11 [0155.193] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0155.193] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0155.193] lstrlenA (lpString="CopyFileW") returned 9 [0155.193] lstrlenA (lpString="CopyLZFile") returned 10 [0155.193] lstrlenA (lpString="CreateActCtxA") returned 13 [0155.193] lstrlenA (lpString="CreateActCtxW") returned 13 [0155.193] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0155.194] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0155.194] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0155.194] lstrlenA (lpString="CreateDirectoryA") returned 16 [0155.194] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0155.194] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0155.194] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0155.194] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0155.194] lstrlenA (lpString="CreateDirectoryW") returned 16 [0155.194] lstrlenA (lpString="CreateEventA") returned 12 [0155.194] lstrlenA (lpString="CreateEventExA") returned 14 [0155.195] lstrlenA (lpString="CreateEventExW") returned 14 [0155.195] lstrlenA (lpString="CreateEventW") returned 12 [0155.195] lstrlenA (lpString="CreateFiber") returned 11 [0155.195] lstrlenA (lpString="CreateFiberEx") returned 13 [0155.195] lstrlenA (lpString="CreateFileA") returned 11 [0155.195] lstrlenA (lpString="CreateFileMappingA") returned 18 [0155.195] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0155.195] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0155.195] lstrlenA (lpString="CreateFileMappingW") returned 18 [0155.195] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0155.196] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0155.196] lstrlenA (lpString="CreateFileW") returned 11 [0155.196] lstrlenA (lpString="CreateHardLinkA") returned 15 [0155.196] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0155.196] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0155.196] lstrlenA (lpString="CreateHardLinkW") returned 15 [0155.196] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0155.196] lstrlenA (lpString="CreateJobObjectA") returned 16 [0155.196] lstrlenA (lpString="CreateJobObjectW") returned 16 [0155.196] lstrlenA (lpString="CreateJobSet") returned 12 [0155.196] lstrlenA (lpString="CreateMailslotA") returned 15 [0155.197] lstrlenA (lpString="CreateMailslotW") returned 15 [0155.197] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0155.197] lstrlenA (lpString="CreateMutexA") returned 12 [0155.197] lstrlenA (lpString="CreateMutexExA") returned 14 [0155.197] lstrlenA (lpString="CreateMutexExW") returned 14 [0155.197] lstrlenA (lpString="CreateMutexW") returned 12 [0155.197] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0155.197] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0155.197] lstrlenA (lpString="CreatePipe") returned 10 [0155.197] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0155.197] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0155.198] lstrlenA (lpString="CreateProcessA") returned 14 [0155.198] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0155.198] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0155.198] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0155.198] lstrlenA (lpString="CreateProcessW") returned 14 [0155.198] lstrlenA (lpString="CreateRemoteThread") returned 18 [0155.198] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0155.198] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0155.198] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0155.198] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0155.199] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0155.199] lstrlenA (lpString="CreateSocketHandle") returned 18 [0155.199] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0155.199] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0155.199] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0155.199] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0155.199] lstrlenA (lpString="CreateTapePartition") returned 19 [0155.199] lstrlenA (lpString="CreateThread") returned 12 [0155.199] lstrlenA (lpString="CreateThreadpool") returned 16 [0155.199] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0155.199] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0155.200] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0155.200] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0155.200] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0155.200] lstrlenA (lpString="CreateTimerQueue") returned 16 [0155.200] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0155.200] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0155.200] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0155.200] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0155.200] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0155.200] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0155.200] lstrlenA (lpString="CtrlRoutine") returned 11 [0155.200] lstrlenA (lpString="DeactivateActCtx") returned 16 [0155.200] lstrlenA (lpString="DebugActiveProcess") returned 18 [0155.200] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0155.201] lstrlenA (lpString="DebugBreak") returned 10 [0155.201] lstrlenA (lpString="DebugBreakProcess") returned 17 [0155.201] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0155.201] lstrlenA (lpString="DecodePointer") returned 13 [0155.201] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0155.201] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0155.201] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0155.201] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0155.201] lstrlenA (lpString="DeleteAtom") returned 10 [0155.201] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0155.201] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0155.201] lstrlenA (lpString="DeleteFiber") returned 11 [0155.201] lstrlenA (lpString="DeleteFileA") returned 11 [0155.202] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0155.202] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0155.202] lstrlenA (lpString="DeleteFileW") returned 11 [0155.202] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0155.202] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0155.202] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0155.202] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0155.202] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0155.202] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0155.202] lstrlenA (lpString="DeviceIoControl") returned 15 [0155.202] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0155.202] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0155.202] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0155.202] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0155.203] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0155.203] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0155.203] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0155.203] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0155.203] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0155.203] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0155.203] lstrlenA (lpString="DuplicateHandle") returned 15 [0155.203] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0155.203] lstrlenA (lpString="EncodePointer") returned 13 [0155.203] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0155.203] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0155.203] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0155.203] lstrlenA (lpString="EnterCriticalSection") returned 20 [0155.203] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0155.204] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0155.204] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0155.204] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0155.204] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0155.204] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0155.204] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0155.204] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0155.204] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0155.282] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x402000, lpBuffer=0x36ebd80*, nSize=0x33e00, lpNumberOfBytesWritten=0x2793a5c | out: lpBuffer=0x36ebd80*, lpNumberOfBytesWritten=0x2793a5c*=0x33e00) returned 1 [0155.388] EnumProcessModules (in: hProcess=0x640, lphModule=0x279b91c, cb=0x100, lpcbNeeded=0x3cc748 | out: lphModule=0x279b91c, lpcbNeeded=0x3cc748) returned 1 [0155.390] EnumProcessModules (in: hProcess=0x640, lphModule=0x279ba28, cb=0x200, lpcbNeeded=0x3cc748 | out: lphModule=0x279ba28, lpcbNeeded=0x3cc748) returned 1 [0155.392] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x279bc68, cb=0xc | out: lpmodinfo=0x279bc68*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0155.392] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.392] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0155.393] CoTaskMemFree (pv=0x5c74c60) [0155.393] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.393] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0155.393] CoTaskMemFree (pv=0x5c74c60) [0155.393] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x279ddc0, cb=0xc | out: lpmodinfo=0x279ddc0*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0155.393] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.393] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0155.393] CoTaskMemFree (pv=0x5c74c60) [0155.394] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.394] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0155.394] CoTaskMemFree (pv=0x5c74c60) [0155.394] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x279fed0, cb=0xc | out: lpmodinfo=0x279fed0*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0155.394] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.394] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0155.394] CoTaskMemFree (pv=0x5c74c60) [0155.394] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.395] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0155.395] CoTaskMemFree (pv=0x5c74c60) [0155.395] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x27a1fe8, cb=0xc | out: lpmodinfo=0x27a1fe8*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0155.395] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.395] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0155.395] CoTaskMemFree (pv=0x5c74c60) [0155.395] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.395] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0155.396] CoTaskMemFree (pv=0x5c74c60) [0155.396] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x27a4108, cb=0xc | out: lpmodinfo=0x27a4108*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0155.396] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.396] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0155.396] CoTaskMemFree (pv=0x5c74c60) [0155.396] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.397] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0155.397] CoTaskMemFree (pv=0x5c74c60) [0155.397] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x27a625c, cb=0xc | out: lpmodinfo=0x27a625c*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0155.397] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.397] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0155.398] CoTaskMemFree (pv=0x5c74c60) [0155.398] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.398] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0155.398] CoTaskMemFree (pv=0x5c74c60) [0155.398] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x27a837c, cb=0xc | out: lpmodinfo=0x27a837c*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0155.398] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.398] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0155.399] CoTaskMemFree (pv=0x5c74c60) [0155.399] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.399] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0155.399] CoTaskMemFree (pv=0x5c74c60) [0155.399] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x27aa494, cb=0xc | out: lpmodinfo=0x27aa494*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0155.399] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.400] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0155.400] CoTaskMemFree (pv=0x5c74c60) [0155.400] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.400] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0155.400] CoTaskMemFree (pv=0x5c74c60) [0155.400] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x27ac5ac, cb=0xc | out: lpmodinfo=0x27ac5ac*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0155.401] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.401] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0155.401] CoTaskMemFree (pv=0x5c74c60) [0155.401] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.401] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0155.401] CoTaskMemFree (pv=0x5c74c60) [0155.402] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x27ae710, cb=0xc | out: lpmodinfo=0x27ae710*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0155.402] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.402] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0155.402] CoTaskMemFree (pv=0x5c74c60) [0155.402] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.402] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0155.403] CoTaskMemFree (pv=0x5c74c60) [0155.403] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x27b0828, cb=0xc | out: lpmodinfo=0x27b0828*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0155.403] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.403] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0155.404] CoTaskMemFree (pv=0x5c74c60) [0155.404] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.404] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0155.404] CoTaskMemFree (pv=0x5c74c60) [0155.404] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x27b2948, cb=0xc | out: lpmodinfo=0x27b2948*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0155.405] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.405] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0155.405] CoTaskMemFree (pv=0x5c74c60) [0155.405] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.405] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0155.406] CoTaskMemFree (pv=0x5c74c60) [0155.406] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x27b4a9c, cb=0xc | out: lpmodinfo=0x27b4a9c*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0155.406] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.406] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0155.407] CoTaskMemFree (pv=0x5c74c60) [0155.407] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.407] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0155.407] CoTaskMemFree (pv=0x5c74c60) [0155.407] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x27b6c0c, cb=0xc | out: lpmodinfo=0x27b6c0c*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0155.408] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.408] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0155.408] CoTaskMemFree (pv=0x5c74c60) [0155.408] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.408] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0155.409] CoTaskMemFree (pv=0x5c74c60) [0155.409] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x27b8d24, cb=0xc | out: lpmodinfo=0x27b8d24*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0155.410] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.410] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0155.411] CoTaskMemFree (pv=0x5c74c60) [0155.411] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.411] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0155.412] CoTaskMemFree (pv=0x5c74c60) [0155.412] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x27bae34, cb=0xc | out: lpmodinfo=0x27bae34*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0155.413] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.413] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0155.413] CoTaskMemFree (pv=0x5c74c60) [0155.413] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.413] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0155.414] CoTaskMemFree (pv=0x5c74c60) [0155.414] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x27bcf4c, cb=0xc | out: lpmodinfo=0x27bcf4c*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0155.414] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.414] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0155.415] CoTaskMemFree (pv=0x5c74c60) [0155.415] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.415] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0155.415] CoTaskMemFree (pv=0x5c74c60) [0155.415] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x27bf0e0, cb=0xc | out: lpmodinfo=0x27bf0e0*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0155.416] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.416] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0155.417] CoTaskMemFree (pv=0x5c74c60) [0155.417] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.417] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0155.417] CoTaskMemFree (pv=0x5c74c60) [0155.417] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x27c11f0, cb=0xc | out: lpmodinfo=0x27c11f0*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0155.418] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.418] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0155.418] CoTaskMemFree (pv=0x5c74c60) [0155.418] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.418] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0155.419] CoTaskMemFree (pv=0x5c74c60) [0155.419] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x27c3300, cb=0xc | out: lpmodinfo=0x27c3300*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0155.420] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.420] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0155.420] CoTaskMemFree (pv=0x5c74c60) [0155.420] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.420] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0155.421] CoTaskMemFree (pv=0x5c74c60) [0155.421] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x27c5410, cb=0xc | out: lpmodinfo=0x27c5410*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0155.422] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.422] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0155.422] CoTaskMemFree (pv=0x5c74c60) [0155.422] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.422] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0155.423] CoTaskMemFree (pv=0x5c74c60) [0155.423] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x27c7528, cb=0xc | out: lpmodinfo=0x27c7528*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0155.423] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.423] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0155.424] CoTaskMemFree (pv=0x5c74c60) [0155.424] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.424] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0155.425] CoTaskMemFree (pv=0x5c74c60) [0155.425] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x27c9670, cb=0xc | out: lpmodinfo=0x27c9670*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0155.426] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.426] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0155.426] CoTaskMemFree (pv=0x5c74c60) [0155.426] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.426] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0155.427] CoTaskMemFree (pv=0x5c74c60) [0155.427] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x27cb7c0, cb=0xc | out: lpmodinfo=0x27cb7c0*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0155.428] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.428] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0155.428] CoTaskMemFree (pv=0x5c74c60) [0155.428] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.428] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0155.429] CoTaskMemFree (pv=0x5c74c60) [0155.429] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x27cd900, cb=0xc | out: lpmodinfo=0x27cd900*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0155.430] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.430] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0155.430] CoTaskMemFree (pv=0x5c74c60) [0155.430] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.431] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0155.431] CoTaskMemFree (pv=0x5c74c60) [0155.431] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x27cfab4, cb=0xc | out: lpmodinfo=0x27cfab4*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0155.432] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.432] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0155.433] CoTaskMemFree (pv=0x5c74c60) [0155.433] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.433] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0155.433] CoTaskMemFree (pv=0x5c74c60) [0155.433] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x27d1bc4, cb=0xc | out: lpmodinfo=0x27d1bc4*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0155.434] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.434] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0155.435] CoTaskMemFree (pv=0x5c74c60) [0155.435] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.435] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0155.436] CoTaskMemFree (pv=0x5c74c60) [0155.436] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x27d3cdc, cb=0xc | out: lpmodinfo=0x27d3cdc*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0155.436] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.436] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0155.437] CoTaskMemFree (pv=0x5c74c60) [0155.437] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.437] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0155.438] CoTaskMemFree (pv=0x5c74c60) [0155.438] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x27d5e4c, cb=0xc | out: lpmodinfo=0x27d5e4c*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0155.439] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.439] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0155.439] CoTaskMemFree (pv=0x5c74c60) [0155.439] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.439] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0155.440] CoTaskMemFree (pv=0x5c74c60) [0155.440] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x27d7f98, cb=0xc | out: lpmodinfo=0x27d7f98*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0155.441] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.441] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0155.442] CoTaskMemFree (pv=0x5c74c60) [0155.442] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.442] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0155.443] CoTaskMemFree (pv=0x5c74c60) [0155.443] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x27da0b8, cb=0xc | out: lpmodinfo=0x27da0b8*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0155.444] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.444] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0155.444] CoTaskMemFree (pv=0x5c74c60) [0155.444] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.444] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0155.445] CoTaskMemFree (pv=0x5c74c60) [0155.445] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x27dc260, cb=0xc | out: lpmodinfo=0x27dc260*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0155.446] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.446] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0155.447] CoTaskMemFree (pv=0x5c74c60) [0155.447] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.447] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0155.448] CoTaskMemFree (pv=0x5c74c60) [0155.448] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x27de438, cb=0xc | out: lpmodinfo=0x27de438*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0155.449] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.449] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0155.449] CoTaskMemFree (pv=0x5c74c60) [0155.449] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.449] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0155.450] CoTaskMemFree (pv=0x5c74c60) [0155.450] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x27e0740, cb=0xc | out: lpmodinfo=0x27e0740*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0155.451] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.451] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0155.452] CoTaskMemFree (pv=0x5c74c60) [0155.452] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.452] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0155.453] CoTaskMemFree (pv=0x5c74c60) [0155.453] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x27e2908, cb=0xc | out: lpmodinfo=0x27e2908*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0155.454] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.454] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0155.455] CoTaskMemFree (pv=0x5c74c60) [0155.455] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.455] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0155.456] CoTaskMemFree (pv=0x5c74c60) [0155.456] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x27e4b08, cb=0xc | out: lpmodinfo=0x27e4b08*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0155.457] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.457] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0155.458] CoTaskMemFree (pv=0x5c74c60) [0155.458] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.458] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0155.459] CoTaskMemFree (pv=0x5c74c60) [0155.459] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x27e6d04, cb=0xc | out: lpmodinfo=0x27e6d04*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0155.460] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.460] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0155.460] CoTaskMemFree (pv=0x5c74c60) [0155.461] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.461] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0155.461] CoTaskMemFree (pv=0x5c74c60) [0155.462] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x27e8ec4, cb=0xc | out: lpmodinfo=0x27e8ec4*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0155.462] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.462] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0155.463] CoTaskMemFree (pv=0x5c74c60) [0155.463] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.463] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0155.464] CoTaskMemFree (pv=0x5c74c60) [0155.464] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x27eb020, cb=0xc | out: lpmodinfo=0x27eb020*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0155.465] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.465] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0155.466] CoTaskMemFree (pv=0x5c74c60) [0155.466] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.466] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0155.467] CoTaskMemFree (pv=0x5c74c60) [0155.467] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x27ed138, cb=0xc | out: lpmodinfo=0x27ed138*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0155.468] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.468] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0155.469] CoTaskMemFree (pv=0x5c74c60) [0155.469] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.469] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0155.470] CoTaskMemFree (pv=0x5c74c60) [0155.470] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x27ef250, cb=0xc | out: lpmodinfo=0x27ef250*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0155.471] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.471] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0155.474] CoTaskMemFree (pv=0x5c74c60) [0155.474] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.474] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0155.475] CoTaskMemFree (pv=0x5c74c60) [0155.475] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x27f1368, cb=0xc | out: lpmodinfo=0x27f1368*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0155.476] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.476] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0155.477] CoTaskMemFree (pv=0x5c74c60) [0155.477] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.477] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0155.478] CoTaskMemFree (pv=0x5c74c60) [0155.478] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x27f3480, cb=0xc | out: lpmodinfo=0x27f3480*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0155.479] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.479] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0155.480] CoTaskMemFree (pv=0x5c74c60) [0155.480] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.480] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0155.482] CoTaskMemFree (pv=0x5c74c60) [0155.482] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x27f55a4, cb=0xc | out: lpmodinfo=0x27f55a4*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0155.483] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.483] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0155.484] CoTaskMemFree (pv=0x5c74c60) [0155.484] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.484] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0155.485] CoTaskMemFree (pv=0x5c74c60) [0155.485] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x27f76b4, cb=0xc | out: lpmodinfo=0x27f76b4*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0155.486] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.486] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0155.487] CoTaskMemFree (pv=0x5c74c60) [0155.487] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.487] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0155.489] CoTaskMemFree (pv=0x5c74c60) [0155.489] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x27f97d4, cb=0xc | out: lpmodinfo=0x27f97d4*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0155.490] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.490] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0155.491] CoTaskMemFree (pv=0x5c74c60) [0155.491] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.491] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0155.492] CoTaskMemFree (pv=0x5c74c60) [0155.492] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x27fb8ec, cb=0xc | out: lpmodinfo=0x27fb8ec*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0155.493] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.493] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0155.494] CoTaskMemFree (pv=0x5c74c60) [0155.494] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.494] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0155.496] CoTaskMemFree (pv=0x5c74c60) [0155.496] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x27fda04, cb=0xc | out: lpmodinfo=0x27fda04*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0155.497] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.497] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0155.498] CoTaskMemFree (pv=0x5c74c60) [0155.498] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.498] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0155.499] CoTaskMemFree (pv=0x5c74c60) [0155.499] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x27ffb0c, cb=0xc | out: lpmodinfo=0x27ffb0c*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0155.500] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.500] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0155.502] CoTaskMemFree (pv=0x5c74c60) [0155.502] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.502] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0155.503] CoTaskMemFree (pv=0x5c74c60) [0155.503] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x2801c24, cb=0xc | out: lpmodinfo=0x2801c24*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0155.505] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.505] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0155.506] CoTaskMemFree (pv=0x5c74c60) [0155.506] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.506] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0155.507] CoTaskMemFree (pv=0x5c74c60) [0155.508] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x2803d3c, cb=0xc | out: lpmodinfo=0x2803d3c*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0155.509] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.509] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0155.510] CoTaskMemFree (pv=0x5c74c60) [0155.510] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.510] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0155.511] CoTaskMemFree (pv=0x5c74c60) [0155.511] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x2805e5c, cb=0xc | out: lpmodinfo=0x2805e5c*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0155.513] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.513] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0155.514] CoTaskMemFree (pv=0x5c74c60) [0155.514] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.514] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0155.515] CoTaskMemFree (pv=0x5c74c60) [0155.515] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x2807f74, cb=0xc | out: lpmodinfo=0x2807f74*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0155.516] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.516] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0155.518] CoTaskMemFree (pv=0x5c74c60) [0155.518] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.518] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0155.519] CoTaskMemFree (pv=0x5c74c60) [0155.519] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x280a08c, cb=0xc | out: lpmodinfo=0x280a08c*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0155.520] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.520] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0155.522] CoTaskMemFree (pv=0x5c74c60) [0155.522] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.522] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0155.523] CoTaskMemFree (pv=0x5c74c60) [0155.523] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x280c19c, cb=0xc | out: lpmodinfo=0x280c19c*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0155.524] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.524] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0155.526] CoTaskMemFree (pv=0x5c74c60) [0155.526] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.526] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0155.527] CoTaskMemFree (pv=0x5c74c60) [0155.527] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x280e2b4, cb=0xc | out: lpmodinfo=0x280e2b4*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0155.528] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.528] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0155.530] CoTaskMemFree (pv=0x5c74c60) [0155.530] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.530] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0155.531] CoTaskMemFree (pv=0x5c74c60) [0155.531] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x28103d4, cb=0xc | out: lpmodinfo=0x28103d4*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0155.532] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.533] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0155.534] CoTaskMemFree (pv=0x5c74c60) [0155.534] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.534] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0155.539] CoTaskMemFree (pv=0x5c74c60) [0155.539] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x28124ec, cb=0xc | out: lpmodinfo=0x28124ec*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0155.541] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.541] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0155.542] CoTaskMemFree (pv=0x5c74c60) [0155.542] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.542] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0155.543] CoTaskMemFree (pv=0x5c74c60) [0155.543] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x281460c, cb=0xc | out: lpmodinfo=0x281460c*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0155.545] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.545] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0155.546] CoTaskMemFree (pv=0x5c74c60) [0155.546] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.546] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0155.548] CoTaskMemFree (pv=0x5c74c60) [0155.548] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x281672c, cb=0xc | out: lpmodinfo=0x281672c*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0155.549] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.549] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0155.551] CoTaskMemFree (pv=0x5c74c60) [0155.551] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.551] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0155.553] CoTaskMemFree (pv=0x5c74c60) [0155.553] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x2818854, cb=0xc | out: lpmodinfo=0x2818854*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0155.554] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.554] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0155.555] CoTaskMemFree (pv=0x5c74c60) [0155.555] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.555] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0155.557] CoTaskMemFree (pv=0x5c74c60) [0155.557] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x281a96c, cb=0xc | out: lpmodinfo=0x281a96c*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0155.558] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.558] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0155.560] CoTaskMemFree (pv=0x5c74c60) [0155.560] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.560] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0155.561] CoTaskMemFree (pv=0x5c74c60) [0155.561] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x281ca8c, cb=0xc | out: lpmodinfo=0x281ca8c*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0155.563] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.563] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0155.564] CoTaskMemFree (pv=0x5c74c60) [0155.564] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.564] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0155.578] CoTaskMemFree (pv=0x5c74c60) [0155.578] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x281ebac, cb=0xc | out: lpmodinfo=0x281ebac*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0155.579] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.579] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0155.581] CoTaskMemFree (pv=0x5c74c60) [0155.581] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.581] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0155.583] CoTaskMemFree (pv=0x5c74c60) [0155.583] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x2820cc4, cb=0xc | out: lpmodinfo=0x2820cc4*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0155.584] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.584] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0155.586] CoTaskMemFree (pv=0x5c74c60) [0155.586] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.586] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0155.587] CoTaskMemFree (pv=0x5c74c60) [0155.587] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x2822ff0, cb=0xc | out: lpmodinfo=0x2822ff0*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0155.589] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.589] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0155.590] CoTaskMemFree (pv=0x5c74c60) [0155.590] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.590] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0155.592] CoTaskMemFree (pv=0x5c74c60) [0155.592] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x2825108, cb=0xc | out: lpmodinfo=0x2825108*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0155.594] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.594] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0155.595] CoTaskMemFree (pv=0x5c74c60) [0155.595] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.595] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0155.597] CoTaskMemFree (pv=0x5c74c60) [0155.597] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x2827220, cb=0xc | out: lpmodinfo=0x2827220*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0155.598] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.599] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0155.600] CoTaskMemFree (pv=0x5c74c60) [0155.600] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.600] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0155.602] CoTaskMemFree (pv=0x5c74c60) [0155.602] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x2829338, cb=0xc | out: lpmodinfo=0x2829338*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0155.603] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.603] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0155.604] CoTaskMemFree (pv=0x5c74c60) [0155.604] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.604] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0155.606] CoTaskMemFree (pv=0x5c74c60) [0155.606] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x282b478, cb=0xc | out: lpmodinfo=0x282b478*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0155.607] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.607] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0155.609] CoTaskMemFree (pv=0x5c74c60) [0155.609] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.609] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0155.611] CoTaskMemFree (pv=0x5c74c60) [0155.611] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x282d59c, cb=0xc | out: lpmodinfo=0x282d59c*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0155.612] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.612] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0155.614] CoTaskMemFree (pv=0x5c74c60) [0155.614] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.614] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0155.616] CoTaskMemFree (pv=0x5c74c60) [0155.616] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x282f6ac, cb=0xc | out: lpmodinfo=0x282f6ac*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0155.617] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.617] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0155.619] CoTaskMemFree (pv=0x5c74c60) [0155.619] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.619] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0155.621] CoTaskMemFree (pv=0x5c74c60) [0155.621] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x2831880, cb=0xc | out: lpmodinfo=0x2831880*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0155.622] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.622] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0155.624] CoTaskMemFree (pv=0x5c74c60) [0155.624] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.624] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0155.626] CoTaskMemFree (pv=0x5c74c60) [0155.626] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x2833a3c, cb=0xc | out: lpmodinfo=0x2833a3c*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0155.627] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.628] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0155.629] CoTaskMemFree (pv=0x5c74c60) [0155.629] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.629] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0155.631] CoTaskMemFree (pv=0x5c74c60) [0155.631] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x2835b6c, cb=0xc | out: lpmodinfo=0x2835b6c*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0155.633] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.633] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0155.635] CoTaskMemFree (pv=0x5c74c60) [0155.635] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.635] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0155.636] CoTaskMemFree (pv=0x5c74c60) [0155.636] CloseHandle (hObject=0x640) returned 1 [0155.637] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0155.637] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0155.637] lstrlenA (lpString="ActivateActCtx") returned 14 [0155.637] lstrlenA (lpString="AddAtomA") returned 8 [0155.637] lstrlenA (lpString="AddAtomW") returned 8 [0155.637] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0155.637] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0155.638] lstrlenA (lpString="AddDllDirectory") returned 15 [0155.638] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0155.638] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0155.638] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0155.638] lstrlenA (lpString="AddRefActCtx") returned 12 [0155.638] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0155.638] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0155.638] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0155.638] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0155.638] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0155.639] lstrlenA (lpString="AllocConsole") returned 12 [0155.639] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0155.639] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0155.639] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0155.639] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0155.639] lstrlenA (lpString="AreFileApisANSI") returned 15 [0155.639] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0155.639] lstrlenA (lpString="AttachConsole") returned 13 [0155.639] lstrlenA (lpString="BackupRead") returned 10 [0155.639] lstrlenA (lpString="BackupSeek") returned 10 [0155.640] lstrlenA (lpString="BackupWrite") returned 11 [0155.640] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0155.640] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0155.640] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0155.640] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0155.640] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0155.640] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0155.640] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0155.640] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0155.640] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0155.641] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0155.641] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0155.641] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0155.641] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0155.641] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0155.641] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0155.641] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0155.641] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0155.642] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0155.642] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0155.642] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0155.642] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0155.642] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0155.642] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0155.642] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0155.642] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0155.642] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0155.642] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0155.643] lstrlenA (lpString="Beep") returned 4 [0155.643] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0155.643] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0155.643] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0155.643] lstrlenA (lpString="BuildCommDCBA") returned 13 [0155.643] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0155.643] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0155.643] lstrlenA (lpString="BuildCommDCBW") returned 13 [0155.643] lstrlenA (lpString="CallNamedPipeA") returned 14 [0155.643] lstrlenA (lpString="CallNamedPipeW") returned 14 [0155.644] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0155.644] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0155.644] lstrlenA (lpString="CancelIo") returned 8 [0155.644] lstrlenA (lpString="CancelIoEx") returned 10 [0155.644] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0155.644] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0155.644] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0155.644] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0155.645] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0155.645] lstrlenA (lpString="CheckElevation") returned 14 [0155.645] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0155.645] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0155.645] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0155.645] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0155.645] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0155.645] lstrlenA (lpString="ClearCommBreak") returned 14 [0155.645] lstrlenA (lpString="ClearCommError") returned 14 [0155.645] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0155.646] lstrlenA (lpString="CloseHandle") returned 11 [0155.646] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0155.646] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0155.646] lstrlenA (lpString="CloseThreadpool") returned 15 [0155.646] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0155.646] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0155.646] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0155.646] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0155.646] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0155.646] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0155.647] lstrlenA (lpString="CmdBatNotification") returned 18 [0155.647] lstrlenA (lpString="CommConfigDialogA") returned 17 [0155.647] lstrlenA (lpString="CommConfigDialogW") returned 17 [0155.647] lstrlenA (lpString="CompareCalendarDates") returned 20 [0155.647] lstrlenA (lpString="CompareFileTime") returned 15 [0155.647] lstrlenA (lpString="CompareStringA") returned 14 [0155.647] lstrlenA (lpString="CompareStringEx") returned 15 [0155.647] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0155.647] lstrlenA (lpString="CompareStringW") returned 14 [0155.647] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0155.648] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0155.648] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0155.648] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0155.648] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0155.648] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0155.648] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0155.648] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0155.648] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0155.648] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0155.648] lstrlenA (lpString="CopyContext") returned 11 [0155.649] lstrlenA (lpString="CopyFileA") returned 9 [0155.649] lstrlenA (lpString="CopyFileExA") returned 11 [0155.649] lstrlenA (lpString="CopyFileExW") returned 11 [0155.649] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0155.649] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0155.649] lstrlenA (lpString="CopyFileW") returned 9 [0155.649] lstrlenA (lpString="CopyLZFile") returned 10 [0155.649] lstrlenA (lpString="CreateActCtxA") returned 13 [0155.649] lstrlenA (lpString="CreateActCtxW") returned 13 [0155.650] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0155.650] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0155.650] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0155.650] lstrlenA (lpString="CreateDirectoryA") returned 16 [0155.650] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0155.650] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0155.650] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0155.650] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0155.650] lstrlenA (lpString="CreateDirectoryW") returned 16 [0155.650] lstrlenA (lpString="CreateEventA") returned 12 [0155.650] lstrlenA (lpString="CreateEventExA") returned 14 [0155.650] lstrlenA (lpString="CreateEventExW") returned 14 [0155.650] lstrlenA (lpString="CreateEventW") returned 12 [0155.651] lstrlenA (lpString="CreateFiber") returned 11 [0155.651] lstrlenA (lpString="CreateFiberEx") returned 13 [0155.651] lstrlenA (lpString="CreateFileA") returned 11 [0155.651] lstrlenA (lpString="CreateFileMappingA") returned 18 [0155.651] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0155.651] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0155.651] lstrlenA (lpString="CreateFileMappingW") returned 18 [0155.651] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0155.651] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0155.651] lstrlenA (lpString="CreateFileW") returned 11 [0155.651] lstrlenA (lpString="CreateHardLinkA") returned 15 [0155.651] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0155.651] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0155.651] lstrlenA (lpString="CreateHardLinkW") returned 15 [0155.651] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0155.652] lstrlenA (lpString="CreateJobObjectA") returned 16 [0155.652] lstrlenA (lpString="CreateJobObjectW") returned 16 [0155.652] lstrlenA (lpString="CreateJobSet") returned 12 [0155.652] lstrlenA (lpString="CreateMailslotA") returned 15 [0155.652] lstrlenA (lpString="CreateMailslotW") returned 15 [0155.652] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0155.652] lstrlenA (lpString="CreateMutexA") returned 12 [0155.652] lstrlenA (lpString="CreateMutexExA") returned 14 [0155.652] lstrlenA (lpString="CreateMutexExW") returned 14 [0155.652] lstrlenA (lpString="CreateMutexW") returned 12 [0155.652] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0155.652] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0155.652] lstrlenA (lpString="CreatePipe") returned 10 [0155.652] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0155.652] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0155.653] lstrlenA (lpString="CreateProcessA") returned 14 [0155.653] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0155.653] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0155.653] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0155.653] lstrlenA (lpString="CreateProcessW") returned 14 [0155.653] lstrlenA (lpString="CreateRemoteThread") returned 18 [0155.653] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0155.653] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0155.653] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0155.653] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0155.653] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0155.653] lstrlenA (lpString="CreateSocketHandle") returned 18 [0155.653] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0155.653] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0155.654] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0155.654] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0155.654] lstrlenA (lpString="CreateTapePartition") returned 19 [0155.654] lstrlenA (lpString="CreateThread") returned 12 [0155.654] lstrlenA (lpString="CreateThreadpool") returned 16 [0155.654] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0155.654] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0155.654] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0155.654] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0155.654] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0155.654] lstrlenA (lpString="CreateTimerQueue") returned 16 [0155.654] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0155.654] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0155.654] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0155.654] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0155.655] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0155.655] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0155.655] lstrlenA (lpString="CtrlRoutine") returned 11 [0155.655] lstrlenA (lpString="DeactivateActCtx") returned 16 [0155.655] lstrlenA (lpString="DebugActiveProcess") returned 18 [0155.655] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0155.655] lstrlenA (lpString="DebugBreak") returned 10 [0155.655] lstrlenA (lpString="DebugBreakProcess") returned 17 [0155.655] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0155.655] lstrlenA (lpString="DecodePointer") returned 13 [0155.655] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0155.655] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0155.656] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0155.656] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0155.656] lstrlenA (lpString="DeleteAtom") returned 10 [0155.656] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0155.656] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0155.656] lstrlenA (lpString="DeleteFiber") returned 11 [0155.656] lstrlenA (lpString="DeleteFileA") returned 11 [0155.656] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0155.656] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0155.656] lstrlenA (lpString="DeleteFileW") returned 11 [0155.656] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0155.656] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0155.656] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0155.656] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0155.656] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0155.657] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0155.657] lstrlenA (lpString="DeviceIoControl") returned 15 [0155.657] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0155.657] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0155.657] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0155.657] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0155.657] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0155.657] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0155.657] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0155.657] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0155.657] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0155.657] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0155.657] lstrlenA (lpString="DuplicateHandle") returned 15 [0155.657] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0155.657] lstrlenA (lpString="EncodePointer") returned 13 [0155.658] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0155.658] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0155.658] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0155.658] lstrlenA (lpString="EnterCriticalSection") returned 20 [0155.658] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0155.658] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0155.658] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0155.658] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0155.658] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0155.658] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0155.658] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0155.658] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0155.658] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0155.661] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x436000, lpBuffer=0x2793a78*, nSize=0x600, lpNumberOfBytesWritten=0x284a100 | out: lpBuffer=0x2793a78*, lpNumberOfBytesWritten=0x284a100*=0x600) returned 1 [0155.707] EnumProcessModules (in: hProcess=0x640, lphModule=0x28519c0, cb=0x100, lpcbNeeded=0x3cc748 | out: lphModule=0x28519c0, lpcbNeeded=0x3cc748) returned 1 [0155.708] EnumProcessModules (in: hProcess=0x640, lphModule=0x2851acc, cb=0x200, lpcbNeeded=0x3cc748 | out: lphModule=0x2851acc, lpcbNeeded=0x3cc748) returned 1 [0155.709] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x2851d0c, cb=0xc | out: lpmodinfo=0x2851d0c*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0155.709] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.710] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0155.710] CoTaskMemFree (pv=0x5c74c60) [0155.710] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.710] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0155.710] CoTaskMemFree (pv=0x5c74c60) [0155.710] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x2853e64, cb=0xc | out: lpmodinfo=0x2853e64*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0155.710] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.710] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0155.710] CoTaskMemFree (pv=0x5c74c60) [0155.710] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.710] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0155.711] CoTaskMemFree (pv=0x5c74c60) [0155.711] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x2855f74, cb=0xc | out: lpmodinfo=0x2855f74*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0155.711] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.711] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0155.711] CoTaskMemFree (pv=0x5c74c60) [0155.711] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.711] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0155.711] CoTaskMemFree (pv=0x5c74c60) [0155.711] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x285808c, cb=0xc | out: lpmodinfo=0x285808c*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0155.712] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.712] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0155.712] CoTaskMemFree (pv=0x5c74c60) [0155.712] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.712] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0155.712] CoTaskMemFree (pv=0x5c74c60) [0155.712] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x285a1ac, cb=0xc | out: lpmodinfo=0x285a1ac*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0155.712] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.712] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0155.712] CoTaskMemFree (pv=0x5c74c60) [0155.713] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.713] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0155.713] CoTaskMemFree (pv=0x5c74c60) [0155.713] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x285c300, cb=0xc | out: lpmodinfo=0x285c300*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0155.713] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.713] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0155.713] CoTaskMemFree (pv=0x5c74c60) [0155.713] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.713] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0155.714] CoTaskMemFree (pv=0x5c74c60) [0155.714] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x285e420, cb=0xc | out: lpmodinfo=0x285e420*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0155.714] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.714] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0155.714] CoTaskMemFree (pv=0x5c74c60) [0155.714] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.714] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0155.715] CoTaskMemFree (pv=0x5c74c60) [0155.715] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x2860538, cb=0xc | out: lpmodinfo=0x2860538*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0155.715] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.715] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0155.715] CoTaskMemFree (pv=0x5c74c60) [0155.715] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.715] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0155.715] CoTaskMemFree (pv=0x5c74c60) [0155.715] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x2862650, cb=0xc | out: lpmodinfo=0x2862650*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0155.716] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.716] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0155.716] CoTaskMemFree (pv=0x5c74c60) [0155.716] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.716] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0155.716] CoTaskMemFree (pv=0x5c74c60) [0155.716] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x28647b4, cb=0xc | out: lpmodinfo=0x28647b4*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0155.717] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.717] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0155.717] CoTaskMemFree (pv=0x5c74c60) [0155.717] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.717] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0155.717] CoTaskMemFree (pv=0x5c74c60) [0155.717] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x28668cc, cb=0xc | out: lpmodinfo=0x28668cc*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0155.718] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.718] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0155.718] CoTaskMemFree (pv=0x5c74c60) [0155.718] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.718] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0155.719] CoTaskMemFree (pv=0x5c74c60) [0155.719] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x28689ec, cb=0xc | out: lpmodinfo=0x28689ec*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0155.719] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.719] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0155.719] CoTaskMemFree (pv=0x5c74c60) [0155.719] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.719] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0155.720] CoTaskMemFree (pv=0x5c74c60) [0155.720] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x286ab40, cb=0xc | out: lpmodinfo=0x286ab40*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0155.720] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.720] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0155.720] CoTaskMemFree (pv=0x5c74c60) [0155.720] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.720] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0155.721] CoTaskMemFree (pv=0x5c74c60) [0155.721] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x286ccb0, cb=0xc | out: lpmodinfo=0x286ccb0*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0155.721] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.721] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0155.722] CoTaskMemFree (pv=0x5c74c60) [0155.722] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.722] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0155.722] CoTaskMemFree (pv=0x5c74c60) [0155.722] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x286edc8, cb=0xc | out: lpmodinfo=0x286edc8*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0155.723] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.723] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0155.723] CoTaskMemFree (pv=0x5c74c60) [0155.723] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.723] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0155.723] CoTaskMemFree (pv=0x5c74c60) [0155.723] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x2870ed8, cb=0xc | out: lpmodinfo=0x2870ed8*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0155.724] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.724] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0155.724] CoTaskMemFree (pv=0x5c74c60) [0155.724] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.724] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0155.725] CoTaskMemFree (pv=0x5c74c60) [0155.725] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x2872ff0, cb=0xc | out: lpmodinfo=0x2872ff0*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0155.725] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.725] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0155.726] CoTaskMemFree (pv=0x5c74c60) [0155.726] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.726] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0155.726] CoTaskMemFree (pv=0x5c74c60) [0155.726] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x2875184, cb=0xc | out: lpmodinfo=0x2875184*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0155.727] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.727] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0155.727] CoTaskMemFree (pv=0x5c74c60) [0155.727] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.727] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0155.728] CoTaskMemFree (pv=0x5c74c60) [0155.728] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x2877294, cb=0xc | out: lpmodinfo=0x2877294*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0155.728] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.728] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0155.729] CoTaskMemFree (pv=0x5c74c60) [0155.729] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.729] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0155.729] CoTaskMemFree (pv=0x5c74c60) [0155.729] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x28793a4, cb=0xc | out: lpmodinfo=0x28793a4*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0155.730] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.730] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0155.730] CoTaskMemFree (pv=0x5c74c60) [0155.730] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.730] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0155.731] CoTaskMemFree (pv=0x5c74c60) [0155.731] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x287b4b4, cb=0xc | out: lpmodinfo=0x287b4b4*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0155.731] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.731] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0155.732] CoTaskMemFree (pv=0x5c74c60) [0155.732] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.732] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0155.732] CoTaskMemFree (pv=0x5c74c60) [0155.732] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x287d5d8, cb=0xc | out: lpmodinfo=0x287d5d8*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0155.733] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.733] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0155.733] CoTaskMemFree (pv=0x5c74c60) [0155.733] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.734] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0155.734] CoTaskMemFree (pv=0x5c74c60) [0155.734] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x287f714, cb=0xc | out: lpmodinfo=0x287f714*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0155.735] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.735] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0155.735] CoTaskMemFree (pv=0x5c74c60) [0155.735] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.735] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0155.736] CoTaskMemFree (pv=0x5c74c60) [0155.736] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x2881864, cb=0xc | out: lpmodinfo=0x2881864*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0155.736] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.736] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0155.737] CoTaskMemFree (pv=0x5c74c60) [0155.737] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.737] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0155.739] CoTaskMemFree (pv=0x5c74c60) [0155.739] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x28839a4, cb=0xc | out: lpmodinfo=0x28839a4*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0155.740] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.740] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0155.741] CoTaskMemFree (pv=0x5c74c60) [0155.741] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.741] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0155.742] CoTaskMemFree (pv=0x5c74c60) [0155.742] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x2885b58, cb=0xc | out: lpmodinfo=0x2885b58*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0155.743] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.743] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0155.743] CoTaskMemFree (pv=0x5c74c60) [0155.743] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.743] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0155.744] CoTaskMemFree (pv=0x5c74c60) [0155.744] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x2887c68, cb=0xc | out: lpmodinfo=0x2887c68*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0155.745] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.745] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0155.746] CoTaskMemFree (pv=0x5c74c60) [0155.746] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.746] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0155.746] CoTaskMemFree (pv=0x5c74c60) [0155.746] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x2889d80, cb=0xc | out: lpmodinfo=0x2889d80*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0155.747] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.747] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0155.748] CoTaskMemFree (pv=0x5c74c60) [0155.748] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.748] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0155.748] CoTaskMemFree (pv=0x5c74c60) [0155.748] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x288bef0, cb=0xc | out: lpmodinfo=0x288bef0*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0155.749] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.749] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0155.750] CoTaskMemFree (pv=0x5c74c60) [0155.750] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.750] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0155.751] CoTaskMemFree (pv=0x5c74c60) [0155.751] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x288e03c, cb=0xc | out: lpmodinfo=0x288e03c*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0155.751] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.751] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0155.752] CoTaskMemFree (pv=0x5c74c60) [0155.752] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.752] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0155.753] CoTaskMemFree (pv=0x5c74c60) [0155.753] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x289015c, cb=0xc | out: lpmodinfo=0x289015c*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0155.754] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.754] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0155.754] CoTaskMemFree (pv=0x5c74c60) [0155.754] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.754] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0155.755] CoTaskMemFree (pv=0x5c74c60) [0155.755] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x2892304, cb=0xc | out: lpmodinfo=0x2892304*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0155.756] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.756] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0155.756] CoTaskMemFree (pv=0x5c74c60) [0155.756] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.756] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0155.757] CoTaskMemFree (pv=0x5c74c60) [0155.757] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x28944dc, cb=0xc | out: lpmodinfo=0x28944dc*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0155.758] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.758] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0155.759] CoTaskMemFree (pv=0x5c74c60) [0155.759] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.759] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0155.759] CoTaskMemFree (pv=0x5c74c60) [0155.759] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x28967e4, cb=0xc | out: lpmodinfo=0x28967e4*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0155.760] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.760] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0155.761] CoTaskMemFree (pv=0x5c74c60) [0155.761] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.761] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0155.762] CoTaskMemFree (pv=0x5c74c60) [0155.762] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x28989ac, cb=0xc | out: lpmodinfo=0x28989ac*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0155.763] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.763] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0155.764] CoTaskMemFree (pv=0x5c74c60) [0155.764] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.764] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0155.765] CoTaskMemFree (pv=0x5c74c60) [0155.765] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x289abac, cb=0xc | out: lpmodinfo=0x289abac*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0155.766] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.766] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0155.766] CoTaskMemFree (pv=0x5c74c60) [0155.766] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.766] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0155.767] CoTaskMemFree (pv=0x5c74c60) [0155.767] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x289cda8, cb=0xc | out: lpmodinfo=0x289cda8*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0155.768] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.768] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0155.769] CoTaskMemFree (pv=0x5c74c60) [0155.769] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.769] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0155.772] CoTaskMemFree (pv=0x5c74c60) [0155.772] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x289ef68, cb=0xc | out: lpmodinfo=0x289ef68*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0155.773] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.773] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0155.774] CoTaskMemFree (pv=0x5c74c60) [0155.774] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.774] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0155.775] CoTaskMemFree (pv=0x5c74c60) [0155.775] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x28a10c4, cb=0xc | out: lpmodinfo=0x28a10c4*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0155.776] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.776] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0155.777] CoTaskMemFree (pv=0x5c74c60) [0155.777] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.777] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0155.778] CoTaskMemFree (pv=0x5c74c60) [0155.778] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x28a31dc, cb=0xc | out: lpmodinfo=0x28a31dc*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0155.779] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.779] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0155.780] CoTaskMemFree (pv=0x5c74c60) [0155.780] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.780] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0155.781] CoTaskMemFree (pv=0x5c74c60) [0155.781] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x28a52f4, cb=0xc | out: lpmodinfo=0x28a52f4*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0155.782] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.782] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0155.783] CoTaskMemFree (pv=0x5c74c60) [0155.783] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.783] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0155.784] CoTaskMemFree (pv=0x5c74c60) [0155.784] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x28a740c, cb=0xc | out: lpmodinfo=0x28a740c*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0155.785] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.785] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0155.786] CoTaskMemFree (pv=0x5c74c60) [0155.786] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.786] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0155.787] CoTaskMemFree (pv=0x5c74c60) [0155.787] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x28a9524, cb=0xc | out: lpmodinfo=0x28a9524*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0155.788] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.788] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0155.789] CoTaskMemFree (pv=0x5c74c60) [0155.789] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.789] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0155.790] CoTaskMemFree (pv=0x5c74c60) [0155.790] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x28ab648, cb=0xc | out: lpmodinfo=0x28ab648*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0155.791] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.791] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0155.792] CoTaskMemFree (pv=0x5c74c60) [0155.792] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.792] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0155.794] CoTaskMemFree (pv=0x5c74c60) [0155.794] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x28ad758, cb=0xc | out: lpmodinfo=0x28ad758*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0155.795] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.795] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0155.796] CoTaskMemFree (pv=0x5c74c60) [0155.796] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.796] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0155.797] CoTaskMemFree (pv=0x5c74c60) [0155.797] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x28af878, cb=0xc | out: lpmodinfo=0x28af878*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0155.798] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.798] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0155.799] CoTaskMemFree (pv=0x5c74c60) [0155.799] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.799] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0155.800] CoTaskMemFree (pv=0x5c74c60) [0155.800] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x28b1990, cb=0xc | out: lpmodinfo=0x28b1990*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0155.802] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.802] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0155.803] CoTaskMemFree (pv=0x5c74c60) [0155.803] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.803] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0155.804] CoTaskMemFree (pv=0x5c74c60) [0155.804] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x28b3aa8, cb=0xc | out: lpmodinfo=0x28b3aa8*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0155.805] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.805] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0155.806] CoTaskMemFree (pv=0x5c74c60) [0155.806] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.806] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0155.807] CoTaskMemFree (pv=0x5c74c60) [0155.807] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x28b5bb0, cb=0xc | out: lpmodinfo=0x28b5bb0*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0155.808] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.808] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0155.809] CoTaskMemFree (pv=0x5c74c60) [0155.810] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.810] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0155.811] CoTaskMemFree (pv=0x5c74c60) [0155.811] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x28b7cc8, cb=0xc | out: lpmodinfo=0x28b7cc8*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0155.812] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0155.812] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0155.813] CoTaskMemFree (pv=0x5c74c60) [0155.813] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0155.814] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x28b9de0, cb=0xc | out: lpmodinfo=0x28b9de0*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0155.817] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0155.818] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0155.819] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x28bbf00, cb=0xc | out: lpmodinfo=0x28bbf00*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0155.821] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0155.822] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0155.823] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x28be018, cb=0xc | out: lpmodinfo=0x28be018*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0155.824] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0155.825] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0155.827] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x28c0130, cb=0xc | out: lpmodinfo=0x28c0130*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0155.828] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0155.829] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0155.830] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x28c2240, cb=0xc | out: lpmodinfo=0x28c2240*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0155.832] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0155.833] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0155.834] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x28c4358, cb=0xc | out: lpmodinfo=0x28c4358*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0155.836] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0155.837] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0155.838] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x28c6478, cb=0xc | out: lpmodinfo=0x28c6478*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0155.839] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0155.841] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0155.842] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x28c8590, cb=0xc | out: lpmodinfo=0x28c8590*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0155.843] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0155.845] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0155.846] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x28ca6b0, cb=0xc | out: lpmodinfo=0x28ca6b0*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0155.848] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0155.849] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0155.850] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x28cc7d0, cb=0xc | out: lpmodinfo=0x28cc7d0*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0155.852] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0155.853] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0155.854] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x28ce8f8, cb=0xc | out: lpmodinfo=0x28ce8f8*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0155.856] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0155.857] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0155.858] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x28d0a10, cb=0xc | out: lpmodinfo=0x28d0a10*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0155.860] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0155.861] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0155.873] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x28d2b30, cb=0xc | out: lpmodinfo=0x28d2b30*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0155.875] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0155.876] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0155.878] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x28d4c50, cb=0xc | out: lpmodinfo=0x28d4c50*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0155.879] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0155.881] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0155.882] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x28d6d68, cb=0xc | out: lpmodinfo=0x28d6d68*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0155.884] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0155.885] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0155.887] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x28d9094, cb=0xc | out: lpmodinfo=0x28d9094*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0155.888] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0155.890] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0155.891] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x28db1ac, cb=0xc | out: lpmodinfo=0x28db1ac*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0155.893] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0155.894] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0155.896] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x28dd2c4, cb=0xc | out: lpmodinfo=0x28dd2c4*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0155.897] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0155.899] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0155.900] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x28df3dc, cb=0xc | out: lpmodinfo=0x28df3dc*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0155.901] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0155.903] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0155.905] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x28e151c, cb=0xc | out: lpmodinfo=0x28e151c*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0155.906] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0155.908] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0155.910] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x28e3640, cb=0xc | out: lpmodinfo=0x28e3640*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0155.911] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0155.913] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0155.914] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x28e5750, cb=0xc | out: lpmodinfo=0x28e5750*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0155.916] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0155.917] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0155.919] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x28e7924, cb=0xc | out: lpmodinfo=0x28e7924*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0155.920] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0155.921] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0155.923] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x28e9ae0, cb=0xc | out: lpmodinfo=0x28e9ae0*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0155.925] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0155.926] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0155.928] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x28ebc10, cb=0xc | out: lpmodinfo=0x28ebc10*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0155.929] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0155.931] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0155.933] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x438000, lpBuffer=0x284a11c*, nSize=0x200, lpNumberOfBytesWritten=0x29001a4 | out: lpBuffer=0x284a11c*, lpNumberOfBytesWritten=0x29001a4*=0x200) returned 1 [0156.015] EnumProcessModules (in: hProcess=0x640, lphModule=0x2907868, cb=0x100, lpcbNeeded=0x3cc748 | out: lphModule=0x2907868, lpcbNeeded=0x3cc748) returned 1 [0156.017] EnumProcessModules (in: hProcess=0x640, lphModule=0x2907974, cb=0x200, lpcbNeeded=0x3cc748 | out: lphModule=0x2907974, lpcbNeeded=0x3cc748) returned 1 [0156.018] GetModuleInformation (in: hProcess=0x640, hModule=0x11e0000, lpmodinfo=0x2907bb4, cb=0xc | out: lpmodinfo=0x2907bb4*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0156.019] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.019] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x11e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0156.019] CoTaskMemFree (pv=0x5c74c60) [0156.019] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.019] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x11e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0156.019] CoTaskMemFree (pv=0x5c74c60) [0156.019] GetModuleInformation (in: hProcess=0x640, hModule=0x77150000, lpmodinfo=0x2909d0c, cb=0xc | out: lpmodinfo=0x2909d0c*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0156.019] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.019] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77150000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.020] CoTaskMemFree (pv=0x5c74c60) [0156.020] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.020] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77150000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0156.020] CoTaskMemFree (pv=0x5c74c60) [0156.020] GetModuleInformation (in: hProcess=0x640, hModule=0x74b40000, lpmodinfo=0x290be1c, cb=0xc | out: lpmodinfo=0x290be1c*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0156.020] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.020] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74b40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0156.021] CoTaskMemFree (pv=0x5c74c60) [0156.021] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.021] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74b40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0156.021] CoTaskMemFree (pv=0x5c74c60) [0156.021] GetModuleInformation (in: hProcess=0x640, hModule=0x75620000, lpmodinfo=0x290df34, cb=0xc | out: lpmodinfo=0x290df34*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0156.021] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.021] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0156.022] CoTaskMemFree (pv=0x5c74c60) [0156.022] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.022] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0156.022] CoTaskMemFree (pv=0x5c74c60) [0156.022] GetModuleInformation (in: hProcess=0x640, hModule=0x74dc0000, lpmodinfo=0x2910054, cb=0xc | out: lpmodinfo=0x2910054*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0156.022] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.022] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74dc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0156.023] CoTaskMemFree (pv=0x5c74c60) [0156.023] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.023] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74dc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0156.023] CoTaskMemFree (pv=0x5c74c60) [0156.023] GetModuleInformation (in: hProcess=0x640, hModule=0x767e0000, lpmodinfo=0x29121a8, cb=0xc | out: lpmodinfo=0x29121a8*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0156.023] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.023] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x767e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0156.024] CoTaskMemFree (pv=0x5c74c60) [0156.024] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.024] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x767e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0156.024] CoTaskMemFree (pv=0x5c74c60) [0156.024] GetModuleInformation (in: hProcess=0x640, hModule=0x752c0000, lpmodinfo=0x29142c8, cb=0xc | out: lpmodinfo=0x29142c8*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0156.024] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.024] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0156.025] CoTaskMemFree (pv=0x5c74c60) [0156.025] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.025] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0156.025] CoTaskMemFree (pv=0x5c74c60) [0156.025] GetModuleInformation (in: hProcess=0x640, hModule=0x74e10000, lpmodinfo=0x29163e0, cb=0xc | out: lpmodinfo=0x29163e0*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0156.026] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.026] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74e10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0156.026] CoTaskMemFree (pv=0x5c74c60) [0156.026] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.026] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74e10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0156.026] CoTaskMemFree (pv=0x5c74c60) [0156.027] GetModuleInformation (in: hProcess=0x640, hModule=0x76450000, lpmodinfo=0x29184f8, cb=0xc | out: lpmodinfo=0x29184f8*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0156.027] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.027] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76450000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0156.027] CoTaskMemFree (pv=0x5c74c60) [0156.027] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.027] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76450000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0156.028] CoTaskMemFree (pv=0x5c74c60) [0156.028] GetModuleInformation (in: hProcess=0x640, hModule=0x74ca0000, lpmodinfo=0x291a65c, cb=0xc | out: lpmodinfo=0x291a65c*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0156.028] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.028] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0156.029] CoTaskMemFree (pv=0x5c74c60) [0156.029] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.029] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0156.029] CoTaskMemFree (pv=0x5c74c60) [0156.029] GetModuleInformation (in: hProcess=0x640, hModule=0x74c90000, lpmodinfo=0x291c774, cb=0xc | out: lpmodinfo=0x291c774*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0156.029] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.029] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0156.030] CoTaskMemFree (pv=0x5c74c60) [0156.030] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.030] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0156.030] CoTaskMemFree (pv=0x5c74c60) [0156.030] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x291e894, cb=0xc | out: lpmodinfo=0x291e894*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0156.031] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.031] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0156.031] CoTaskMemFree (pv=0x5c74c60) [0156.031] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.031] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0156.032] CoTaskMemFree (pv=0x5c74c60) [0156.032] GetModuleInformation (in: hProcess=0x640, hModule=0x72cc0000, lpmodinfo=0x29209e8, cb=0xc | out: lpmodinfo=0x29209e8*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0156.032] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.032] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0156.033] CoTaskMemFree (pv=0x5c74c60) [0156.033] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.033] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0156.033] CoTaskMemFree (pv=0x5c74c60) [0156.033] GetModuleInformation (in: hProcess=0x640, hModule=0x76540000, lpmodinfo=0x2922b58, cb=0xc | out: lpmodinfo=0x2922b58*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0156.034] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.034] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76540000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0156.034] CoTaskMemFree (pv=0x5c74c60) [0156.034] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.034] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76540000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0156.035] CoTaskMemFree (pv=0x5c74c60) [0156.035] GetModuleInformation (in: hProcess=0x640, hModule=0x76ae0000, lpmodinfo=0x2924c70, cb=0xc | out: lpmodinfo=0x2924c70*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0156.035] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.035] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0156.036] CoTaskMemFree (pv=0x5c74c60) [0156.036] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.036] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0156.036] CoTaskMemFree (pv=0x5c74c60) [0156.036] GetModuleInformation (in: hProcess=0x640, hModule=0x74f70000, lpmodinfo=0x2926d80, cb=0xc | out: lpmodinfo=0x2926d80*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0156.036] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.036] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74f70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0156.037] CoTaskMemFree (pv=0x5c74c60) [0156.037] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.037] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74f70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0156.037] CoTaskMemFree (pv=0x5c74c60) [0156.037] GetModuleInformation (in: hProcess=0x640, hModule=0x77120000, lpmodinfo=0x2928e98, cb=0xc | out: lpmodinfo=0x2928e98*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0156.038] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.038] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x77120000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0156.038] CoTaskMemFree (pv=0x5c74c60) [0156.038] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.038] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x77120000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0156.039] CoTaskMemFree (pv=0x5c74c60) [0156.039] GetModuleInformation (in: hProcess=0x640, hModule=0x76740000, lpmodinfo=0x292b02c, cb=0xc | out: lpmodinfo=0x292b02c*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0156.039] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.039] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76740000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0156.040] CoTaskMemFree (pv=0x5c74c60) [0156.040] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.040] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76740000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0156.040] CoTaskMemFree (pv=0x5c74c60) [0156.040] GetModuleInformation (in: hProcess=0x640, hModule=0x769f0000, lpmodinfo=0x292d13c, cb=0xc | out: lpmodinfo=0x292d13c*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0156.041] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.041] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x769f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0156.041] CoTaskMemFree (pv=0x5c74c60) [0156.041] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.041] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x769f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0156.042] CoTaskMemFree (pv=0x5c74c60) [0156.042] GetModuleInformation (in: hProcess=0x640, hModule=0x76380000, lpmodinfo=0x292f24c, cb=0xc | out: lpmodinfo=0x292f24c*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0156.042] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.042] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76380000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0156.043] CoTaskMemFree (pv=0x5c74c60) [0156.043] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.043] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76380000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0156.043] CoTaskMemFree (pv=0x5c74c60) [0156.043] GetModuleInformation (in: hProcess=0x640, hModule=0x73ca0000, lpmodinfo=0x293135c, cb=0xc | out: lpmodinfo=0x293135c*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0156.044] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.044] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0156.044] CoTaskMemFree (pv=0x5c74c60) [0156.044] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.044] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0156.045] CoTaskMemFree (pv=0x5c74c60) [0156.045] GetModuleInformation (in: hProcess=0x640, hModule=0x714a0000, lpmodinfo=0x2933474, cb=0xc | out: lpmodinfo=0x2933474*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0156.046] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.046] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x714a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0156.046] CoTaskMemFree (pv=0x5c74c60) [0156.046] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.046] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x714a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0156.047] CoTaskMemFree (pv=0x5c74c60) [0156.047] GetModuleInformation (in: hProcess=0x640, hModule=0x723e0000, lpmodinfo=0x29355bc, cb=0xc | out: lpmodinfo=0x29355bc*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0156.047] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.047] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x723e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0156.048] CoTaskMemFree (pv=0x5c74c60) [0156.048] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.048] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x723e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0156.049] CoTaskMemFree (pv=0x5c74c60) [0156.049] GetModuleInformation (in: hProcess=0x640, hModule=0x72330000, lpmodinfo=0x293770c, cb=0xc | out: lpmodinfo=0x293770c*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0156.049] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.049] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x72330000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0156.050] CoTaskMemFree (pv=0x5c74c60) [0156.050] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.050] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x72330000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0156.050] CoTaskMemFree (pv=0x5c74c60) [0156.050] GetModuleInformation (in: hProcess=0x640, hModule=0x70090000, lpmodinfo=0x293984c, cb=0xc | out: lpmodinfo=0x293984c*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0156.051] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.051] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70090000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0156.051] CoTaskMemFree (pv=0x5c74c60) [0156.051] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.051] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70090000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0156.052] CoTaskMemFree (pv=0x5c74c60) [0156.052] GetModuleInformation (in: hProcess=0x640, hModule=0x75370000, lpmodinfo=0x293ba00, cb=0xc | out: lpmodinfo=0x293ba00*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0156.053] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.053] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75370000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0156.053] CoTaskMemFree (pv=0x5c74c60) [0156.053] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.054] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75370000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0156.054] CoTaskMemFree (pv=0x5c74c60) [0156.054] GetModuleInformation (in: hProcess=0x640, hModule=0x73bb0000, lpmodinfo=0x293db10, cb=0xc | out: lpmodinfo=0x293db10*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0156.055] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.055] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73bb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0156.055] CoTaskMemFree (pv=0x5c74c60) [0156.055] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.055] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73bb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0156.056] CoTaskMemFree (pv=0x5c74c60) [0156.056] GetModuleInformation (in: hProcess=0x640, hModule=0x74aa0000, lpmodinfo=0x293fc28, cb=0xc | out: lpmodinfo=0x293fc28*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0156.057] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.057] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74aa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0156.057] CoTaskMemFree (pv=0x5c74c60) [0156.057] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.057] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74aa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0156.058] CoTaskMemFree (pv=0x5c74c60) [0156.058] GetModuleInformation (in: hProcess=0x640, hModule=0x722a0000, lpmodinfo=0x2941d98, cb=0xc | out: lpmodinfo=0x2941d98*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0156.059] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.059] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x722a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0156.059] CoTaskMemFree (pv=0x5c74c60) [0156.059] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.059] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x722a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0156.060] CoTaskMemFree (pv=0x5c74c60) [0156.060] GetModuleInformation (in: hProcess=0x640, hModule=0x76a50000, lpmodinfo=0x2943ee4, cb=0xc | out: lpmodinfo=0x2943ee4*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0156.060] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.061] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0156.061] CoTaskMemFree (pv=0x5c74c60) [0156.061] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.061] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0156.062] CoTaskMemFree (pv=0x5c74c60) [0156.062] GetModuleInformation (in: hProcess=0x640, hModule=0x6f630000, lpmodinfo=0x2946004, cb=0xc | out: lpmodinfo=0x2946004*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0156.063] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.063] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f630000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0156.063] CoTaskMemFree (pv=0x5c74c60) [0156.063] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.063] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f630000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0156.064] CoTaskMemFree (pv=0x5c74c60) [0156.064] GetModuleInformation (in: hProcess=0x640, hModule=0x720f0000, lpmodinfo=0x29481ac, cb=0xc | out: lpmodinfo=0x29481ac*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0156.065] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.065] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x720f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0156.068] CoTaskMemFree (pv=0x5c74c60) [0156.068] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.068] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x720f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0156.068] CoTaskMemFree (pv=0x5c74c60) [0156.068] GetModuleInformation (in: hProcess=0x640, hModule=0x6e7c0000, lpmodinfo=0x294a384, cb=0xc | out: lpmodinfo=0x294a384*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0156.069] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.069] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6e7c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0156.070] CoTaskMemFree (pv=0x5c74c60) [0156.070] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.070] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6e7c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0156.071] CoTaskMemFree (pv=0x5c74c60) [0156.071] GetModuleInformation (in: hProcess=0x640, hModule=0x6dfa0000, lpmodinfo=0x294c68c, cb=0xc | out: lpmodinfo=0x294c68c*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0156.071] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.071] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dfa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0156.072] CoTaskMemFree (pv=0x5c74c60) [0156.072] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.072] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dfa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0156.073] CoTaskMemFree (pv=0x5c74c60) [0156.073] GetModuleInformation (in: hProcess=0x640, hModule=0x71f00000, lpmodinfo=0x294e854, cb=0xc | out: lpmodinfo=0x294e854*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0156.074] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.074] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71f00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0156.075] CoTaskMemFree (pv=0x5c74c60) [0156.075] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.075] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71f00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0156.075] CoTaskMemFree (pv=0x5c74c60) [0156.076] GetModuleInformation (in: hProcess=0x640, hModule=0x71df0000, lpmodinfo=0x2950a54, cb=0xc | out: lpmodinfo=0x2950a54*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0156.076] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.076] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71df0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0156.077] CoTaskMemFree (pv=0x5c74c60) [0156.077] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.077] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71df0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0156.078] CoTaskMemFree (pv=0x5c74c60) [0156.078] GetModuleInformation (in: hProcess=0x640, hModule=0x6d820000, lpmodinfo=0x2952c50, cb=0xc | out: lpmodinfo=0x2952c50*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0156.079] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.079] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d820000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0156.080] CoTaskMemFree (pv=0x5c74c60) [0156.080] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.080] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d820000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0156.082] CoTaskMemFree (pv=0x5c74c60) [0156.082] GetModuleInformation (in: hProcess=0x640, hModule=0x74a80000, lpmodinfo=0x2954e10, cb=0xc | out: lpmodinfo=0x2954e10*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0156.083] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.083] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a80000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0156.084] CoTaskMemFree (pv=0x5c74c60) [0156.084] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.084] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a80000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0156.085] CoTaskMemFree (pv=0x5c74c60) [0156.085] GetModuleInformation (in: hProcess=0x640, hModule=0x75730000, lpmodinfo=0x2956f6c, cb=0xc | out: lpmodinfo=0x2956f6c*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0156.086] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.086] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75730000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0156.087] CoTaskMemFree (pv=0x5c74c60) [0156.087] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.087] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75730000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0156.088] CoTaskMemFree (pv=0x5c74c60) [0156.088] GetModuleInformation (in: hProcess=0x640, hModule=0x73d60000, lpmodinfo=0x2959084, cb=0xc | out: lpmodinfo=0x2959084*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0156.089] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.089] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73d60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0156.091] CoTaskMemFree (pv=0x5c74c60) [0156.091] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.091] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73d60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0156.092] CoTaskMemFree (pv=0x5c74c60) [0156.092] GetModuleInformation (in: hProcess=0x640, hModule=0x71dd0000, lpmodinfo=0x295b19c, cb=0xc | out: lpmodinfo=0x295b19c*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0156.093] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.093] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71dd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0156.094] CoTaskMemFree (pv=0x5c74c60) [0156.094] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.094] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71dd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0156.095] CoTaskMemFree (pv=0x5c74c60) [0156.095] GetModuleInformation (in: hProcess=0x640, hModule=0x73a30000, lpmodinfo=0x295d2b4, cb=0xc | out: lpmodinfo=0x295d2b4*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0156.105] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.105] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0156.106] CoTaskMemFree (pv=0x5c74c60) [0156.106] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.106] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0156.108] CoTaskMemFree (pv=0x5c74c60) [0156.108] GetModuleInformation (in: hProcess=0x640, hModule=0x739f0000, lpmodinfo=0x295f3cc, cb=0xc | out: lpmodinfo=0x295f3cc*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0156.109] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.109] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x739f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0156.110] CoTaskMemFree (pv=0x5c74c60) [0156.110] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.110] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x739f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0156.111] CoTaskMemFree (pv=0x5c74c60) [0156.112] GetModuleInformation (in: hProcess=0x640, hModule=0x754e0000, lpmodinfo=0x29614e4, cb=0xc | out: lpmodinfo=0x29614e4*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0156.113] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.113] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0156.114] CoTaskMemFree (pv=0x5c74c60) [0156.114] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.114] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0156.115] CoTaskMemFree (pv=0x5c74c60) [0156.115] GetModuleInformation (in: hProcess=0x640, hModule=0x73ae0000, lpmodinfo=0x2963600, cb=0xc | out: lpmodinfo=0x2963600*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0156.117] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.117] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0156.118] CoTaskMemFree (pv=0x5c74c60) [0156.118] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.118] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0156.119] CoTaskMemFree (pv=0x5c74c60) [0156.119] GetModuleInformation (in: hProcess=0x640, hModule=0x73ac0000, lpmodinfo=0x2965720, cb=0xc | out: lpmodinfo=0x2965720*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0156.121] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.121] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ac0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0156.122] CoTaskMemFree (pv=0x5c74c60) [0156.122] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.122] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ac0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0156.123] CoTaskMemFree (pv=0x5c74c60) [0156.123] GetModuleInformation (in: hProcess=0x640, hModule=0x76920000, lpmodinfo=0x2967838, cb=0xc | out: lpmodinfo=0x2967838*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0156.124] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.124] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76920000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0156.126] CoTaskMemFree (pv=0x5c74c60) [0156.126] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.126] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76920000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0156.127] CoTaskMemFree (pv=0x5c74c60) [0156.127] GetModuleInformation (in: hProcess=0x640, hModule=0x754d0000, lpmodinfo=0x2969950, cb=0xc | out: lpmodinfo=0x2969950*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0156.129] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.129] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754d0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0156.130] CoTaskMemFree (pv=0x5c74c60) [0156.130] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.130] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754d0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0156.131] CoTaskMemFree (pv=0x5c74c60) [0156.131] GetModuleInformation (in: hProcess=0x640, hModule=0x73ab0000, lpmodinfo=0x296ba58, cb=0xc | out: lpmodinfo=0x296ba58*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0156.133] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.133] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0156.134] CoTaskMemFree (pv=0x5c74c60) [0156.134] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.134] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0156.135] CoTaskMemFree (pv=0x5c74c60) [0156.135] GetModuleInformation (in: hProcess=0x640, hModule=0x73c60000, lpmodinfo=0x296db70, cb=0xc | out: lpmodinfo=0x296db70*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0156.137] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.137] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0156.138] CoTaskMemFree (pv=0x5c74c60) [0156.138] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.138] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0156.139] CoTaskMemFree (pv=0x5c74c60) [0156.139] GetModuleInformation (in: hProcess=0x640, hModule=0x73c50000, lpmodinfo=0x296fc88, cb=0xc | out: lpmodinfo=0x296fc88*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0156.140] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.140] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0156.141] CoTaskMemFree (pv=0x5c74c60) [0156.141] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.141] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0156.143] CoTaskMemFree (pv=0x5c74c60) [0156.143] GetModuleInformation (in: hProcess=0x640, hModule=0x73c40000, lpmodinfo=0x2971da8, cb=0xc | out: lpmodinfo=0x2971da8*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0156.144] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.144] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0156.145] CoTaskMemFree (pv=0x5c74c60) [0156.145] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.145] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0156.146] CoTaskMemFree (pv=0x5c74c60) [0156.146] GetModuleInformation (in: hProcess=0x640, hModule=0x71d70000, lpmodinfo=0x2973ec0, cb=0xc | out: lpmodinfo=0x2973ec0*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0156.147] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.147] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0156.148] CoTaskMemFree (pv=0x5c74c60) [0156.148] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.148] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0156.149] CoTaskMemFree (pv=0x5c74c60) [0156.149] GetModuleInformation (in: hProcess=0x640, hModule=0x71d20000, lpmodinfo=0x2975fd8, cb=0xc | out: lpmodinfo=0x2975fd8*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0156.150] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.150] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d20000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0156.151] CoTaskMemFree (pv=0x5c74c60) [0156.151] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.151] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d20000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0156.152] CoTaskMemFree (pv=0x5c74c60) [0156.152] GetModuleInformation (in: hProcess=0x640, hModule=0x71d10000, lpmodinfo=0x29780e8, cb=0xc | out: lpmodinfo=0x29780e8*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0156.153] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.153] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0156.155] CoTaskMemFree (pv=0x5c74c60) [0156.155] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.155] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0156.156] CoTaskMemFree (pv=0x5c74c60) [0156.156] GetModuleInformation (in: hProcess=0x640, hModule=0x73cc0000, lpmodinfo=0x297a200, cb=0xc | out: lpmodinfo=0x297a200*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0156.157] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.157] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0156.159] CoTaskMemFree (pv=0x5c74c60) [0156.159] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.159] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0156.161] CoTaskMemFree (pv=0x5c74c60) [0156.161] GetModuleInformation (in: hProcess=0x640, hModule=0x73cb0000, lpmodinfo=0x297c320, cb=0xc | out: lpmodinfo=0x297c320*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0156.162] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.162] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73cb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0156.163] CoTaskMemFree (pv=0x5c74c60) [0156.163] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.163] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73cb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0156.167] CoTaskMemFree (pv=0x5c74c60) [0156.167] GetModuleInformation (in: hProcess=0x640, hModule=0x71d00000, lpmodinfo=0x297e438, cb=0xc | out: lpmodinfo=0x297e438*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0156.169] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.169] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71d00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0156.170] CoTaskMemFree (pv=0x5c74c60) [0156.170] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.170] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71d00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0156.172] CoTaskMemFree (pv=0x5c74c60) [0156.172] GetModuleInformation (in: hProcess=0x640, hModule=0x71ce0000, lpmodinfo=0x2980558, cb=0xc | out: lpmodinfo=0x2980558*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0156.173] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.173] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0156.175] CoTaskMemFree (pv=0x5c74c60) [0156.175] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.175] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0156.176] CoTaskMemFree (pv=0x5c74c60) [0156.176] GetModuleInformation (in: hProcess=0x640, hModule=0x73b60000, lpmodinfo=0x2982678, cb=0xc | out: lpmodinfo=0x2982678*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0156.178] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.178] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0156.179] CoTaskMemFree (pv=0x5c74c60) [0156.179] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.179] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0156.181] CoTaskMemFree (pv=0x5c74c60) [0156.181] GetModuleInformation (in: hProcess=0x640, hModule=0x73ce0000, lpmodinfo=0x29847a0, cb=0xc | out: lpmodinfo=0x29847a0*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0156.182] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.182] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0156.183] CoTaskMemFree (pv=0x5c74c60) [0156.183] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.183] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0156.185] CoTaskMemFree (pv=0x5c74c60) [0156.185] GetModuleInformation (in: hProcess=0x640, hModule=0x73c30000, lpmodinfo=0x29868b8, cb=0xc | out: lpmodinfo=0x29868b8*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0156.186] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.186] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73c30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0156.188] CoTaskMemFree (pv=0x5c74c60) [0156.188] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.188] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73c30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0156.189] CoTaskMemFree (pv=0x5c74c60) [0156.189] GetModuleInformation (in: hProcess=0x640, hModule=0x73b70000, lpmodinfo=0x29889d8, cb=0xc | out: lpmodinfo=0x29889d8*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0156.191] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.191] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73b70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0156.192] CoTaskMemFree (pv=0x5c74c60) [0156.192] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.192] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73b70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0156.194] CoTaskMemFree (pv=0x5c74c60) [0156.194] GetModuleInformation (in: hProcess=0x640, hModule=0x71cd0000, lpmodinfo=0x298aaf8, cb=0xc | out: lpmodinfo=0x298aaf8*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0156.195] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.195] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71cd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0156.197] CoTaskMemFree (pv=0x5c74c60) [0156.197] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.197] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71cd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0156.198] CoTaskMemFree (pv=0x5c74c60) [0156.198] GetModuleInformation (in: hProcess=0x640, hModule=0x71c90000, lpmodinfo=0x298cc10, cb=0xc | out: lpmodinfo=0x298cc10*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0156.200] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.200] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0156.201] CoTaskMemFree (pv=0x5c74c60) [0156.201] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.201] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0156.203] CoTaskMemFree (pv=0x5c74c60) [0156.203] GetModuleInformation (in: hProcess=0x640, hModule=0x754f0000, lpmodinfo=0x298ef3c, cb=0xc | out: lpmodinfo=0x298ef3c*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0156.204] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.204] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x754f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0156.206] CoTaskMemFree (pv=0x5c74c60) [0156.206] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.206] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x754f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0156.207] CoTaskMemFree (pv=0x5c74c60) [0156.207] GetModuleInformation (in: hProcess=0x640, hModule=0x74d50000, lpmodinfo=0x2991054, cb=0xc | out: lpmodinfo=0x2991054*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0156.209] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.209] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0156.211] CoTaskMemFree (pv=0x5c74c60) [0156.211] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.211] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0156.212] CoTaskMemFree (pv=0x5c74c60) [0156.212] GetModuleInformation (in: hProcess=0x640, hModule=0x71c50000, lpmodinfo=0x299316c, cb=0xc | out: lpmodinfo=0x299316c*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0156.214] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.214] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0156.215] CoTaskMemFree (pv=0x5c74c60) [0156.215] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.215] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0156.217] CoTaskMemFree (pv=0x5c74c60) [0156.217] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7a0000, lpmodinfo=0x2995284, cb=0xc | out: lpmodinfo=0x2995284*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0156.219] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.219] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0156.220] CoTaskMemFree (pv=0x5c74c60) [0156.220] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.220] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0156.222] CoTaskMemFree (pv=0x5c74c60) [0156.222] GetModuleInformation (in: hProcess=0x640, hModule=0x6d800000, lpmodinfo=0x29973c4, cb=0xc | out: lpmodinfo=0x29973c4*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0156.223] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.223] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d800000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0156.225] CoTaskMemFree (pv=0x5c74c60) [0156.225] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.225] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d800000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0156.227] CoTaskMemFree (pv=0x5c74c60) [0156.227] GetModuleInformation (in: hProcess=0x640, hModule=0x6d7e0000, lpmodinfo=0x29994dc, cb=0xc | out: lpmodinfo=0x29994dc*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0156.228] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.228] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d7e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0156.230] CoTaskMemFree (pv=0x5c74c60) [0156.230] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.230] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d7e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0156.232] CoTaskMemFree (pv=0x5c74c60) [0156.232] GetModuleInformation (in: hProcess=0x640, hModule=0x6d680000, lpmodinfo=0x299b5f8, cb=0xc | out: lpmodinfo=0x299b5f8*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0156.233] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.233] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d680000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0156.235] CoTaskMemFree (pv=0x5c74c60) [0156.235] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.235] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d680000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0156.237] CoTaskMemFree (pv=0x5c74c60) [0156.237] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4f0000, lpmodinfo=0x299d7cc, cb=0xc | out: lpmodinfo=0x299d7cc*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0156.238] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.239] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0156.240] CoTaskMemFree (pv=0x5c74c60) [0156.240] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.240] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0156.242] CoTaskMemFree (pv=0x5c74c60) [0156.242] GetModuleInformation (in: hProcess=0x640, hModule=0x6d3f0000, lpmodinfo=0x299f988, cb=0xc | out: lpmodinfo=0x299f988*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0156.244] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.244] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d3f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0156.245] CoTaskMemFree (pv=0x5c74c60) [0156.246] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.246] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d3f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0156.247] CoTaskMemFree (pv=0x5c74c60) [0156.247] GetModuleInformation (in: hProcess=0x640, hModule=0x6c620000, lpmodinfo=0x29a1ab8, cb=0xc | out: lpmodinfo=0x29a1ab8*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0156.249] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.249] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0156.251] CoTaskMemFree (pv=0x5c74c60) [0156.251] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0156.251] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0156.253] CoTaskMemFree (pv=0x5c74c60) [0156.253] CloseHandle (hObject=0x640) returned 1 [0156.253] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0156.253] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0156.254] lstrlenA (lpString="ActivateActCtx") returned 14 [0156.254] lstrlenA (lpString="AddAtomA") returned 8 [0156.254] lstrlenA (lpString="AddAtomW") returned 8 [0156.254] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0156.254] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0156.254] lstrlenA (lpString="AddDllDirectory") returned 15 [0156.254] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0156.254] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0156.254] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0156.254] lstrlenA (lpString="AddRefActCtx") returned 12 [0156.255] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0156.255] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0156.255] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0156.255] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0156.255] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0156.255] lstrlenA (lpString="AllocConsole") returned 12 [0156.255] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0156.255] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0156.255] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0156.255] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0156.256] lstrlenA (lpString="AreFileApisANSI") returned 15 [0156.256] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0156.256] lstrlenA (lpString="AttachConsole") returned 13 [0156.256] lstrlenA (lpString="BackupRead") returned 10 [0156.256] lstrlenA (lpString="BackupSeek") returned 10 [0156.256] lstrlenA (lpString="BackupWrite") returned 11 [0156.256] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0156.256] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0156.256] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0156.256] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0156.257] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0156.257] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0156.257] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0156.257] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0156.257] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0156.257] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0156.257] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0156.257] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0156.257] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0156.257] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0156.258] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0156.258] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0156.258] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0156.258] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0156.258] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0156.258] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0156.258] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0156.258] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0156.258] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0156.258] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0156.259] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0156.259] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0156.259] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0156.259] lstrlenA (lpString="Beep") returned 4 [0156.259] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0156.259] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0156.259] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0156.259] lstrlenA (lpString="BuildCommDCBA") returned 13 [0156.260] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0156.260] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0156.260] lstrlenA (lpString="BuildCommDCBW") returned 13 [0156.260] lstrlenA (lpString="CallNamedPipeA") returned 14 [0156.260] lstrlenA (lpString="CallNamedPipeW") returned 14 [0156.260] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0156.260] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0156.260] lstrlenA (lpString="CancelIo") returned 8 [0156.260] lstrlenA (lpString="CancelIoEx") returned 10 [0156.261] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0156.261] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0156.261] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0156.261] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0156.261] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0156.261] lstrlenA (lpString="CheckElevation") returned 14 [0156.261] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0156.261] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0156.262] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0156.262] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0156.262] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0156.262] lstrlenA (lpString="ClearCommBreak") returned 14 [0156.262] lstrlenA (lpString="ClearCommError") returned 14 [0156.262] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0156.262] lstrlenA (lpString="CloseHandle") returned 11 [0156.262] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0156.262] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0156.263] lstrlenA (lpString="CloseThreadpool") returned 15 [0156.263] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0156.263] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0156.263] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0156.263] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0156.263] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0156.263] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0156.263] lstrlenA (lpString="CmdBatNotification") returned 18 [0156.263] lstrlenA (lpString="CommConfigDialogA") returned 17 [0156.264] lstrlenA (lpString="CommConfigDialogW") returned 17 [0156.264] lstrlenA (lpString="CompareCalendarDates") returned 20 [0156.264] lstrlenA (lpString="CompareFileTime") returned 15 [0156.264] lstrlenA (lpString="CompareStringA") returned 14 [0156.264] lstrlenA (lpString="CompareStringEx") returned 15 [0156.264] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0156.264] lstrlenA (lpString="CompareStringW") returned 14 [0156.264] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0156.264] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0156.265] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0156.265] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0156.265] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0156.265] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0156.265] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0156.265] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0156.265] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0156.265] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0156.265] lstrlenA (lpString="CopyContext") returned 11 [0156.265] lstrlenA (lpString="CopyFileA") returned 9 [0156.266] lstrlenA (lpString="CopyFileExA") returned 11 [0156.266] lstrlenA (lpString="CopyFileExW") returned 11 [0156.266] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0156.266] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0156.266] lstrlenA (lpString="CopyFileW") returned 9 [0156.266] lstrlenA (lpString="CopyLZFile") returned 10 [0156.266] lstrlenA (lpString="CreateActCtxA") returned 13 [0156.266] lstrlenA (lpString="CreateActCtxW") returned 13 [0156.266] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0156.266] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0156.267] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0156.267] lstrlenA (lpString="CreateDirectoryA") returned 16 [0156.267] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0156.267] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0156.267] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0156.267] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0156.267] lstrlenA (lpString="CreateDirectoryW") returned 16 [0156.267] lstrlenA (lpString="CreateEventA") returned 12 [0156.267] lstrlenA (lpString="CreateEventExA") returned 14 [0156.267] lstrlenA (lpString="CreateEventExW") returned 14 [0156.267] lstrlenA (lpString="CreateEventW") returned 12 [0156.267] lstrlenA (lpString="CreateFiber") returned 11 [0156.267] lstrlenA (lpString="CreateFiberEx") returned 13 [0156.267] lstrlenA (lpString="CreateFileA") returned 11 [0156.268] lstrlenA (lpString="CreateFileMappingA") returned 18 [0156.268] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0156.268] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0156.268] lstrlenA (lpString="CreateFileMappingW") returned 18 [0156.280] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0156.280] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0156.280] lstrlenA (lpString="CreateFileW") returned 11 [0156.280] lstrlenA (lpString="CreateHardLinkA") returned 15 [0156.280] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0156.280] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0156.280] lstrlenA (lpString="CreateHardLinkW") returned 15 [0156.280] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0156.280] lstrlenA (lpString="CreateJobObjectA") returned 16 [0156.281] lstrlenA (lpString="CreateJobObjectW") returned 16 [0156.281] lstrlenA (lpString="CreateJobSet") returned 12 [0156.281] lstrlenA (lpString="CreateMailslotA") returned 15 [0156.281] lstrlenA (lpString="CreateMailslotW") returned 15 [0156.281] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0156.281] lstrlenA (lpString="CreateMutexA") returned 12 [0156.281] lstrlenA (lpString="CreateMutexExA") returned 14 [0156.281] lstrlenA (lpString="CreateMutexExW") returned 14 [0156.281] lstrlenA (lpString="CreateMutexW") returned 12 [0156.281] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0156.281] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0156.281] lstrlenA (lpString="CreatePipe") returned 10 [0156.281] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0156.282] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0156.282] lstrlenA (lpString="CreateProcessA") returned 14 [0156.282] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0156.282] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0156.282] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0156.282] lstrlenA (lpString="CreateProcessW") returned 14 [0156.282] lstrlenA (lpString="CreateRemoteThread") returned 18 [0156.282] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0156.282] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0156.282] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0156.282] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0156.283] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0156.283] lstrlenA (lpString="CreateSocketHandle") returned 18 [0156.283] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0156.283] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0156.283] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0156.283] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0156.283] lstrlenA (lpString="CreateTapePartition") returned 19 [0156.283] lstrlenA (lpString="CreateThread") returned 12 [0156.283] lstrlenA (lpString="CreateThreadpool") returned 16 [0156.283] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0156.283] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0156.284] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0156.284] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0156.284] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0156.284] lstrlenA (lpString="CreateTimerQueue") returned 16 [0156.284] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0156.284] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0156.284] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0156.284] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0156.284] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0156.284] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0156.284] lstrlenA (lpString="CtrlRoutine") returned 11 [0156.284] lstrlenA (lpString="DeactivateActCtx") returned 16 [0156.285] lstrlenA (lpString="DebugActiveProcess") returned 18 [0156.285] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0156.285] lstrlenA (lpString="DebugBreak") returned 10 [0156.285] lstrlenA (lpString="DebugBreakProcess") returned 17 [0156.285] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0156.285] lstrlenA (lpString="DecodePointer") returned 13 [0156.285] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0156.285] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0156.285] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0156.285] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0156.285] lstrlenA (lpString="DeleteAtom") returned 10 [0156.286] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0156.286] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0156.286] lstrlenA (lpString="DeleteFiber") returned 11 [0156.286] lstrlenA (lpString="DeleteFileA") returned 11 [0156.286] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0156.286] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0156.286] lstrlenA (lpString="DeleteFileW") returned 11 [0156.286] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0156.286] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0156.286] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0156.286] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0156.286] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0156.286] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0156.287] lstrlenA (lpString="DeviceIoControl") returned 15 [0156.287] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0156.287] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0156.287] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0156.287] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0156.287] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0156.287] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0156.287] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0156.287] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0156.287] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0156.287] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0156.287] lstrlenA (lpString="DuplicateHandle") returned 15 [0156.287] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0156.288] lstrlenA (lpString="EncodePointer") returned 13 [0156.288] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0156.288] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0156.288] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0156.288] lstrlenA (lpString="EnterCriticalSection") returned 20 [0156.288] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0156.288] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0156.288] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0156.288] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0156.288] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0156.288] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0156.289] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0156.289] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0156.289] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0156.289] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x7efde008, lpBuffer=0x29001c0*, nSize=0x4, lpNumberOfBytesWritten=0x29b604c | out: lpBuffer=0x29001c0*, lpNumberOfBytesWritten=0x29b604c*=0x4) returned 1 [0156.298] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x640 [0156.304] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x7d0, cHandles=0x1, pHandles=0x3cc8c4*=0x640, lpdwindex=0x3cc6e8 | out: lpdwindex=0x3cc6e8) returned 0x80010115 [0158.312] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x63c [0158.313] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1f4, cHandles=0x1, pHandles=0x3cc8c4*=0x63c, lpdwindex=0x3cc6e8 | out: lpdwindex=0x3cc6e8) returned 0x80010115 [0158.924] EnumProcessModules (in: hProcess=0x644, lphModule=0x29bd780, cb=0x100, lpcbNeeded=0x3cc744 | out: lphModule=0x29bd780, lpcbNeeded=0x3cc744) returned 1 [0158.926] EnumProcessModules (in: hProcess=0x644, lphModule=0x29bd88c, cb=0x200, lpcbNeeded=0x3cc744 | out: lphModule=0x29bd88c, lpcbNeeded=0x3cc744) returned 1 [0158.928] GetModuleInformation (in: hProcess=0x644, hModule=0x11e0000, lpmodinfo=0x29bdacc, cb=0xc | out: lpmodinfo=0x29bdacc*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0158.928] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.928] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x11e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0158.928] CoTaskMemFree (pv=0x5c74c60) [0158.929] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.929] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x11e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0158.929] CoTaskMemFree (pv=0x5c74c60) [0158.929] GetModuleInformation (in: hProcess=0x644, hModule=0x77150000, lpmodinfo=0x29bfc24, cb=0xc | out: lpmodinfo=0x29bfc24*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0158.929] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.929] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x77150000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0158.930] CoTaskMemFree (pv=0x5c74c60) [0158.930] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.930] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x77150000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0158.930] CoTaskMemFree (pv=0x5c74c60) [0158.930] GetModuleInformation (in: hProcess=0x644, hModule=0x74b40000, lpmodinfo=0x29c1d34, cb=0xc | out: lpmodinfo=0x29c1d34*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0158.930] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.930] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74b40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0158.931] CoTaskMemFree (pv=0x5c74c60) [0158.931] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.931] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74b40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0158.931] CoTaskMemFree (pv=0x5c74c60) [0158.931] GetModuleInformation (in: hProcess=0x644, hModule=0x75620000, lpmodinfo=0x29c3e4c, cb=0xc | out: lpmodinfo=0x29c3e4c*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0158.931] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.931] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0158.932] CoTaskMemFree (pv=0x5c74c60) [0158.932] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.932] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0158.932] CoTaskMemFree (pv=0x5c74c60) [0158.932] GetModuleInformation (in: hProcess=0x644, hModule=0x74dc0000, lpmodinfo=0x29c5f6c, cb=0xc | out: lpmodinfo=0x29c5f6c*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0158.932] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.932] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74dc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0158.933] CoTaskMemFree (pv=0x5c74c60) [0158.933] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.933] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74dc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0158.933] CoTaskMemFree (pv=0x5c74c60) [0158.933] GetModuleInformation (in: hProcess=0x644, hModule=0x767e0000, lpmodinfo=0x29c80c0, cb=0xc | out: lpmodinfo=0x29c80c0*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0158.933] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.933] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x767e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0158.934] CoTaskMemFree (pv=0x5c74c60) [0158.934] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.934] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x767e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0158.934] CoTaskMemFree (pv=0x5c74c60) [0158.934] GetModuleInformation (in: hProcess=0x644, hModule=0x752c0000, lpmodinfo=0x29ca1e0, cb=0xc | out: lpmodinfo=0x29ca1e0*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0158.935] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.935] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x752c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0158.935] CoTaskMemFree (pv=0x5c74c60) [0158.935] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.935] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x752c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0158.935] CoTaskMemFree (pv=0x5c74c60) [0158.936] GetModuleInformation (in: hProcess=0x644, hModule=0x74e10000, lpmodinfo=0x29cc2f8, cb=0xc | out: lpmodinfo=0x29cc2f8*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0158.936] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.936] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74e10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0158.936] CoTaskMemFree (pv=0x5c74c60) [0158.936] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.937] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74e10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0158.937] CoTaskMemFree (pv=0x5c74c60) [0158.937] GetModuleInformation (in: hProcess=0x644, hModule=0x76450000, lpmodinfo=0x29ce410, cb=0xc | out: lpmodinfo=0x29ce410*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0158.938] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.938] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76450000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0158.938] CoTaskMemFree (pv=0x5c74c60) [0158.938] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.938] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76450000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0158.939] CoTaskMemFree (pv=0x5c74c60) [0158.939] GetModuleInformation (in: hProcess=0x644, hModule=0x74ca0000, lpmodinfo=0x29d0574, cb=0xc | out: lpmodinfo=0x29d0574*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0158.939] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.939] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0158.939] CoTaskMemFree (pv=0x5c74c60) [0158.939] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.939] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0158.940] CoTaskMemFree (pv=0x5c74c60) [0158.940] GetModuleInformation (in: hProcess=0x644, hModule=0x74c90000, lpmodinfo=0x29d268c, cb=0xc | out: lpmodinfo=0x29d268c*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0158.940] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.940] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0158.941] CoTaskMemFree (pv=0x5c74c60) [0158.941] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.941] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0158.941] CoTaskMemFree (pv=0x5c74c60) [0158.941] GetModuleInformation (in: hProcess=0x644, hModule=0x74ab0000, lpmodinfo=0x29d47ac, cb=0xc | out: lpmodinfo=0x29d47ac*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0158.942] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.942] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0158.942] CoTaskMemFree (pv=0x5c74c60) [0158.942] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.942] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0158.943] CoTaskMemFree (pv=0x5c74c60) [0158.943] GetModuleInformation (in: hProcess=0x644, hModule=0x72cc0000, lpmodinfo=0x29d6900, cb=0xc | out: lpmodinfo=0x29d6900*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0158.943] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.943] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x72cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0158.944] CoTaskMemFree (pv=0x5c74c60) [0158.944] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.944] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x72cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0158.944] CoTaskMemFree (pv=0x5c74c60) [0158.944] GetModuleInformation (in: hProcess=0x644, hModule=0x76540000, lpmodinfo=0x29d8a70, cb=0xc | out: lpmodinfo=0x29d8a70*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0158.945] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.945] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76540000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0158.945] CoTaskMemFree (pv=0x5c74c60) [0158.945] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.946] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76540000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0158.946] CoTaskMemFree (pv=0x5c74c60) [0158.946] GetModuleInformation (in: hProcess=0x644, hModule=0x76ae0000, lpmodinfo=0x29dab88, cb=0xc | out: lpmodinfo=0x29dab88*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0158.947] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.947] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0158.947] CoTaskMemFree (pv=0x5c74c60) [0158.947] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.947] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0158.948] CoTaskMemFree (pv=0x5c74c60) [0158.948] GetModuleInformation (in: hProcess=0x644, hModule=0x74f70000, lpmodinfo=0x29dcc98, cb=0xc | out: lpmodinfo=0x29dcc98*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0158.948] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.948] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74f70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0158.949] CoTaskMemFree (pv=0x5c74c60) [0158.949] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.949] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74f70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0158.949] CoTaskMemFree (pv=0x5c74c60) [0158.950] GetModuleInformation (in: hProcess=0x644, hModule=0x77120000, lpmodinfo=0x29dedb0, cb=0xc | out: lpmodinfo=0x29dedb0*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0158.950] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.950] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x77120000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0158.951] CoTaskMemFree (pv=0x5c74c60) [0158.951] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.951] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x77120000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0158.951] CoTaskMemFree (pv=0x5c74c60) [0158.951] GetModuleInformation (in: hProcess=0x644, hModule=0x76740000, lpmodinfo=0x29e0f44, cb=0xc | out: lpmodinfo=0x29e0f44*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0158.952] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.952] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76740000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0158.953] CoTaskMemFree (pv=0x5c74c60) [0158.953] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.953] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76740000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0158.953] CoTaskMemFree (pv=0x5c74c60) [0158.953] GetModuleInformation (in: hProcess=0x644, hModule=0x769f0000, lpmodinfo=0x29e3054, cb=0xc | out: lpmodinfo=0x29e3054*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0158.954] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.954] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x769f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0158.955] CoTaskMemFree (pv=0x5c74c60) [0158.955] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.955] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x769f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0158.955] CoTaskMemFree (pv=0x5c74c60) [0158.955] GetModuleInformation (in: hProcess=0x644, hModule=0x76380000, lpmodinfo=0x29e5164, cb=0xc | out: lpmodinfo=0x29e5164*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0158.956] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.956] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76380000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0158.957] CoTaskMemFree (pv=0x5c74c60) [0158.957] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.957] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76380000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0158.957] CoTaskMemFree (pv=0x5c74c60) [0158.957] GetModuleInformation (in: hProcess=0x644, hModule=0x73ca0000, lpmodinfo=0x29e7274, cb=0xc | out: lpmodinfo=0x29e7274*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0158.958] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.958] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73ca0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0158.959] CoTaskMemFree (pv=0x5c74c60) [0158.959] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.959] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73ca0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0158.959] CoTaskMemFree (pv=0x5c74c60) [0158.959] GetModuleInformation (in: hProcess=0x644, hModule=0x714a0000, lpmodinfo=0x29e938c, cb=0xc | out: lpmodinfo=0x29e938c*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0158.960] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.960] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x714a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0158.961] CoTaskMemFree (pv=0x5c74c60) [0158.961] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.961] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x714a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0158.961] CoTaskMemFree (pv=0x5c74c60) [0158.961] GetModuleInformation (in: hProcess=0x644, hModule=0x723e0000, lpmodinfo=0x29eb4c8, cb=0xc | out: lpmodinfo=0x29eb4c8*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0158.962] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.962] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x723e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0158.963] CoTaskMemFree (pv=0x5c74c60) [0158.963] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.963] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x723e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0158.964] CoTaskMemFree (pv=0x5c74c60) [0158.964] GetModuleInformation (in: hProcess=0x644, hModule=0x72330000, lpmodinfo=0x29ed624, cb=0xc | out: lpmodinfo=0x29ed624*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0158.964] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.964] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x72330000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0158.965] CoTaskMemFree (pv=0x5c74c60) [0158.965] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.965] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x72330000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0158.966] CoTaskMemFree (pv=0x5c74c60) [0158.966] GetModuleInformation (in: hProcess=0x644, hModule=0x70090000, lpmodinfo=0x29ef764, cb=0xc | out: lpmodinfo=0x29ef764*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0158.967] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.967] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x70090000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0158.968] CoTaskMemFree (pv=0x5c74c60) [0158.968] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.968] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x70090000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0158.968] CoTaskMemFree (pv=0x5c74c60) [0158.968] GetModuleInformation (in: hProcess=0x644, hModule=0x75370000, lpmodinfo=0x29f1918, cb=0xc | out: lpmodinfo=0x29f1918*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0158.969] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.969] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75370000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0158.970] CoTaskMemFree (pv=0x5c74c60) [0158.970] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.970] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75370000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0158.971] CoTaskMemFree (pv=0x5c74c60) [0158.971] GetModuleInformation (in: hProcess=0x644, hModule=0x73bb0000, lpmodinfo=0x29f3a28, cb=0xc | out: lpmodinfo=0x29f3a28*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0158.972] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.972] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73bb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0158.972] CoTaskMemFree (pv=0x5c74c60) [0158.972] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.972] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73bb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0158.973] CoTaskMemFree (pv=0x5c74c60) [0158.973] GetModuleInformation (in: hProcess=0x644, hModule=0x74aa0000, lpmodinfo=0x29f5b40, cb=0xc | out: lpmodinfo=0x29f5b40*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0158.974] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.974] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74aa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0158.975] CoTaskMemFree (pv=0x5c74c60) [0158.975] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.975] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74aa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0158.976] CoTaskMemFree (pv=0x5c74c60) [0158.976] GetModuleInformation (in: hProcess=0x644, hModule=0x722a0000, lpmodinfo=0x29f7cb0, cb=0xc | out: lpmodinfo=0x29f7cb0*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0158.976] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.977] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x722a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0158.977] CoTaskMemFree (pv=0x5c74c60) [0158.977] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.977] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x722a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0158.978] CoTaskMemFree (pv=0x5c74c60) [0158.978] GetModuleInformation (in: hProcess=0x644, hModule=0x76a50000, lpmodinfo=0x29f9dfc, cb=0xc | out: lpmodinfo=0x29f9dfc*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0158.979] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.979] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76a50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0158.980] CoTaskMemFree (pv=0x5c74c60) [0158.980] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.980] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76a50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0158.981] CoTaskMemFree (pv=0x5c74c60) [0158.981] GetModuleInformation (in: hProcess=0x644, hModule=0x6f630000, lpmodinfo=0x29fbf1c, cb=0xc | out: lpmodinfo=0x29fbf1c*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0158.982] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.982] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6f630000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0158.983] CoTaskMemFree (pv=0x5c74c60) [0158.983] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.983] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6f630000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0158.984] CoTaskMemFree (pv=0x5c74c60) [0158.984] GetModuleInformation (in: hProcess=0x644, hModule=0x720f0000, lpmodinfo=0x29fe0c4, cb=0xc | out: lpmodinfo=0x29fe0c4*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0158.985] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.985] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x720f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0158.985] CoTaskMemFree (pv=0x5c74c60) [0158.986] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.986] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x720f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0158.986] CoTaskMemFree (pv=0x5c74c60) [0158.986] GetModuleInformation (in: hProcess=0x644, hModule=0x6e7c0000, lpmodinfo=0x2a0029c, cb=0xc | out: lpmodinfo=0x2a0029c*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0158.987] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.987] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6e7c0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0158.988] CoTaskMemFree (pv=0x5c74c60) [0158.988] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.988] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6e7c0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0158.989] CoTaskMemFree (pv=0x5c74c60) [0158.989] GetModuleInformation (in: hProcess=0x644, hModule=0x6dfa0000, lpmodinfo=0x2a025a4, cb=0xc | out: lpmodinfo=0x2a025a4*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0158.990] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.990] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6dfa0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0158.991] CoTaskMemFree (pv=0x5c74c60) [0158.991] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0158.991] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6dfa0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0158.992] CoTaskMemFree (pv=0x5c74c60) [0158.992] GetModuleInformation (in: hProcess=0x644, hModule=0x71f00000, lpmodinfo=0x2a0476c, cb=0xc | out: lpmodinfo=0x2a0476c*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0159.005] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.005] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71f00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0159.007] CoTaskMemFree (pv=0x5c74c60) [0159.007] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.007] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71f00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0159.008] CoTaskMemFree (pv=0x5c74c60) [0159.008] GetModuleInformation (in: hProcess=0x644, hModule=0x71df0000, lpmodinfo=0x2a0696c, cb=0xc | out: lpmodinfo=0x2a0696c*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0159.009] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.009] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71df0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0159.010] CoTaskMemFree (pv=0x5c74c60) [0159.010] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.010] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71df0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0159.011] CoTaskMemFree (pv=0x5c74c60) [0159.011] GetModuleInformation (in: hProcess=0x644, hModule=0x6d820000, lpmodinfo=0x2a08b68, cb=0xc | out: lpmodinfo=0x2a08b68*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0159.012] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.012] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d820000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0159.013] CoTaskMemFree (pv=0x5c74c60) [0159.013] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.013] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d820000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0159.014] CoTaskMemFree (pv=0x5c74c60) [0159.014] GetModuleInformation (in: hProcess=0x644, hModule=0x74a80000, lpmodinfo=0x2a0ad28, cb=0xc | out: lpmodinfo=0x2a0ad28*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0159.015] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.015] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74a80000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0159.016] CoTaskMemFree (pv=0x5c74c60) [0159.016] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.016] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74a80000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0159.017] CoTaskMemFree (pv=0x5c74c60) [0159.017] GetModuleInformation (in: hProcess=0x644, hModule=0x75730000, lpmodinfo=0x2a0ce84, cb=0xc | out: lpmodinfo=0x2a0ce84*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0159.018] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.018] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75730000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0159.019] CoTaskMemFree (pv=0x5c74c60) [0159.019] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.019] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75730000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0159.020] CoTaskMemFree (pv=0x5c74c60) [0159.020] GetModuleInformation (in: hProcess=0x644, hModule=0x73d60000, lpmodinfo=0x2a0ef9c, cb=0xc | out: lpmodinfo=0x2a0ef9c*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0159.021] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.021] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73d60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0159.023] CoTaskMemFree (pv=0x5c74c60) [0159.023] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.023] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73d60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0159.024] CoTaskMemFree (pv=0x5c74c60) [0159.024] GetModuleInformation (in: hProcess=0x644, hModule=0x71dd0000, lpmodinfo=0x2a110b4, cb=0xc | out: lpmodinfo=0x2a110b4*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0159.025] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.025] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71dd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0159.026] CoTaskMemFree (pv=0x5c74c60) [0159.026] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.026] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71dd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0159.027] CoTaskMemFree (pv=0x5c74c60) [0159.027] GetModuleInformation (in: hProcess=0x644, hModule=0x73a30000, lpmodinfo=0x2a131cc, cb=0xc | out: lpmodinfo=0x2a131cc*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0159.028] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.028] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73a30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0159.029] CoTaskMemFree (pv=0x5c74c60) [0159.029] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.029] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73a30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0159.030] CoTaskMemFree (pv=0x5c74c60) [0159.031] GetModuleInformation (in: hProcess=0x644, hModule=0x739f0000, lpmodinfo=0x2a152e4, cb=0xc | out: lpmodinfo=0x2a152e4*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0159.032] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.032] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x739f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0159.033] CoTaskMemFree (pv=0x5c74c60) [0159.033] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.033] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x739f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0159.034] CoTaskMemFree (pv=0x5c74c60) [0159.034] GetModuleInformation (in: hProcess=0x644, hModule=0x754e0000, lpmodinfo=0x2a173fc, cb=0xc | out: lpmodinfo=0x2a173fc*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0159.035] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.035] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x754e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0159.036] CoTaskMemFree (pv=0x5c74c60) [0159.036] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.036] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x754e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0159.037] CoTaskMemFree (pv=0x5c74c60) [0159.038] GetModuleInformation (in: hProcess=0x644, hModule=0x73ae0000, lpmodinfo=0x2a1950c, cb=0xc | out: lpmodinfo=0x2a1950c*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0159.039] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.039] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73ae0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0159.040] CoTaskMemFree (pv=0x5c74c60) [0159.040] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.040] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73ae0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0159.041] CoTaskMemFree (pv=0x5c74c60) [0159.041] GetModuleInformation (in: hProcess=0x644, hModule=0x73ac0000, lpmodinfo=0x2a1b638, cb=0xc | out: lpmodinfo=0x2a1b638*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0159.042] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.042] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73ac0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0159.043] CoTaskMemFree (pv=0x5c74c60) [0159.044] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.044] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73ac0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0159.045] CoTaskMemFree (pv=0x5c74c60) [0159.045] GetModuleInformation (in: hProcess=0x644, hModule=0x76920000, lpmodinfo=0x2a1d750, cb=0xc | out: lpmodinfo=0x2a1d750*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0159.069] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.070] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76920000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0159.071] CoTaskMemFree (pv=0x5c74c60) [0159.071] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.071] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76920000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0159.072] CoTaskMemFree (pv=0x5c74c60) [0159.072] GetModuleInformation (in: hProcess=0x644, hModule=0x754d0000, lpmodinfo=0x278c0a4, cb=0xc | out: lpmodinfo=0x278c0a4*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0159.074] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.074] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x754d0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0159.075] CoTaskMemFree (pv=0x5c74c60) [0159.075] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.075] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x754d0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0159.077] CoTaskMemFree (pv=0x5c74c60) [0159.077] GetModuleInformation (in: hProcess=0x644, hModule=0x73ab0000, lpmodinfo=0x278e1ac, cb=0xc | out: lpmodinfo=0x278e1ac*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0159.078] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.078] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73ab0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0159.079] CoTaskMemFree (pv=0x5c74c60) [0159.079] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.079] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73ab0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0159.081] CoTaskMemFree (pv=0x5c74c60) [0159.081] GetModuleInformation (in: hProcess=0x644, hModule=0x73c60000, lpmodinfo=0x27902c4, cb=0xc | out: lpmodinfo=0x27902c4*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0159.082] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.082] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73c60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0159.083] CoTaskMemFree (pv=0x5c74c60) [0159.084] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.084] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73c60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0159.085] CoTaskMemFree (pv=0x5c74c60) [0159.085] GetModuleInformation (in: hProcess=0x644, hModule=0x73c50000, lpmodinfo=0x27923dc, cb=0xc | out: lpmodinfo=0x27923dc*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0159.086] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.086] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0159.088] CoTaskMemFree (pv=0x5c74c60) [0159.088] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.088] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0159.089] CoTaskMemFree (pv=0x5c74c60) [0159.089] GetModuleInformation (in: hProcess=0x644, hModule=0x73c40000, lpmodinfo=0x27944fc, cb=0xc | out: lpmodinfo=0x27944fc*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0159.090] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.090] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73c40000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0159.092] CoTaskMemFree (pv=0x5c74c60) [0159.092] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.092] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73c40000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0159.093] CoTaskMemFree (pv=0x5c74c60) [0159.093] GetModuleInformation (in: hProcess=0x644, hModule=0x71d70000, lpmodinfo=0x2796614, cb=0xc | out: lpmodinfo=0x2796614*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0159.095] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.095] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71d70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0159.096] CoTaskMemFree (pv=0x5c74c60) [0159.096] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.096] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71d70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0159.097] CoTaskMemFree (pv=0x5c74c60) [0159.098] GetModuleInformation (in: hProcess=0x644, hModule=0x71d20000, lpmodinfo=0x279872c, cb=0xc | out: lpmodinfo=0x279872c*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0159.099] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.099] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71d20000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0159.100] CoTaskMemFree (pv=0x5c74c60) [0159.100] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.100] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71d20000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0159.102] CoTaskMemFree (pv=0x5c74c60) [0159.102] GetModuleInformation (in: hProcess=0x644, hModule=0x71d10000, lpmodinfo=0x279a83c, cb=0xc | out: lpmodinfo=0x279a83c*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0159.103] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.103] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71d10000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0159.105] CoTaskMemFree (pv=0x5c74c60) [0159.105] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.105] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71d10000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0159.106] CoTaskMemFree (pv=0x5c74c60) [0159.106] GetModuleInformation (in: hProcess=0x644, hModule=0x73cc0000, lpmodinfo=0x279c954, cb=0xc | out: lpmodinfo=0x279c954*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0159.109] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.109] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73cc0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0159.110] CoTaskMemFree (pv=0x5c74c60) [0159.111] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.111] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73cc0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0159.112] CoTaskMemFree (pv=0x5c74c60) [0159.112] GetModuleInformation (in: hProcess=0x644, hModule=0x73cb0000, lpmodinfo=0x279ea74, cb=0xc | out: lpmodinfo=0x279ea74*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0159.113] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.114] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73cb0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0159.115] CoTaskMemFree (pv=0x5c74c60) [0159.115] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.115] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73cb0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0159.117] CoTaskMemFree (pv=0x5c74c60) [0159.117] GetModuleInformation (in: hProcess=0x644, hModule=0x71d00000, lpmodinfo=0x27a0b8c, cb=0xc | out: lpmodinfo=0x27a0b8c*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0159.118] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.118] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71d00000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0159.119] CoTaskMemFree (pv=0x5c74c60) [0159.120] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.120] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71d00000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0159.121] CoTaskMemFree (pv=0x5c74c60) [0159.121] GetModuleInformation (in: hProcess=0x644, hModule=0x71ce0000, lpmodinfo=0x27a2cac, cb=0xc | out: lpmodinfo=0x27a2cac*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0159.123] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.123] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0159.124] CoTaskMemFree (pv=0x5c74c60) [0159.124] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.125] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0159.126] CoTaskMemFree (pv=0x5c74c60) [0159.126] GetModuleInformation (in: hProcess=0x644, hModule=0x73b60000, lpmodinfo=0x27a4dcc, cb=0xc | out: lpmodinfo=0x27a4dcc*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0159.127] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.127] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73b60000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0159.129] CoTaskMemFree (pv=0x5c74c60) [0159.129] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.129] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73b60000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0159.131] CoTaskMemFree (pv=0x5c74c60) [0159.131] GetModuleInformation (in: hProcess=0x644, hModule=0x73ce0000, lpmodinfo=0x27a6ef4, cb=0xc | out: lpmodinfo=0x27a6ef4*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0159.132] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.132] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73ce0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0159.134] CoTaskMemFree (pv=0x5c74c60) [0159.134] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.134] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73ce0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0159.135] CoTaskMemFree (pv=0x5c74c60) [0159.135] GetModuleInformation (in: hProcess=0x644, hModule=0x73c30000, lpmodinfo=0x27a900c, cb=0xc | out: lpmodinfo=0x27a900c*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0159.137] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.137] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73c30000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0159.139] CoTaskMemFree (pv=0x5c74c60) [0159.139] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.139] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73c30000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0159.140] CoTaskMemFree (pv=0x5c74c60) [0159.140] GetModuleInformation (in: hProcess=0x644, hModule=0x73b70000, lpmodinfo=0x27ab12c, cb=0xc | out: lpmodinfo=0x27ab12c*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0159.142] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.142] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73b70000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0159.144] CoTaskMemFree (pv=0x5c74c60) [0159.144] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.144] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73b70000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0159.145] CoTaskMemFree (pv=0x5c74c60) [0159.145] GetModuleInformation (in: hProcess=0x644, hModule=0x71cd0000, lpmodinfo=0x27ad24c, cb=0xc | out: lpmodinfo=0x27ad24c*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0159.147] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.147] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71cd0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0159.148] CoTaskMemFree (pv=0x5c74c60) [0159.149] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.149] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71cd0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0159.151] CoTaskMemFree (pv=0x5c74c60) [0159.151] GetModuleInformation (in: hProcess=0x644, hModule=0x71c90000, lpmodinfo=0x27af364, cb=0xc | out: lpmodinfo=0x27af364*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0159.153] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.153] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71c90000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0159.155] CoTaskMemFree (pv=0x5c74c60) [0159.155] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.155] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71c90000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0159.156] CoTaskMemFree (pv=0x5c74c60) [0159.156] GetModuleInformation (in: hProcess=0x644, hModule=0x754f0000, lpmodinfo=0x27b1690, cb=0xc | out: lpmodinfo=0x27b1690*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0159.158] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.158] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x754f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0159.160] CoTaskMemFree (pv=0x5c74c60) [0159.160] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.160] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x754f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0159.161] CoTaskMemFree (pv=0x5c74c60) [0159.161] GetModuleInformation (in: hProcess=0x644, hModule=0x74d50000, lpmodinfo=0x27b37a8, cb=0xc | out: lpmodinfo=0x27b37a8*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0159.163] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.163] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74d50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0159.165] CoTaskMemFree (pv=0x5c74c60) [0159.165] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.165] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74d50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0159.167] CoTaskMemFree (pv=0x5c74c60) [0159.167] GetModuleInformation (in: hProcess=0x644, hModule=0x71c50000, lpmodinfo=0x27b58c0, cb=0xc | out: lpmodinfo=0x27b58c0*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0159.168] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.168] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71c50000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0159.170] CoTaskMemFree (pv=0x5c74c60) [0159.170] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.170] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71c50000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0159.172] CoTaskMemFree (pv=0x5c74c60) [0159.172] GetModuleInformation (in: hProcess=0x644, hModule=0x6d7a0000, lpmodinfo=0x27b79d8, cb=0xc | out: lpmodinfo=0x27b79d8*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0159.174] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.174] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d7a0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0159.175] CoTaskMemFree (pv=0x5c74c60) [0159.175] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.175] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d7a0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0159.177] CoTaskMemFree (pv=0x5c74c60) [0159.177] GetModuleInformation (in: hProcess=0x644, hModule=0x6d800000, lpmodinfo=0x27b9b18, cb=0xc | out: lpmodinfo=0x27b9b18*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0159.179] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.179] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d800000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0159.181] CoTaskMemFree (pv=0x5c74c60) [0159.181] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.181] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d800000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0159.183] CoTaskMemFree (pv=0x5c74c60) [0159.183] GetModuleInformation (in: hProcess=0x644, hModule=0x6d7e0000, lpmodinfo=0x27bbc30, cb=0xc | out: lpmodinfo=0x27bbc30*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0159.184] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.184] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d7e0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0159.186] CoTaskMemFree (pv=0x5c74c60) [0159.186] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.186] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d7e0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0159.188] CoTaskMemFree (pv=0x5c74c60) [0159.188] GetModuleInformation (in: hProcess=0x644, hModule=0x6d680000, lpmodinfo=0x27bdd40, cb=0xc | out: lpmodinfo=0x27bdd40*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0159.190] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.190] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d680000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0159.192] CoTaskMemFree (pv=0x5c74c60) [0159.192] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.192] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d680000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0159.194] CoTaskMemFree (pv=0x5c74c60) [0159.194] GetModuleInformation (in: hProcess=0x644, hModule=0x6d4f0000, lpmodinfo=0x27bff14, cb=0xc | out: lpmodinfo=0x27bff14*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0159.196] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.196] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d4f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0159.197] CoTaskMemFree (pv=0x5c74c60) [0159.197] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.197] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d4f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0159.199] CoTaskMemFree (pv=0x5c74c60) [0159.199] GetModuleInformation (in: hProcess=0x644, hModule=0x6d3f0000, lpmodinfo=0x27c20dc, cb=0xc | out: lpmodinfo=0x27c20dc*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0159.201] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.201] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d3f0000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0159.203] CoTaskMemFree (pv=0x5c74c60) [0159.203] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.203] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d3f0000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0159.205] CoTaskMemFree (pv=0x5c74c60) [0159.205] GetModuleInformation (in: hProcess=0x644, hModule=0x6c620000, lpmodinfo=0x27c420c, cb=0xc | out: lpmodinfo=0x27c420c*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0159.207] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.207] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6c620000, lpBaseName=0x5c74c60, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0159.208] CoTaskMemFree (pv=0x5c74c60) [0159.208] CoTaskMemAlloc (cb=0x804) returned 0x5c74c60 [0159.209] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6c620000, lpFilename=0x5c74c60, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0159.210] CoTaskMemFree (pv=0x5c74c60) [0159.211] CloseHandle (hObject=0x644) returned 1 [0159.223] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0159.223] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0159.223] lstrlenA (lpString="ActivateActCtx") returned 14 [0159.224] lstrlenA (lpString="AddAtomA") returned 8 [0159.224] lstrlenA (lpString="AddAtomW") returned 8 [0159.224] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0159.224] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0159.224] lstrlenA (lpString="AddDllDirectory") returned 15 [0159.224] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0159.224] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0159.224] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0159.224] lstrlenA (lpString="AddRefActCtx") returned 12 [0159.225] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0159.225] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0159.225] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0159.225] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0159.225] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0159.225] lstrlenA (lpString="AllocConsole") returned 12 [0159.225] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0159.225] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0159.225] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0159.225] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0159.226] lstrlenA (lpString="AreFileApisANSI") returned 15 [0159.226] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0159.226] lstrlenA (lpString="AttachConsole") returned 13 [0159.226] lstrlenA (lpString="BackupRead") returned 10 [0159.226] lstrlenA (lpString="BackupSeek") returned 10 [0159.226] lstrlenA (lpString="BackupWrite") returned 11 [0159.226] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0159.226] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0159.226] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0159.227] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0159.227] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0159.227] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0159.227] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0159.227] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0159.227] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0159.227] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0159.227] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0159.227] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0159.227] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0159.228] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0159.228] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0159.228] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0159.228] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0159.228] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0159.228] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0159.228] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0159.228] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0159.228] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0159.229] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0159.229] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0159.229] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0159.229] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0159.229] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0159.229] lstrlenA (lpString="Beep") returned 4 [0159.229] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0159.229] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0159.230] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0159.230] lstrlenA (lpString="BuildCommDCBA") returned 13 [0159.230] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0159.230] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0159.230] lstrlenA (lpString="BuildCommDCBW") returned 13 [0159.230] lstrlenA (lpString="CallNamedPipeA") returned 14 [0159.230] lstrlenA (lpString="CallNamedPipeW") returned 14 [0159.230] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0159.230] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0159.231] lstrlenA (lpString="CancelIo") returned 8 [0159.231] lstrlenA (lpString="CancelIoEx") returned 10 [0159.231] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0159.231] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0159.231] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0159.231] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0159.231] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0159.231] lstrlenA (lpString="CheckElevation") returned 14 [0159.231] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0159.231] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0159.232] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0159.232] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0159.232] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0159.232] lstrlenA (lpString="ClearCommBreak") returned 14 [0159.232] lstrlenA (lpString="ClearCommError") returned 14 [0159.232] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0159.232] lstrlenA (lpString="CloseHandle") returned 11 [0159.232] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0159.232] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0159.233] lstrlenA (lpString="CloseThreadpool") returned 15 [0159.233] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0159.233] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0159.233] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0159.233] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0159.233] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0159.233] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0159.233] lstrlenA (lpString="CmdBatNotification") returned 18 [0159.233] lstrlenA (lpString="CommConfigDialogA") returned 17 [0159.234] lstrlenA (lpString="CommConfigDialogW") returned 17 [0159.234] lstrlenA (lpString="CompareCalendarDates") returned 20 [0159.234] lstrlenA (lpString="CompareFileTime") returned 15 [0159.234] lstrlenA (lpString="CompareStringA") returned 14 [0159.234] lstrlenA (lpString="CompareStringEx") returned 15 [0159.234] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0159.234] lstrlenA (lpString="CompareStringW") returned 14 [0159.234] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0159.234] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0159.234] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0159.235] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0159.235] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0159.235] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0159.235] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0159.235] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0159.235] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0159.235] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0159.235] lstrlenA (lpString="CopyContext") returned 11 [0159.235] lstrlenA (lpString="CopyFileA") returned 9 [0159.236] lstrlenA (lpString="CopyFileExA") returned 11 [0159.236] lstrlenA (lpString="CopyFileExW") returned 11 [0159.236] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0159.236] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0159.236] lstrlenA (lpString="CopyFileW") returned 9 [0159.236] lstrlenA (lpString="CopyLZFile") returned 10 [0159.236] lstrlenA (lpString="CreateActCtxA") returned 13 [0159.236] lstrlenA (lpString="CreateActCtxW") returned 13 [0159.236] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0159.236] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0159.237] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0159.237] lstrlenA (lpString="CreateDirectoryA") returned 16 [0159.237] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0159.237] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0159.237] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0159.237] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0159.237] lstrlenA (lpString="CreateDirectoryW") returned 16 [0159.237] lstrlenA (lpString="CreateEventA") returned 12 [0159.237] lstrlenA (lpString="CreateEventExA") returned 14 [0159.237] lstrlenA (lpString="CreateEventExW") returned 14 [0159.237] lstrlenA (lpString="CreateEventW") returned 12 [0159.237] lstrlenA (lpString="CreateFiber") returned 11 [0159.238] lstrlenA (lpString="CreateFiberEx") returned 13 [0159.238] lstrlenA (lpString="CreateFileA") returned 11 [0159.238] lstrlenA (lpString="CreateFileMappingA") returned 18 [0159.238] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0159.238] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0159.238] lstrlenA (lpString="CreateFileMappingW") returned 18 [0159.238] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0159.238] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0159.238] lstrlenA (lpString="CreateFileW") returned 11 [0159.238] lstrlenA (lpString="CreateHardLinkA") returned 15 [0159.238] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0159.238] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0159.238] lstrlenA (lpString="CreateHardLinkW") returned 15 [0159.238] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0159.239] lstrlenA (lpString="CreateJobObjectA") returned 16 [0159.239] lstrlenA (lpString="CreateJobObjectW") returned 16 [0159.239] lstrlenA (lpString="CreateJobSet") returned 12 [0159.239] lstrlenA (lpString="CreateMailslotA") returned 15 [0159.239] lstrlenA (lpString="CreateMailslotW") returned 15 [0159.239] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0159.239] lstrlenA (lpString="CreateMutexA") returned 12 [0159.239] lstrlenA (lpString="CreateMutexExA") returned 14 [0159.239] lstrlenA (lpString="CreateMutexExW") returned 14 [0159.239] lstrlenA (lpString="CreateMutexW") returned 12 [0159.239] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0159.239] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0159.239] lstrlenA (lpString="CreatePipe") returned 10 [0159.239] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0159.240] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0159.240] lstrlenA (lpString="CreateProcessA") returned 14 [0159.240] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0159.240] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0159.240] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0159.240] lstrlenA (lpString="CreateProcessW") returned 14 [0159.240] lstrlenA (lpString="CreateRemoteThread") returned 18 [0159.240] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0159.240] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0159.240] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0159.240] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0159.240] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0159.240] lstrlenA (lpString="CreateSocketHandle") returned 18 [0159.240] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0159.241] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0159.241] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0159.241] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0159.241] lstrlenA (lpString="CreateTapePartition") returned 19 [0159.241] lstrlenA (lpString="CreateThread") returned 12 [0159.241] lstrlenA (lpString="CreateThreadpool") returned 16 [0159.241] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0159.241] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0159.241] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0159.241] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0159.241] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0159.241] lstrlenA (lpString="CreateTimerQueue") returned 16 [0159.241] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0159.241] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0159.242] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0159.242] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0159.242] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0159.242] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0159.242] lstrlenA (lpString="CtrlRoutine") returned 11 [0159.242] lstrlenA (lpString="DeactivateActCtx") returned 16 [0159.242] lstrlenA (lpString="DebugActiveProcess") returned 18 [0159.242] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0159.242] lstrlenA (lpString="DebugBreak") returned 10 [0159.242] lstrlenA (lpString="DebugBreakProcess") returned 17 [0159.242] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0159.242] lstrlenA (lpString="DecodePointer") returned 13 [0159.242] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0159.242] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0159.242] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0159.243] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0159.243] lstrlenA (lpString="DeleteAtom") returned 10 [0159.243] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0159.243] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0159.243] lstrlenA (lpString="DeleteFiber") returned 11 [0159.243] lstrlenA (lpString="DeleteFileA") returned 11 [0159.243] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0159.243] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0159.243] lstrlenA (lpString="DeleteFileW") returned 11 [0159.243] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0159.244] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0159.244] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0159.244] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0159.244] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0159.244] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0159.244] lstrlenA (lpString="DeviceIoControl") returned 15 [0159.244] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0159.244] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0159.244] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0159.244] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0159.244] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0159.244] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0159.244] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0159.244] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0159.245] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0159.245] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0159.245] lstrlenA (lpString="DuplicateHandle") returned 15 [0159.245] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0159.245] lstrlenA (lpString="EncodePointer") returned 13 [0159.245] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0159.245] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0159.245] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0159.245] lstrlenA (lpString="EnterCriticalSection") returned 20 [0159.245] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0159.245] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0159.245] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0159.245] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0159.245] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0159.246] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0159.246] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0159.246] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0159.246] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0159.269] VirtualProtectEx (in: hProcess=0x638, lpAddress=0x400000, dwSize=0x3a000, flNewProtect=0x1, lpflOldProtect=0x27d7a68 | out: lpflOldProtect=0x27d7a68*=0x40) returned 1 [0159.271] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x644 [0159.272] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x7530, cHandles=0x1, pHandles=0x3cc8c4*=0x644, lpdwindex=0x3cc6e8 | out: lpdwindex=0x3cc6e8) returned 0x80010115 [0193.345] EnumProcessModules (in: hProcess=0x304, lphModule=0x27df354, cb=0x100, lpcbNeeded=0x3cc744 | out: lphModule=0x27df354, lpcbNeeded=0x3cc744) returned 1 [0193.347] EnumProcessModules (in: hProcess=0x304, lphModule=0x27df460, cb=0x200, lpcbNeeded=0x3cc744 | out: lphModule=0x27df460, lpcbNeeded=0x3cc744) returned 1 [0193.350] GetModuleInformation (in: hProcess=0x304, hModule=0x11e0000, lpmodinfo=0x27df6a0, cb=0xc | out: lpmodinfo=0x27df6a0*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0193.350] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.351] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x11e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0193.351] CoTaskMemFree (pv=0x4eb248) [0193.351] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.351] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x11e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0193.352] CoTaskMemFree (pv=0x4eb248) [0193.352] GetModuleInformation (in: hProcess=0x304, hModule=0x77150000, lpmodinfo=0x27e17f8, cb=0xc | out: lpmodinfo=0x27e17f8*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0193.352] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.352] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x77150000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0193.353] CoTaskMemFree (pv=0x4eb248) [0193.353] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.353] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x77150000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0193.353] CoTaskMemFree (pv=0x4eb248) [0193.353] GetModuleInformation (in: hProcess=0x304, hModule=0x74b40000, lpmodinfo=0x27e3908, cb=0xc | out: lpmodinfo=0x27e3908*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0193.354] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.354] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74b40000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0193.354] CoTaskMemFree (pv=0x4eb248) [0193.354] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.354] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74b40000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0193.355] CoTaskMemFree (pv=0x4eb248) [0193.355] GetModuleInformation (in: hProcess=0x304, hModule=0x75620000, lpmodinfo=0x27e5a20, cb=0xc | out: lpmodinfo=0x27e5a20*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0193.355] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.355] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75620000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0193.356] CoTaskMemFree (pv=0x4eb248) [0193.356] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.356] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75620000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0193.356] CoTaskMemFree (pv=0x4eb248) [0193.356] GetModuleInformation (in: hProcess=0x304, hModule=0x74dc0000, lpmodinfo=0x27e7b40, cb=0xc | out: lpmodinfo=0x27e7b40*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0193.357] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.357] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74dc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0193.358] CoTaskMemFree (pv=0x4eb248) [0193.358] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.358] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74dc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0193.358] CoTaskMemFree (pv=0x4eb248) [0193.358] GetModuleInformation (in: hProcess=0x304, hModule=0x767e0000, lpmodinfo=0x27e9c94, cb=0xc | out: lpmodinfo=0x27e9c94*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0193.359] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.359] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x767e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0193.359] CoTaskMemFree (pv=0x4eb248) [0193.359] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.359] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x767e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0193.360] CoTaskMemFree (pv=0x4eb248) [0193.360] GetModuleInformation (in: hProcess=0x304, hModule=0x752c0000, lpmodinfo=0x27ebdb4, cb=0xc | out: lpmodinfo=0x27ebdb4*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0193.361] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.361] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x752c0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0193.361] CoTaskMemFree (pv=0x4eb248) [0193.361] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.361] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x752c0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0193.362] CoTaskMemFree (pv=0x4eb248) [0193.362] GetModuleInformation (in: hProcess=0x304, hModule=0x74e10000, lpmodinfo=0x27edecc, cb=0xc | out: lpmodinfo=0x27edecc*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0193.363] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.363] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74e10000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0193.363] CoTaskMemFree (pv=0x4eb248) [0193.363] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.363] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74e10000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0193.364] CoTaskMemFree (pv=0x4eb248) [0193.364] GetModuleInformation (in: hProcess=0x304, hModule=0x76450000, lpmodinfo=0x27efff0, cb=0xc | out: lpmodinfo=0x27efff0*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0193.365] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.365] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76450000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0193.366] CoTaskMemFree (pv=0x4eb248) [0193.366] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.366] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76450000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0193.366] CoTaskMemFree (pv=0x4eb248) [0193.366] GetModuleInformation (in: hProcess=0x304, hModule=0x74ca0000, lpmodinfo=0x27f2154, cb=0xc | out: lpmodinfo=0x27f2154*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0193.367] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.367] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ca0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0193.368] CoTaskMemFree (pv=0x4eb248) [0193.368] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.368] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ca0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0193.368] CoTaskMemFree (pv=0x4eb248) [0193.369] GetModuleInformation (in: hProcess=0x304, hModule=0x74c90000, lpmodinfo=0x27f426c, cb=0xc | out: lpmodinfo=0x27f426c*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0193.369] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.369] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74c90000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0193.370] CoTaskMemFree (pv=0x4eb248) [0193.370] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.370] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74c90000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0193.371] CoTaskMemFree (pv=0x4eb248) [0193.371] GetModuleInformation (in: hProcess=0x304, hModule=0x74ab0000, lpmodinfo=0x27f638c, cb=0xc | out: lpmodinfo=0x27f638c*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0193.371] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.371] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ab0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0193.372] CoTaskMemFree (pv=0x4eb248) [0193.372] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.372] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ab0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0193.373] CoTaskMemFree (pv=0x4eb248) [0193.373] GetModuleInformation (in: hProcess=0x304, hModule=0x72cc0000, lpmodinfo=0x27f84e0, cb=0xc | out: lpmodinfo=0x27f84e0*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0193.374] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.374] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x72cc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0193.375] CoTaskMemFree (pv=0x4eb248) [0193.375] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.375] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x72cc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0193.376] CoTaskMemFree (pv=0x4eb248) [0193.376] GetModuleInformation (in: hProcess=0x304, hModule=0x76540000, lpmodinfo=0x27fa650, cb=0xc | out: lpmodinfo=0x27fa650*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0193.376] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.376] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76540000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0193.377] CoTaskMemFree (pv=0x4eb248) [0193.377] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.377] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76540000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0193.378] CoTaskMemFree (pv=0x4eb248) [0193.378] GetModuleInformation (in: hProcess=0x304, hModule=0x76ae0000, lpmodinfo=0x27fc768, cb=0xc | out: lpmodinfo=0x27fc768*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0193.379] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.379] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76ae0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0193.380] CoTaskMemFree (pv=0x4eb248) [0193.380] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.380] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76ae0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0193.383] CoTaskMemFree (pv=0x4eb248) [0193.383] GetModuleInformation (in: hProcess=0x304, hModule=0x74f70000, lpmodinfo=0x27fe878, cb=0xc | out: lpmodinfo=0x27fe878*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0193.384] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.384] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74f70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0193.384] CoTaskMemFree (pv=0x4eb248) [0193.384] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.384] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74f70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0193.385] CoTaskMemFree (pv=0x4eb248) [0193.385] GetModuleInformation (in: hProcess=0x304, hModule=0x77120000, lpmodinfo=0x2800990, cb=0xc | out: lpmodinfo=0x2800990*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0193.386] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.386] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x77120000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0193.387] CoTaskMemFree (pv=0x4eb248) [0193.387] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.387] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x77120000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0193.387] CoTaskMemFree (pv=0x4eb248) [0193.387] GetModuleInformation (in: hProcess=0x304, hModule=0x76740000, lpmodinfo=0x2802b24, cb=0xc | out: lpmodinfo=0x2802b24*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0193.388] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.388] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76740000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0193.389] CoTaskMemFree (pv=0x4eb248) [0193.389] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.389] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76740000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0193.390] CoTaskMemFree (pv=0x4eb248) [0193.390] GetModuleInformation (in: hProcess=0x304, hModule=0x769f0000, lpmodinfo=0x2804c34, cb=0xc | out: lpmodinfo=0x2804c34*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0193.391] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.391] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x769f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0193.392] CoTaskMemFree (pv=0x4eb248) [0193.392] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.392] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x769f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0193.393] CoTaskMemFree (pv=0x4eb248) [0193.393] GetModuleInformation (in: hProcess=0x304, hModule=0x76380000, lpmodinfo=0x2806d44, cb=0xc | out: lpmodinfo=0x2806d44*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0193.394] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.394] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76380000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0193.395] CoTaskMemFree (pv=0x4eb248) [0193.395] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.395] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76380000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0193.395] CoTaskMemFree (pv=0x4eb248) [0193.395] GetModuleInformation (in: hProcess=0x304, hModule=0x73ca0000, lpmodinfo=0x2808e54, cb=0xc | out: lpmodinfo=0x2808e54*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0193.396] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.396] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ca0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0193.396] CoTaskMemFree (pv=0x4eb248) [0193.396] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.396] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ca0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0193.397] CoTaskMemFree (pv=0x4eb248) [0193.397] GetModuleInformation (in: hProcess=0x304, hModule=0x714a0000, lpmodinfo=0x280af6c, cb=0xc | out: lpmodinfo=0x280af6c*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0193.398] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.398] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x714a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0193.399] CoTaskMemFree (pv=0x4eb248) [0193.399] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.399] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x714a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0193.399] CoTaskMemFree (pv=0x4eb248) [0193.399] GetModuleInformation (in: hProcess=0x304, hModule=0x723e0000, lpmodinfo=0x280d0a8, cb=0xc | out: lpmodinfo=0x280d0a8*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0193.400] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.400] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x723e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0193.400] CoTaskMemFree (pv=0x4eb248) [0193.400] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.400] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x723e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0193.401] CoTaskMemFree (pv=0x4eb248) [0193.401] GetModuleInformation (in: hProcess=0x304, hModule=0x72330000, lpmodinfo=0x280f1f8, cb=0xc | out: lpmodinfo=0x280f1f8*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0193.402] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.402] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x72330000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0193.403] CoTaskMemFree (pv=0x4eb248) [0193.403] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.403] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x72330000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0193.404] CoTaskMemFree (pv=0x4eb248) [0193.404] GetModuleInformation (in: hProcess=0x304, hModule=0x70090000, lpmodinfo=0x2811338, cb=0xc | out: lpmodinfo=0x2811338*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0193.404] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.405] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x70090000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0193.405] CoTaskMemFree (pv=0x4eb248) [0193.405] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.405] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x70090000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0193.406] CoTaskMemFree (pv=0x4eb248) [0193.406] GetModuleInformation (in: hProcess=0x304, hModule=0x75370000, lpmodinfo=0x28134ec, cb=0xc | out: lpmodinfo=0x28134ec*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0193.407] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.407] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75370000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0193.407] CoTaskMemFree (pv=0x4eb248) [0193.408] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.408] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75370000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0193.408] CoTaskMemFree (pv=0x4eb248) [0193.409] GetModuleInformation (in: hProcess=0x304, hModule=0x73bb0000, lpmodinfo=0x28155fc, cb=0xc | out: lpmodinfo=0x28155fc*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0193.410] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.410] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73bb0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0193.411] CoTaskMemFree (pv=0x4eb248) [0193.411] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.411] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73bb0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0193.412] CoTaskMemFree (pv=0x4eb248) [0193.412] GetModuleInformation (in: hProcess=0x304, hModule=0x74aa0000, lpmodinfo=0x2817714, cb=0xc | out: lpmodinfo=0x2817714*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0193.413] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.413] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74aa0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0193.415] CoTaskMemFree (pv=0x4eb248) [0193.415] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.415] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74aa0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0193.416] CoTaskMemFree (pv=0x4eb248) [0193.416] GetModuleInformation (in: hProcess=0x304, hModule=0x722a0000, lpmodinfo=0x2819884, cb=0xc | out: lpmodinfo=0x2819884*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0193.418] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.418] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x722a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0193.419] CoTaskMemFree (pv=0x4eb248) [0193.419] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.419] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x722a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0193.420] CoTaskMemFree (pv=0x4eb248) [0193.420] GetModuleInformation (in: hProcess=0x304, hModule=0x76a50000, lpmodinfo=0x281b9d0, cb=0xc | out: lpmodinfo=0x281b9d0*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0193.421] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.421] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76a50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0193.423] CoTaskMemFree (pv=0x4eb248) [0193.423] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.423] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76a50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0193.424] CoTaskMemFree (pv=0x4eb248) [0193.424] GetModuleInformation (in: hProcess=0x304, hModule=0x6f630000, lpmodinfo=0x281daf0, cb=0xc | out: lpmodinfo=0x281daf0*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0193.426] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.426] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f630000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0193.427] CoTaskMemFree (pv=0x4eb248) [0193.427] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.427] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f630000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0193.428] CoTaskMemFree (pv=0x4eb248) [0193.428] GetModuleInformation (in: hProcess=0x304, hModule=0x720f0000, lpmodinfo=0x281fc98, cb=0xc | out: lpmodinfo=0x281fc98*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0193.430] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.430] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x720f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0193.432] CoTaskMemFree (pv=0x4eb248) [0193.432] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.432] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x720f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0193.433] CoTaskMemFree (pv=0x4eb248) [0193.433] GetModuleInformation (in: hProcess=0x304, hModule=0x6e7c0000, lpmodinfo=0x2821e70, cb=0xc | out: lpmodinfo=0x2821e70*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0193.435] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.435] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6e7c0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0193.436] CoTaskMemFree (pv=0x4eb248) [0193.437] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.437] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6e7c0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0193.438] CoTaskMemFree (pv=0x4eb248) [0193.438] GetModuleInformation (in: hProcess=0x304, hModule=0x6dfa0000, lpmodinfo=0x2824184, cb=0xc | out: lpmodinfo=0x2824184*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0193.440] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.440] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6dfa0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0193.441] CoTaskMemFree (pv=0x4eb248) [0193.441] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.442] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6dfa0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0193.444] CoTaskMemFree (pv=0x4eb248) [0193.444] GetModuleInformation (in: hProcess=0x304, hModule=0x71f00000, lpmodinfo=0x282634c, cb=0xc | out: lpmodinfo=0x282634c*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0193.445] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.445] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71f00000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0193.447] CoTaskMemFree (pv=0x4eb248) [0193.447] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.447] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71f00000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0193.449] CoTaskMemFree (pv=0x4eb248) [0193.449] GetModuleInformation (in: hProcess=0x304, hModule=0x71df0000, lpmodinfo=0x282854c, cb=0xc | out: lpmodinfo=0x282854c*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0193.450] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.450] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71df0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0193.452] CoTaskMemFree (pv=0x4eb248) [0193.452] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.452] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71df0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0193.454] CoTaskMemFree (pv=0x4eb248) [0193.454] GetModuleInformation (in: hProcess=0x304, hModule=0x6d820000, lpmodinfo=0x282a748, cb=0xc | out: lpmodinfo=0x282a748*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0193.456] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.456] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d820000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0193.457] CoTaskMemFree (pv=0x4eb248) [0193.457] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.457] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d820000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0193.460] CoTaskMemFree (pv=0x4eb248) [0193.460] GetModuleInformation (in: hProcess=0x304, hModule=0x74a80000, lpmodinfo=0x282c908, cb=0xc | out: lpmodinfo=0x282c908*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0193.461] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.461] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a80000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0193.463] CoTaskMemFree (pv=0x4eb248) [0193.463] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.463] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a80000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0193.465] CoTaskMemFree (pv=0x4eb248) [0193.465] GetModuleInformation (in: hProcess=0x304, hModule=0x75730000, lpmodinfo=0x282ea64, cb=0xc | out: lpmodinfo=0x282ea64*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0193.466] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.466] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75730000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0193.468] CoTaskMemFree (pv=0x4eb248) [0193.468] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.468] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75730000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0193.470] CoTaskMemFree (pv=0x4eb248) [0193.470] GetModuleInformation (in: hProcess=0x304, hModule=0x73d60000, lpmodinfo=0x2830b7c, cb=0xc | out: lpmodinfo=0x2830b7c*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0193.471] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.471] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73d60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0193.473] CoTaskMemFree (pv=0x4eb248) [0193.473] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.473] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73d60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0193.475] CoTaskMemFree (pv=0x4eb248) [0193.475] GetModuleInformation (in: hProcess=0x304, hModule=0x71dd0000, lpmodinfo=0x2832c94, cb=0xc | out: lpmodinfo=0x2832c94*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0193.476] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.476] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71dd0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0193.478] CoTaskMemFree (pv=0x4eb248) [0193.478] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.478] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71dd0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0193.479] CoTaskMemFree (pv=0x4eb248) [0193.479] GetModuleInformation (in: hProcess=0x304, hModule=0x73a30000, lpmodinfo=0x2834dac, cb=0xc | out: lpmodinfo=0x2834dac*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0193.481] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.481] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73a30000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0193.482] CoTaskMemFree (pv=0x4eb248) [0193.482] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.482] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73a30000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0193.484] CoTaskMemFree (pv=0x4eb248) [0193.484] GetModuleInformation (in: hProcess=0x304, hModule=0x739f0000, lpmodinfo=0x2836ec4, cb=0xc | out: lpmodinfo=0x2836ec4*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0193.485] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.485] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x739f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0193.487] CoTaskMemFree (pv=0x4eb248) [0193.487] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.487] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x739f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0193.488] CoTaskMemFree (pv=0x4eb248) [0193.488] GetModuleInformation (in: hProcess=0x304, hModule=0x754e0000, lpmodinfo=0x2838fdc, cb=0xc | out: lpmodinfo=0x2838fdc*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0193.496] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.496] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0193.497] CoTaskMemFree (pv=0x4eb248) [0193.497] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.497] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0193.499] CoTaskMemFree (pv=0x4eb248) [0193.499] GetModuleInformation (in: hProcess=0x304, hModule=0x73ae0000, lpmodinfo=0x283b0ec, cb=0xc | out: lpmodinfo=0x283b0ec*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0193.501] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.501] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ae0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0193.503] CoTaskMemFree (pv=0x4eb248) [0193.503] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.503] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ae0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0193.506] CoTaskMemFree (pv=0x4eb248) [0193.506] GetModuleInformation (in: hProcess=0x304, hModule=0x73ac0000, lpmodinfo=0x283d20c, cb=0xc | out: lpmodinfo=0x283d20c*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0193.507] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.507] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ac0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0193.509] CoTaskMemFree (pv=0x4eb248) [0193.509] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.509] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ac0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0193.511] CoTaskMemFree (pv=0x4eb248) [0193.511] GetModuleInformation (in: hProcess=0x304, hModule=0x76920000, lpmodinfo=0x283f324, cb=0xc | out: lpmodinfo=0x283f324*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0193.513] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.513] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76920000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0193.515] CoTaskMemFree (pv=0x4eb248) [0193.515] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.515] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76920000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0193.517] CoTaskMemFree (pv=0x4eb248) [0193.517] GetModuleInformation (in: hProcess=0x304, hModule=0x754d0000, lpmodinfo=0x284143c, cb=0xc | out: lpmodinfo=0x284143c*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0193.519] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.519] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754d0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0193.521] CoTaskMemFree (pv=0x4eb248) [0193.521] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.522] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754d0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0193.524] CoTaskMemFree (pv=0x4eb248) [0193.524] GetModuleInformation (in: hProcess=0x304, hModule=0x73ab0000, lpmodinfo=0x2843544, cb=0xc | out: lpmodinfo=0x2843544*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0193.525] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.525] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ab0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0193.527] CoTaskMemFree (pv=0x4eb248) [0193.527] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.527] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ab0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0193.529] CoTaskMemFree (pv=0x4eb248) [0193.529] GetModuleInformation (in: hProcess=0x304, hModule=0x73c60000, lpmodinfo=0x284565c, cb=0xc | out: lpmodinfo=0x284565c*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0193.531] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.531] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0193.533] CoTaskMemFree (pv=0x4eb248) [0193.533] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.533] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0193.535] CoTaskMemFree (pv=0x4eb248) [0193.535] GetModuleInformation (in: hProcess=0x304, hModule=0x73c50000, lpmodinfo=0x2847774, cb=0xc | out: lpmodinfo=0x2847774*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0193.537] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.537] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0193.539] CoTaskMemFree (pv=0x4eb248) [0193.539] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.539] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0193.541] CoTaskMemFree (pv=0x4eb248) [0193.541] GetModuleInformation (in: hProcess=0x304, hModule=0x73c40000, lpmodinfo=0x2849894, cb=0xc | out: lpmodinfo=0x2849894*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0193.542] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.542] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c40000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0193.544] CoTaskMemFree (pv=0x4eb248) [0193.544] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.544] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c40000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0193.546] CoTaskMemFree (pv=0x4eb248) [0193.546] GetModuleInformation (in: hProcess=0x304, hModule=0x71d70000, lpmodinfo=0x284b9ac, cb=0xc | out: lpmodinfo=0x284b9ac*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0193.548] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.548] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0193.550] CoTaskMemFree (pv=0x4eb248) [0193.550] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.550] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0193.551] CoTaskMemFree (pv=0x4eb248) [0193.551] GetModuleInformation (in: hProcess=0x304, hModule=0x71d20000, lpmodinfo=0x284dac4, cb=0xc | out: lpmodinfo=0x284dac4*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0193.553] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.553] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d20000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0193.554] CoTaskMemFree (pv=0x4eb248) [0193.554] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.554] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d20000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0193.555] CoTaskMemFree (pv=0x4eb248) [0193.556] GetModuleInformation (in: hProcess=0x304, hModule=0x71d10000, lpmodinfo=0x284fbd4, cb=0xc | out: lpmodinfo=0x284fbd4*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0193.557] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.557] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d10000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0193.559] CoTaskMemFree (pv=0x4eb248) [0193.559] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.559] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d10000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0193.560] CoTaskMemFree (pv=0x4eb248) [0193.560] GetModuleInformation (in: hProcess=0x304, hModule=0x73cc0000, lpmodinfo=0x2851cec, cb=0xc | out: lpmodinfo=0x2851cec*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0193.562] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.562] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73cc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0193.563] CoTaskMemFree (pv=0x4eb248) [0193.563] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.563] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73cc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0193.565] CoTaskMemFree (pv=0x4eb248) [0193.565] GetModuleInformation (in: hProcess=0x304, hModule=0x73cb0000, lpmodinfo=0x2853e0c, cb=0xc | out: lpmodinfo=0x2853e0c*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0193.567] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.567] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73cb0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0193.570] CoTaskMemFree (pv=0x4eb248) [0193.570] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.570] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73cb0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0193.572] CoTaskMemFree (pv=0x4eb248) [0193.572] GetModuleInformation (in: hProcess=0x304, hModule=0x71d00000, lpmodinfo=0x2855f24, cb=0xc | out: lpmodinfo=0x2855f24*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0193.574] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.574] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d00000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0193.575] CoTaskMemFree (pv=0x4eb248) [0193.575] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.575] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d00000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0193.577] CoTaskMemFree (pv=0x4eb248) [0193.577] GetModuleInformation (in: hProcess=0x304, hModule=0x71ce0000, lpmodinfo=0x2858050, cb=0xc | out: lpmodinfo=0x2858050*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0193.579] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.579] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71ce0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0193.580] CoTaskMemFree (pv=0x4eb248) [0193.580] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.580] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71ce0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0193.582] CoTaskMemFree (pv=0x4eb248) [0193.582] GetModuleInformation (in: hProcess=0x304, hModule=0x73b60000, lpmodinfo=0x285a170, cb=0xc | out: lpmodinfo=0x285a170*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0193.585] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.585] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73b60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0193.586] CoTaskMemFree (pv=0x4eb248) [0193.587] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.587] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73b60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0193.589] CoTaskMemFree (pv=0x4eb248) [0193.589] GetModuleInformation (in: hProcess=0x304, hModule=0x73ce0000, lpmodinfo=0x285c298, cb=0xc | out: lpmodinfo=0x285c298*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0193.591] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.591] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ce0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0193.593] CoTaskMemFree (pv=0x4eb248) [0193.593] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.593] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ce0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0193.595] CoTaskMemFree (pv=0x4eb248) [0193.595] GetModuleInformation (in: hProcess=0x304, hModule=0x73c30000, lpmodinfo=0x285e3b0, cb=0xc | out: lpmodinfo=0x285e3b0*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0193.597] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.597] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c30000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0193.599] CoTaskMemFree (pv=0x4eb248) [0193.599] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.599] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c30000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0193.601] CoTaskMemFree (pv=0x4eb248) [0193.601] GetModuleInformation (in: hProcess=0x304, hModule=0x73b70000, lpmodinfo=0x28604d0, cb=0xc | out: lpmodinfo=0x28604d0*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0193.603] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.603] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73b70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0193.605] CoTaskMemFree (pv=0x4eb248) [0193.605] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.605] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73b70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0193.607] CoTaskMemFree (pv=0x4eb248) [0193.607] GetModuleInformation (in: hProcess=0x304, hModule=0x71cd0000, lpmodinfo=0x28625f0, cb=0xc | out: lpmodinfo=0x28625f0*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0193.609] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.609] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71cd0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0193.611] CoTaskMemFree (pv=0x4eb248) [0193.611] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.611] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71cd0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0193.614] CoTaskMemFree (pv=0x4eb248) [0193.614] GetModuleInformation (in: hProcess=0x304, hModule=0x71c90000, lpmodinfo=0x2864708, cb=0xc | out: lpmodinfo=0x2864708*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0193.616] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.616] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71c90000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0193.618] CoTaskMemFree (pv=0x4eb248) [0193.618] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.618] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71c90000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0193.621] CoTaskMemFree (pv=0x4eb248) [0193.621] GetModuleInformation (in: hProcess=0x304, hModule=0x754f0000, lpmodinfo=0x2866a34, cb=0xc | out: lpmodinfo=0x2866a34*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0193.623] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.623] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0193.625] CoTaskMemFree (pv=0x4eb248) [0193.625] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.625] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0193.627] CoTaskMemFree (pv=0x4eb248) [0193.628] GetModuleInformation (in: hProcess=0x304, hModule=0x74d50000, lpmodinfo=0x2868b4c, cb=0xc | out: lpmodinfo=0x2868b4c*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0193.630] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.630] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74d50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0193.634] CoTaskMemFree (pv=0x4eb248) [0193.634] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.634] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74d50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0193.636] CoTaskMemFree (pv=0x4eb248) [0193.636] GetModuleInformation (in: hProcess=0x304, hModule=0x71c50000, lpmodinfo=0x286ac64, cb=0xc | out: lpmodinfo=0x286ac64*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0193.638] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.638] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71c50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0193.640] CoTaskMemFree (pv=0x4eb248) [0193.640] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.640] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71c50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0193.642] CoTaskMemFree (pv=0x4eb248) [0193.642] GetModuleInformation (in: hProcess=0x304, hModule=0x6d7a0000, lpmodinfo=0x286cd7c, cb=0xc | out: lpmodinfo=0x286cd7c*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0193.644] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.644] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d7a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0193.646] CoTaskMemFree (pv=0x4eb248) [0193.646] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.646] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d7a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0193.649] CoTaskMemFree (pv=0x4eb248) [0193.649] GetModuleInformation (in: hProcess=0x304, hModule=0x6d800000, lpmodinfo=0x286eebc, cb=0xc | out: lpmodinfo=0x286eebc*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0193.651] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.651] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d800000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0193.653] CoTaskMemFree (pv=0x4eb248) [0193.653] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.653] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d800000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0193.656] CoTaskMemFree (pv=0x4eb248) [0193.656] GetModuleInformation (in: hProcess=0x304, hModule=0x6d7e0000, lpmodinfo=0x2870fd4, cb=0xc | out: lpmodinfo=0x2870fd4*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0193.658] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.658] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d7e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0193.660] CoTaskMemFree (pv=0x4eb248) [0193.660] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.661] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d7e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0193.662] CoTaskMemFree (pv=0x4eb248) [0193.662] GetModuleInformation (in: hProcess=0x304, hModule=0x6d680000, lpmodinfo=0x28730e4, cb=0xc | out: lpmodinfo=0x28730e4*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0193.664] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.664] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d680000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0193.666] CoTaskMemFree (pv=0x4eb248) [0193.666] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.666] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d680000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0193.668] CoTaskMemFree (pv=0x4eb248) [0193.668] GetModuleInformation (in: hProcess=0x304, hModule=0x6d4f0000, lpmodinfo=0x28752b8, cb=0xc | out: lpmodinfo=0x28752b8*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0193.671] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.671] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d4f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0193.673] CoTaskMemFree (pv=0x4eb248) [0193.673] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.673] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d4f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0193.676] CoTaskMemFree (pv=0x4eb248) [0193.676] GetModuleInformation (in: hProcess=0x304, hModule=0x6d3f0000, lpmodinfo=0x2877474, cb=0xc | out: lpmodinfo=0x2877474*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0193.688] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.688] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d3f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0193.692] CoTaskMemFree (pv=0x4eb248) [0193.692] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.692] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d3f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0193.694] CoTaskMemFree (pv=0x4eb248) [0193.694] GetModuleInformation (in: hProcess=0x304, hModule=0x6c620000, lpmodinfo=0x28795a4, cb=0xc | out: lpmodinfo=0x28795a4*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0193.696] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.697] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6c620000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0193.699] CoTaskMemFree (pv=0x4eb248) [0193.699] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.699] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6c620000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0193.701] CoTaskMemFree (pv=0x4eb248) [0193.701] CloseHandle (hObject=0x304) returned 1 [0193.702] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0193.702] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0193.703] lstrlenA (lpString="ActivateActCtx") returned 14 [0193.703] lstrlenA (lpString="AddAtomA") returned 8 [0193.703] lstrlenA (lpString="AddAtomW") returned 8 [0193.703] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0193.703] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0193.703] lstrlenA (lpString="AddDllDirectory") returned 15 [0193.703] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0193.704] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0193.704] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0193.704] lstrlenA (lpString="AddRefActCtx") returned 12 [0193.704] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0193.704] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0193.704] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0193.704] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0193.705] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0193.705] lstrlenA (lpString="AllocConsole") returned 12 [0193.705] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0193.705] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0193.705] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0193.705] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0193.705] lstrlenA (lpString="AreFileApisANSI") returned 15 [0193.706] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0193.706] lstrlenA (lpString="AttachConsole") returned 13 [0193.706] lstrlenA (lpString="BackupRead") returned 10 [0193.706] lstrlenA (lpString="BackupSeek") returned 10 [0193.706] lstrlenA (lpString="BackupWrite") returned 11 [0193.706] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0193.706] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0193.707] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0193.707] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0193.707] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0193.707] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0193.707] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0193.707] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0193.707] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0193.707] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0193.708] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0193.708] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0193.708] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0193.708] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0193.708] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0193.708] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0193.708] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0193.708] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0193.709] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0193.709] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0193.709] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0193.709] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0193.709] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0193.709] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0193.709] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0193.709] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0193.710] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0193.710] lstrlenA (lpString="Beep") returned 4 [0193.710] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0193.710] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0193.710] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0193.710] lstrlenA (lpString="BuildCommDCBA") returned 13 [0193.710] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0193.710] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0193.711] lstrlenA (lpString="BuildCommDCBW") returned 13 [0193.711] lstrlenA (lpString="CallNamedPipeA") returned 14 [0193.711] lstrlenA (lpString="CallNamedPipeW") returned 14 [0193.711] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0193.711] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0193.711] lstrlenA (lpString="CancelIo") returned 8 [0193.711] lstrlenA (lpString="CancelIoEx") returned 10 [0193.711] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0193.712] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0193.712] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0193.712] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0193.712] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0193.712] lstrlenA (lpString="CheckElevation") returned 14 [0193.712] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0193.712] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0193.712] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0193.713] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0193.713] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0193.713] lstrlenA (lpString="ClearCommBreak") returned 14 [0193.713] lstrlenA (lpString="ClearCommError") returned 14 [0193.713] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0193.713] lstrlenA (lpString="CloseHandle") returned 11 [0193.713] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0193.714] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0193.714] lstrlenA (lpString="CloseThreadpool") returned 15 [0193.714] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0193.714] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0193.714] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0193.714] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0193.715] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0193.715] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0193.715] lstrlenA (lpString="CmdBatNotification") returned 18 [0193.715] lstrlenA (lpString="CommConfigDialogA") returned 17 [0193.715] lstrlenA (lpString="CommConfigDialogW") returned 17 [0193.715] lstrlenA (lpString="CompareCalendarDates") returned 20 [0193.716] lstrlenA (lpString="CompareFileTime") returned 15 [0193.716] lstrlenA (lpString="CompareStringA") returned 14 [0193.716] lstrlenA (lpString="CompareStringEx") returned 15 [0193.716] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0193.716] lstrlenA (lpString="CompareStringW") returned 14 [0193.716] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0193.717] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0193.717] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0193.717] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0193.717] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0193.717] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0193.717] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0193.717] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0193.718] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0193.718] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0193.718] lstrlenA (lpString="CopyContext") returned 11 [0193.718] lstrlenA (lpString="CopyFileA") returned 9 [0193.718] lstrlenA (lpString="CopyFileExA") returned 11 [0193.719] lstrlenA (lpString="CopyFileExW") returned 11 [0193.719] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0193.719] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0193.719] lstrlenA (lpString="CopyFileW") returned 9 [0193.719] lstrlenA (lpString="CopyLZFile") returned 10 [0193.720] lstrlenA (lpString="CreateActCtxA") returned 13 [0193.720] lstrlenA (lpString="CreateActCtxW") returned 13 [0193.720] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0193.720] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0193.720] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0193.720] lstrlenA (lpString="CreateDirectoryA") returned 16 [0193.720] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0193.720] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0193.721] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0193.721] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0193.721] lstrlenA (lpString="CreateDirectoryW") returned 16 [0193.721] lstrlenA (lpString="CreateEventA") returned 12 [0193.721] lstrlenA (lpString="CreateEventExA") returned 14 [0193.721] lstrlenA (lpString="CreateEventExW") returned 14 [0193.721] lstrlenA (lpString="CreateEventW") returned 12 [0193.721] lstrlenA (lpString="CreateFiber") returned 11 [0193.721] lstrlenA (lpString="CreateFiberEx") returned 13 [0193.721] lstrlenA (lpString="CreateFileA") returned 11 [0193.722] lstrlenA (lpString="CreateFileMappingA") returned 18 [0193.722] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0193.722] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0193.722] lstrlenA (lpString="CreateFileMappingW") returned 18 [0193.722] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0193.722] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0193.722] lstrlenA (lpString="CreateFileW") returned 11 [0193.722] lstrlenA (lpString="CreateHardLinkA") returned 15 [0193.722] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0193.723] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0193.723] lstrlenA (lpString="CreateHardLinkW") returned 15 [0193.723] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0193.723] lstrlenA (lpString="CreateJobObjectA") returned 16 [0193.723] lstrlenA (lpString="CreateJobObjectW") returned 16 [0193.723] lstrlenA (lpString="CreateJobSet") returned 12 [0193.723] lstrlenA (lpString="CreateMailslotA") returned 15 [0193.724] lstrlenA (lpString="CreateMailslotW") returned 15 [0193.724] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0193.724] lstrlenA (lpString="CreateMutexA") returned 12 [0193.724] lstrlenA (lpString="CreateMutexExA") returned 14 [0193.724] lstrlenA (lpString="CreateMutexExW") returned 14 [0193.724] lstrlenA (lpString="CreateMutexW") returned 12 [0193.725] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0193.725] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0193.725] lstrlenA (lpString="CreatePipe") returned 10 [0193.725] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0193.725] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0193.725] lstrlenA (lpString="CreateProcessA") returned 14 [0193.725] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0193.725] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0193.725] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0193.725] lstrlenA (lpString="CreateProcessW") returned 14 [0193.726] lstrlenA (lpString="CreateRemoteThread") returned 18 [0193.726] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0193.726] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0193.726] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0193.726] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0193.726] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0193.726] lstrlenA (lpString="CreateSocketHandle") returned 18 [0193.726] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0193.726] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0193.726] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0193.727] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0193.727] lstrlenA (lpString="CreateTapePartition") returned 19 [0193.727] lstrlenA (lpString="CreateThread") returned 12 [0193.727] lstrlenA (lpString="CreateThreadpool") returned 16 [0193.727] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0193.727] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0193.727] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0193.727] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0193.727] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0193.727] lstrlenA (lpString="CreateTimerQueue") returned 16 [0193.727] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0193.727] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0193.728] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0193.728] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0193.728] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0193.728] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0193.728] lstrlenA (lpString="CtrlRoutine") returned 11 [0193.728] lstrlenA (lpString="DeactivateActCtx") returned 16 [0193.728] lstrlenA (lpString="DebugActiveProcess") returned 18 [0193.728] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0193.728] lstrlenA (lpString="DebugBreak") returned 10 [0193.728] lstrlenA (lpString="DebugBreakProcess") returned 17 [0193.728] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0193.729] lstrlenA (lpString="DecodePointer") returned 13 [0193.729] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0193.729] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0193.729] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0193.729] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0193.729] lstrlenA (lpString="DeleteAtom") returned 10 [0193.729] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0193.729] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0193.729] lstrlenA (lpString="DeleteFiber") returned 11 [0193.729] lstrlenA (lpString="DeleteFileA") returned 11 [0193.729] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0193.729] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0193.730] lstrlenA (lpString="DeleteFileW") returned 11 [0193.730] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0193.730] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0193.730] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0193.730] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0193.730] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0193.730] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0193.730] lstrlenA (lpString="DeviceIoControl") returned 15 [0193.730] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0193.730] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0193.730] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0193.730] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0193.731] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0193.731] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0193.731] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0193.731] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0193.731] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0193.731] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0193.731] lstrlenA (lpString="DuplicateHandle") returned 15 [0193.731] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0193.731] lstrlenA (lpString="EncodePointer") returned 13 [0193.731] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0193.731] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0193.731] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0193.732] lstrlenA (lpString="EnterCriticalSection") returned 20 [0193.732] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0193.732] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0193.732] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0193.732] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0193.732] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0193.732] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0193.732] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0193.732] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0193.732] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0193.734] VirtualProtectEx (in: hProcess=0x638, lpAddress=0x400000, dwSize=0x3a000, flNewProtect=0x40, lpflOldProtect=0x288cd34 | out: lpflOldProtect=0x288cd34*=0x1) returned 1 [0193.864] EnumProcessModules (in: hProcess=0x304, lphModule=0x28943f0, cb=0x100, lpcbNeeded=0x3cc760 | out: lphModule=0x28943f0, lpcbNeeded=0x3cc760) returned 1 [0193.866] EnumProcessModules (in: hProcess=0x304, lphModule=0x28944fc, cb=0x200, lpcbNeeded=0x3cc760 | out: lphModule=0x28944fc, lpcbNeeded=0x3cc760) returned 1 [0193.867] GetModuleInformation (in: hProcess=0x304, hModule=0x11e0000, lpmodinfo=0x289473c, cb=0xc | out: lpmodinfo=0x289473c*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0193.868] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.868] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x11e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0193.868] CoTaskMemFree (pv=0x4eb248) [0193.868] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.868] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x11e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0193.868] CoTaskMemFree (pv=0x4eb248) [0193.868] GetModuleInformation (in: hProcess=0x304, hModule=0x77150000, lpmodinfo=0x2896894, cb=0xc | out: lpmodinfo=0x2896894*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0193.869] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.869] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x77150000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0193.869] CoTaskMemFree (pv=0x4eb248) [0193.869] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.869] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x77150000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0193.870] CoTaskMemFree (pv=0x4eb248) [0193.870] GetModuleInformation (in: hProcess=0x304, hModule=0x74b40000, lpmodinfo=0x28989a4, cb=0xc | out: lpmodinfo=0x28989a4*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0193.870] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.870] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74b40000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0193.871] CoTaskMemFree (pv=0x4eb248) [0193.871] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.871] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74b40000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0193.871] CoTaskMemFree (pv=0x4eb248) [0193.871] GetModuleInformation (in: hProcess=0x304, hModule=0x75620000, lpmodinfo=0x289aabc, cb=0xc | out: lpmodinfo=0x289aabc*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0193.871] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.871] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75620000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0193.872] CoTaskMemFree (pv=0x4eb248) [0193.872] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.872] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75620000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0193.872] CoTaskMemFree (pv=0x4eb248) [0193.872] GetModuleInformation (in: hProcess=0x304, hModule=0x74dc0000, lpmodinfo=0x289cbdc, cb=0xc | out: lpmodinfo=0x289cbdc*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0193.873] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.873] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74dc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0193.873] CoTaskMemFree (pv=0x4eb248) [0193.873] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.873] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74dc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0193.874] CoTaskMemFree (pv=0x4eb248) [0193.874] GetModuleInformation (in: hProcess=0x304, hModule=0x767e0000, lpmodinfo=0x289ed30, cb=0xc | out: lpmodinfo=0x289ed30*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0193.874] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.874] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x767e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0193.875] CoTaskMemFree (pv=0x4eb248) [0193.875] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.875] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x767e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0193.875] CoTaskMemFree (pv=0x4eb248) [0193.875] GetModuleInformation (in: hProcess=0x304, hModule=0x752c0000, lpmodinfo=0x28a0e50, cb=0xc | out: lpmodinfo=0x28a0e50*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0193.876] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.876] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x752c0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0193.876] CoTaskMemFree (pv=0x4eb248) [0193.876] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.877] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x752c0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0193.877] CoTaskMemFree (pv=0x4eb248) [0193.877] GetModuleInformation (in: hProcess=0x304, hModule=0x74e10000, lpmodinfo=0x28a2f68, cb=0xc | out: lpmodinfo=0x28a2f68*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0193.878] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.878] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74e10000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0193.878] CoTaskMemFree (pv=0x4eb248) [0193.878] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.878] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74e10000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0193.879] CoTaskMemFree (pv=0x4eb248) [0193.879] GetModuleInformation (in: hProcess=0x304, hModule=0x76450000, lpmodinfo=0x28a5080, cb=0xc | out: lpmodinfo=0x28a5080*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0193.880] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.880] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76450000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0193.881] CoTaskMemFree (pv=0x4eb248) [0193.881] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.881] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76450000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0193.882] CoTaskMemFree (pv=0x4eb248) [0193.882] GetModuleInformation (in: hProcess=0x304, hModule=0x74ca0000, lpmodinfo=0x28a71e4, cb=0xc | out: lpmodinfo=0x28a71e4*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0193.882] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.882] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ca0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0193.883] CoTaskMemFree (pv=0x4eb248) [0193.883] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.883] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ca0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0193.883] CoTaskMemFree (pv=0x4eb248) [0193.884] GetModuleInformation (in: hProcess=0x304, hModule=0x74c90000, lpmodinfo=0x28a92fc, cb=0xc | out: lpmodinfo=0x28a92fc*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0193.884] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.884] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74c90000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0193.885] CoTaskMemFree (pv=0x4eb248) [0193.885] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.885] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74c90000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0193.886] CoTaskMemFree (pv=0x4eb248) [0193.886] GetModuleInformation (in: hProcess=0x304, hModule=0x74ab0000, lpmodinfo=0x28ab41c, cb=0xc | out: lpmodinfo=0x28ab41c*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0193.886] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.886] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ab0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0193.887] CoTaskMemFree (pv=0x4eb248) [0193.887] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.887] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ab0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0193.888] CoTaskMemFree (pv=0x4eb248) [0193.888] GetModuleInformation (in: hProcess=0x304, hModule=0x72cc0000, lpmodinfo=0x28ad570, cb=0xc | out: lpmodinfo=0x28ad570*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0193.888] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.888] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x72cc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0193.889] CoTaskMemFree (pv=0x4eb248) [0193.889] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.889] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x72cc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0193.890] CoTaskMemFree (pv=0x4eb248) [0193.890] GetModuleInformation (in: hProcess=0x304, hModule=0x76540000, lpmodinfo=0x28af6e0, cb=0xc | out: lpmodinfo=0x28af6e0*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0193.890] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.890] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76540000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0193.891] CoTaskMemFree (pv=0x4eb248) [0193.891] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.891] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76540000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0193.891] CoTaskMemFree (pv=0x4eb248) [0193.891] GetModuleInformation (in: hProcess=0x304, hModule=0x76ae0000, lpmodinfo=0x28b17f8, cb=0xc | out: lpmodinfo=0x28b17f8*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0193.892] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.892] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76ae0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0193.893] CoTaskMemFree (pv=0x4eb248) [0193.893] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.893] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76ae0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0193.894] CoTaskMemFree (pv=0x4eb248) [0193.894] GetModuleInformation (in: hProcess=0x304, hModule=0x74f70000, lpmodinfo=0x28b3908, cb=0xc | out: lpmodinfo=0x28b3908*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0193.894] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.894] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74f70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0193.895] CoTaskMemFree (pv=0x4eb248) [0193.895] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.895] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74f70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0193.896] CoTaskMemFree (pv=0x4eb248) [0193.896] GetModuleInformation (in: hProcess=0x304, hModule=0x77120000, lpmodinfo=0x28b5a20, cb=0xc | out: lpmodinfo=0x28b5a20*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0193.896] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.896] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x77120000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0193.897] CoTaskMemFree (pv=0x4eb248) [0193.897] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.897] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x77120000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0193.898] CoTaskMemFree (pv=0x4eb248) [0193.898] GetModuleInformation (in: hProcess=0x304, hModule=0x76740000, lpmodinfo=0x28b7bb4, cb=0xc | out: lpmodinfo=0x28b7bb4*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0193.898] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.898] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76740000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0193.899] CoTaskMemFree (pv=0x4eb248) [0193.899] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.899] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76740000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0193.900] CoTaskMemFree (pv=0x4eb248) [0193.900] GetModuleInformation (in: hProcess=0x304, hModule=0x769f0000, lpmodinfo=0x28b9cc4, cb=0xc | out: lpmodinfo=0x28b9cc4*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0193.900] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.900] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x769f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0193.901] CoTaskMemFree (pv=0x4eb248) [0193.901] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.901] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x769f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0193.902] CoTaskMemFree (pv=0x4eb248) [0193.902] GetModuleInformation (in: hProcess=0x304, hModule=0x76380000, lpmodinfo=0x28bbdd4, cb=0xc | out: lpmodinfo=0x28bbdd4*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0193.902] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.902] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76380000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0193.903] CoTaskMemFree (pv=0x4eb248) [0193.903] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.903] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76380000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0193.904] CoTaskMemFree (pv=0x4eb248) [0193.904] GetModuleInformation (in: hProcess=0x304, hModule=0x73ca0000, lpmodinfo=0x28bdee4, cb=0xc | out: lpmodinfo=0x28bdee4*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0193.905] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.905] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ca0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0193.905] CoTaskMemFree (pv=0x4eb248) [0193.905] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.905] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ca0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0193.906] CoTaskMemFree (pv=0x4eb248) [0193.906] GetModuleInformation (in: hProcess=0x304, hModule=0x714a0000, lpmodinfo=0x28c0008, cb=0xc | out: lpmodinfo=0x28c0008*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0193.907] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.907] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x714a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0193.908] CoTaskMemFree (pv=0x4eb248) [0193.908] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.908] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x714a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0193.908] CoTaskMemFree (pv=0x4eb248) [0193.908] GetModuleInformation (in: hProcess=0x304, hModule=0x723e0000, lpmodinfo=0x28c2144, cb=0xc | out: lpmodinfo=0x28c2144*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0193.909] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.909] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x723e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0193.910] CoTaskMemFree (pv=0x4eb248) [0193.910] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.910] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x723e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0193.911] CoTaskMemFree (pv=0x4eb248) [0193.911] GetModuleInformation (in: hProcess=0x304, hModule=0x72330000, lpmodinfo=0x28c4294, cb=0xc | out: lpmodinfo=0x28c4294*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0193.912] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.912] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x72330000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0193.913] CoTaskMemFree (pv=0x4eb248) [0193.913] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.913] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x72330000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0193.914] CoTaskMemFree (pv=0x4eb248) [0193.914] GetModuleInformation (in: hProcess=0x304, hModule=0x70090000, lpmodinfo=0x28c63d4, cb=0xc | out: lpmodinfo=0x28c63d4*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0193.915] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.915] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x70090000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0193.916] CoTaskMemFree (pv=0x4eb248) [0193.916] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.916] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x70090000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0193.917] CoTaskMemFree (pv=0x4eb248) [0193.917] GetModuleInformation (in: hProcess=0x304, hModule=0x75370000, lpmodinfo=0x28c8588, cb=0xc | out: lpmodinfo=0x28c8588*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0193.918] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.918] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75370000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0193.919] CoTaskMemFree (pv=0x4eb248) [0193.919] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.919] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75370000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0193.921] CoTaskMemFree (pv=0x4eb248) [0193.921] GetModuleInformation (in: hProcess=0x304, hModule=0x73bb0000, lpmodinfo=0x28ca698, cb=0xc | out: lpmodinfo=0x28ca698*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0193.921] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.921] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73bb0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0193.923] CoTaskMemFree (pv=0x4eb248) [0193.923] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.923] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73bb0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0193.924] CoTaskMemFree (pv=0x4eb248) [0193.924] GetModuleInformation (in: hProcess=0x304, hModule=0x74aa0000, lpmodinfo=0x28cc7b0, cb=0xc | out: lpmodinfo=0x28cc7b0*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0193.925] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.925] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74aa0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0193.927] CoTaskMemFree (pv=0x4eb248) [0193.927] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.927] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74aa0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0193.928] CoTaskMemFree (pv=0x4eb248) [0193.928] GetModuleInformation (in: hProcess=0x304, hModule=0x722a0000, lpmodinfo=0x28ce920, cb=0xc | out: lpmodinfo=0x28ce920*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0193.929] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.929] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x722a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0193.930] CoTaskMemFree (pv=0x4eb248) [0193.930] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.930] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x722a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0193.931] CoTaskMemFree (pv=0x4eb248) [0193.931] GetModuleInformation (in: hProcess=0x304, hModule=0x76a50000, lpmodinfo=0x28d0a6c, cb=0xc | out: lpmodinfo=0x28d0a6c*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0193.932] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.932] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76a50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0193.933] CoTaskMemFree (pv=0x4eb248) [0193.933] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.933] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76a50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0193.935] CoTaskMemFree (pv=0x4eb248) [0193.935] GetModuleInformation (in: hProcess=0x304, hModule=0x6f630000, lpmodinfo=0x28d2b8c, cb=0xc | out: lpmodinfo=0x28d2b8c*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0193.936] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.936] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f630000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0193.937] CoTaskMemFree (pv=0x4eb248) [0193.937] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.937] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f630000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0193.938] CoTaskMemFree (pv=0x4eb248) [0193.939] GetModuleInformation (in: hProcess=0x304, hModule=0x720f0000, lpmodinfo=0x28d4d34, cb=0xc | out: lpmodinfo=0x28d4d34*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0193.940] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.940] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x720f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0193.941] CoTaskMemFree (pv=0x4eb248) [0193.941] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.941] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x720f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0193.943] CoTaskMemFree (pv=0x4eb248) [0193.943] GetModuleInformation (in: hProcess=0x304, hModule=0x6e7c0000, lpmodinfo=0x28d6f0c, cb=0xc | out: lpmodinfo=0x28d6f0c*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0193.944] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.944] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6e7c0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0193.945] CoTaskMemFree (pv=0x4eb248) [0193.945] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.946] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6e7c0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0193.947] CoTaskMemFree (pv=0x4eb248) [0193.947] GetModuleInformation (in: hProcess=0x304, hModule=0x6dfa0000, lpmodinfo=0x28d9214, cb=0xc | out: lpmodinfo=0x28d9214*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0193.948] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.948] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6dfa0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0193.949] CoTaskMemFree (pv=0x4eb248) [0193.949] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.949] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6dfa0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0193.951] CoTaskMemFree (pv=0x4eb248) [0193.951] GetModuleInformation (in: hProcess=0x304, hModule=0x71f00000, lpmodinfo=0x28db3dc, cb=0xc | out: lpmodinfo=0x28db3dc*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0193.952] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.952] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71f00000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0193.953] CoTaskMemFree (pv=0x4eb248) [0193.953] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.953] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71f00000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0193.955] CoTaskMemFree (pv=0x4eb248) [0193.955] GetModuleInformation (in: hProcess=0x304, hModule=0x71df0000, lpmodinfo=0x28dd5dc, cb=0xc | out: lpmodinfo=0x28dd5dc*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0193.956] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.956] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71df0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0193.958] CoTaskMemFree (pv=0x4eb248) [0193.958] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.958] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71df0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0193.959] CoTaskMemFree (pv=0x4eb248) [0193.959] GetModuleInformation (in: hProcess=0x304, hModule=0x6d820000, lpmodinfo=0x28df7d8, cb=0xc | out: lpmodinfo=0x28df7d8*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0193.960] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.960] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d820000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0193.961] CoTaskMemFree (pv=0x4eb248) [0193.961] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.961] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d820000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0193.963] CoTaskMemFree (pv=0x4eb248) [0193.963] GetModuleInformation (in: hProcess=0x304, hModule=0x74a80000, lpmodinfo=0x28e1998, cb=0xc | out: lpmodinfo=0x28e1998*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0193.964] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.965] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a80000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0193.966] CoTaskMemFree (pv=0x4eb248) [0193.966] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.966] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a80000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0193.968] CoTaskMemFree (pv=0x4eb248) [0193.968] GetModuleInformation (in: hProcess=0x304, hModule=0x75730000, lpmodinfo=0x28e3af4, cb=0xc | out: lpmodinfo=0x28e3af4*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0193.970] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.970] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75730000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0193.971] CoTaskMemFree (pv=0x4eb248) [0193.971] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.971] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75730000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0193.973] CoTaskMemFree (pv=0x4eb248) [0193.973] GetModuleInformation (in: hProcess=0x304, hModule=0x73d60000, lpmodinfo=0x28e5c0c, cb=0xc | out: lpmodinfo=0x28e5c0c*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0193.975] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.975] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73d60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0193.976] CoTaskMemFree (pv=0x4eb248) [0193.976] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.976] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73d60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0193.977] CoTaskMemFree (pv=0x4eb248) [0193.977] GetModuleInformation (in: hProcess=0x304, hModule=0x71dd0000, lpmodinfo=0x28e7d24, cb=0xc | out: lpmodinfo=0x28e7d24*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0193.978] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.978] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71dd0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0193.979] CoTaskMemFree (pv=0x4eb248) [0193.979] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.980] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71dd0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0193.981] CoTaskMemFree (pv=0x4eb248) [0193.981] GetModuleInformation (in: hProcess=0x304, hModule=0x73a30000, lpmodinfo=0x28e9e3c, cb=0xc | out: lpmodinfo=0x28e9e3c*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0193.982] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.982] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73a30000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0193.983] CoTaskMemFree (pv=0x4eb248) [0193.984] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.984] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73a30000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0193.985] CoTaskMemFree (pv=0x4eb248) [0193.985] GetModuleInformation (in: hProcess=0x304, hModule=0x739f0000, lpmodinfo=0x28ebf54, cb=0xc | out: lpmodinfo=0x28ebf54*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0193.986] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.986] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x739f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0193.987] CoTaskMemFree (pv=0x4eb248) [0193.987] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.987] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x739f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0193.988] CoTaskMemFree (pv=0x4eb248) [0193.988] GetModuleInformation (in: hProcess=0x304, hModule=0x754e0000, lpmodinfo=0x28ee078, cb=0xc | out: lpmodinfo=0x28ee078*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0193.989] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.989] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0193.990] CoTaskMemFree (pv=0x4eb248) [0193.990] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.990] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0193.991] CoTaskMemFree (pv=0x4eb248) [0193.991] GetModuleInformation (in: hProcess=0x304, hModule=0x73ae0000, lpmodinfo=0x28f0188, cb=0xc | out: lpmodinfo=0x28f0188*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0193.992] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.992] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ae0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0193.993] CoTaskMemFree (pv=0x4eb248) [0193.993] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.993] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ae0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0193.994] CoTaskMemFree (pv=0x4eb248) [0193.994] GetModuleInformation (in: hProcess=0x304, hModule=0x73ac0000, lpmodinfo=0x28f22a8, cb=0xc | out: lpmodinfo=0x28f22a8*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0193.995] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.995] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ac0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0193.996] CoTaskMemFree (pv=0x4eb248) [0193.996] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.996] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ac0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0193.997] CoTaskMemFree (pv=0x4eb248) [0193.997] GetModuleInformation (in: hProcess=0x304, hModule=0x76920000, lpmodinfo=0x28f43c0, cb=0xc | out: lpmodinfo=0x28f43c0*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0193.998] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0193.998] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76920000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0194.000] CoTaskMemFree (pv=0x4eb248) [0194.000] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.000] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76920000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0194.001] CoTaskMemFree (pv=0x4eb248) [0194.001] GetModuleInformation (in: hProcess=0x304, hModule=0x754d0000, lpmodinfo=0x28f64d8, cb=0xc | out: lpmodinfo=0x28f64d8*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0194.002] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.002] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754d0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0194.003] CoTaskMemFree (pv=0x4eb248) [0194.004] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.004] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754d0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0194.006] CoTaskMemFree (pv=0x4eb248) [0194.006] GetModuleInformation (in: hProcess=0x304, hModule=0x73ab0000, lpmodinfo=0x28f85e0, cb=0xc | out: lpmodinfo=0x28f85e0*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0194.007] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.007] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ab0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0194.008] CoTaskMemFree (pv=0x4eb248) [0194.008] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.008] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ab0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0194.009] CoTaskMemFree (pv=0x4eb248) [0194.009] GetModuleInformation (in: hProcess=0x304, hModule=0x73c60000, lpmodinfo=0x28fa6f8, cb=0xc | out: lpmodinfo=0x28fa6f8*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0194.010] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.010] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0194.012] CoTaskMemFree (pv=0x4eb248) [0194.012] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.012] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0194.013] CoTaskMemFree (pv=0x4eb248) [0194.013] GetModuleInformation (in: hProcess=0x304, hModule=0x73c50000, lpmodinfo=0x28fc810, cb=0xc | out: lpmodinfo=0x28fc810*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0194.014] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.014] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0194.016] CoTaskMemFree (pv=0x4eb248) [0194.016] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.016] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0194.018] CoTaskMemFree (pv=0x4eb248) [0194.018] GetModuleInformation (in: hProcess=0x304, hModule=0x73c40000, lpmodinfo=0x28fe930, cb=0xc | out: lpmodinfo=0x28fe930*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0194.020] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.020] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c40000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0194.021] CoTaskMemFree (pv=0x4eb248) [0194.021] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.021] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c40000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0194.023] CoTaskMemFree (pv=0x4eb248) [0194.023] GetModuleInformation (in: hProcess=0x304, hModule=0x71d70000, lpmodinfo=0x2900a48, cb=0xc | out: lpmodinfo=0x2900a48*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0194.025] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.025] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0194.027] CoTaskMemFree (pv=0x4eb248) [0194.027] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.027] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0194.029] CoTaskMemFree (pv=0x4eb248) [0194.029] GetModuleInformation (in: hProcess=0x304, hModule=0x71d20000, lpmodinfo=0x2902b60, cb=0xc | out: lpmodinfo=0x2902b60*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0194.030] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.030] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d20000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0194.031] CoTaskMemFree (pv=0x4eb248) [0194.031] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.031] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d20000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0194.033] CoTaskMemFree (pv=0x4eb248) [0194.033] GetModuleInformation (in: hProcess=0x304, hModule=0x71d10000, lpmodinfo=0x2904c70, cb=0xc | out: lpmodinfo=0x2904c70*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0194.034] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.034] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d10000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0194.035] CoTaskMemFree (pv=0x4eb248) [0194.035] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.035] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d10000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0194.036] CoTaskMemFree (pv=0x4eb248) [0194.036] GetModuleInformation (in: hProcess=0x304, hModule=0x73cc0000, lpmodinfo=0x2906d88, cb=0xc | out: lpmodinfo=0x2906d88*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0194.037] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.037] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73cc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0194.038] CoTaskMemFree (pv=0x4eb248) [0194.039] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.039] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73cc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0194.040] CoTaskMemFree (pv=0x4eb248) [0194.040] GetModuleInformation (in: hProcess=0x304, hModule=0x73cb0000, lpmodinfo=0x2908ea8, cb=0xc | out: lpmodinfo=0x2908ea8*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0194.041] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.041] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73cb0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0194.042] CoTaskMemFree (pv=0x4eb248) [0194.042] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.042] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73cb0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0194.043] CoTaskMemFree (pv=0x4eb248) [0194.043] GetModuleInformation (in: hProcess=0x304, hModule=0x71d00000, lpmodinfo=0x290afc0, cb=0xc | out: lpmodinfo=0x290afc0*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0194.045] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.045] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d00000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0194.046] CoTaskMemFree (pv=0x4eb248) [0194.046] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.046] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d00000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0194.048] CoTaskMemFree (pv=0x4eb248) [0194.048] GetModuleInformation (in: hProcess=0x304, hModule=0x71ce0000, lpmodinfo=0x290d0e0, cb=0xc | out: lpmodinfo=0x290d0e0*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0194.049] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.049] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71ce0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0194.051] CoTaskMemFree (pv=0x4eb248) [0194.051] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.051] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71ce0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0194.052] CoTaskMemFree (pv=0x4eb248) [0194.052] GetModuleInformation (in: hProcess=0x304, hModule=0x73b60000, lpmodinfo=0x290f200, cb=0xc | out: lpmodinfo=0x290f200*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0194.053] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.053] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73b60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0194.054] CoTaskMemFree (pv=0x4eb248) [0194.054] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.054] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73b60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0194.056] CoTaskMemFree (pv=0x4eb248) [0194.056] GetModuleInformation (in: hProcess=0x304, hModule=0x73ce0000, lpmodinfo=0x2911328, cb=0xc | out: lpmodinfo=0x2911328*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0194.057] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.057] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ce0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0194.058] CoTaskMemFree (pv=0x4eb248) [0194.058] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.058] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ce0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0194.060] CoTaskMemFree (pv=0x4eb248) [0194.060] GetModuleInformation (in: hProcess=0x304, hModule=0x73c30000, lpmodinfo=0x2913440, cb=0xc | out: lpmodinfo=0x2913440*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0194.061] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.061] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c30000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0194.063] CoTaskMemFree (pv=0x4eb248) [0194.063] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.063] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c30000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0194.065] CoTaskMemFree (pv=0x4eb248) [0194.065] GetModuleInformation (in: hProcess=0x304, hModule=0x73b70000, lpmodinfo=0x2915560, cb=0xc | out: lpmodinfo=0x2915560*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0194.067] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.067] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73b70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0194.068] CoTaskMemFree (pv=0x4eb248) [0194.068] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.068] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73b70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0194.070] CoTaskMemFree (pv=0x4eb248) [0194.070] GetModuleInformation (in: hProcess=0x304, hModule=0x71cd0000, lpmodinfo=0x2917680, cb=0xc | out: lpmodinfo=0x2917680*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0194.071] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.071] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71cd0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0194.072] CoTaskMemFree (pv=0x4eb248) [0194.072] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.072] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71cd0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0194.074] CoTaskMemFree (pv=0x4eb248) [0194.074] GetModuleInformation (in: hProcess=0x304, hModule=0x71c90000, lpmodinfo=0x2919798, cb=0xc | out: lpmodinfo=0x2919798*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0194.075] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.075] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71c90000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0194.077] CoTaskMemFree (pv=0x4eb248) [0194.077] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.077] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71c90000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0194.079] CoTaskMemFree (pv=0x4eb248) [0194.079] GetModuleInformation (in: hProcess=0x304, hModule=0x754f0000, lpmodinfo=0x291bac4, cb=0xc | out: lpmodinfo=0x291bac4*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0194.081] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.081] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0194.083] CoTaskMemFree (pv=0x4eb248) [0194.083] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.083] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0194.084] CoTaskMemFree (pv=0x4eb248) [0194.084] GetModuleInformation (in: hProcess=0x304, hModule=0x74d50000, lpmodinfo=0x291dbdc, cb=0xc | out: lpmodinfo=0x291dbdc*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0194.087] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.087] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74d50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0194.089] CoTaskMemFree (pv=0x4eb248) [0194.089] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.089] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74d50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0194.091] CoTaskMemFree (pv=0x4eb248) [0194.091] GetModuleInformation (in: hProcess=0x304, hModule=0x71c50000, lpmodinfo=0x291fcf4, cb=0xc | out: lpmodinfo=0x291fcf4*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0194.093] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.093] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71c50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0194.095] CoTaskMemFree (pv=0x4eb248) [0194.095] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.095] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71c50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0194.097] CoTaskMemFree (pv=0x4eb248) [0194.097] GetModuleInformation (in: hProcess=0x304, hModule=0x6d7a0000, lpmodinfo=0x2921e0c, cb=0xc | out: lpmodinfo=0x2921e0c*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0194.099] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.099] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d7a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0194.100] CoTaskMemFree (pv=0x4eb248) [0194.100] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.100] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d7a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0194.102] CoTaskMemFree (pv=0x4eb248) [0194.102] GetModuleInformation (in: hProcess=0x304, hModule=0x6d800000, lpmodinfo=0x2923f4c, cb=0xc | out: lpmodinfo=0x2923f4c*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0194.104] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.104] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d800000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0194.105] CoTaskMemFree (pv=0x4eb248) [0194.105] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.105] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d800000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0194.107] CoTaskMemFree (pv=0x4eb248) [0194.107] GetModuleInformation (in: hProcess=0x304, hModule=0x6d7e0000, lpmodinfo=0x2926070, cb=0xc | out: lpmodinfo=0x2926070*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0194.108] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.108] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d7e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0194.110] CoTaskMemFree (pv=0x4eb248) [0194.110] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.110] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d7e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0194.112] CoTaskMemFree (pv=0x4eb248) [0194.112] GetModuleInformation (in: hProcess=0x304, hModule=0x6d680000, lpmodinfo=0x2928180, cb=0xc | out: lpmodinfo=0x2928180*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0194.121] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.121] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d680000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0194.123] CoTaskMemFree (pv=0x4eb248) [0194.123] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.123] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d680000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0194.126] CoTaskMemFree (pv=0x4eb248) [0194.126] GetModuleInformation (in: hProcess=0x304, hModule=0x6d4f0000, lpmodinfo=0x292a354, cb=0xc | out: lpmodinfo=0x292a354*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0194.128] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.128] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d4f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0194.131] CoTaskMemFree (pv=0x4eb248) [0194.131] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.131] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d4f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0194.133] CoTaskMemFree (pv=0x4eb248) [0194.133] GetModuleInformation (in: hProcess=0x304, hModule=0x6d3f0000, lpmodinfo=0x292c510, cb=0xc | out: lpmodinfo=0x292c510*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0194.135] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.135] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d3f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0194.137] CoTaskMemFree (pv=0x4eb248) [0194.137] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.137] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d3f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0194.139] CoTaskMemFree (pv=0x4eb248) [0194.139] GetModuleInformation (in: hProcess=0x304, hModule=0x6c620000, lpmodinfo=0x292e640, cb=0xc | out: lpmodinfo=0x292e640*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0194.141] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.141] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6c620000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0194.143] CoTaskMemFree (pv=0x4eb248) [0194.143] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.143] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6c620000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0194.145] CoTaskMemFree (pv=0x4eb248) [0194.146] CloseHandle (hObject=0x304) returned 1 [0194.146] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0194.146] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0194.146] lstrlenA (lpString="ActivateActCtx") returned 14 [0194.146] lstrlenA (lpString="AddAtomA") returned 8 [0194.146] lstrlenA (lpString="AddAtomW") returned 8 [0194.146] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0194.146] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0194.147] lstrlenA (lpString="AddDllDirectory") returned 15 [0194.147] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0194.147] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0194.147] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0194.147] lstrlenA (lpString="AddRefActCtx") returned 12 [0194.147] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0194.147] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0194.147] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0194.148] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0194.148] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0194.148] lstrlenA (lpString="AllocConsole") returned 12 [0194.148] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0194.148] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0194.148] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0194.148] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0194.148] lstrlenA (lpString="AreFileApisANSI") returned 15 [0194.148] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0194.149] lstrlenA (lpString="AttachConsole") returned 13 [0194.149] lstrlenA (lpString="BackupRead") returned 10 [0194.149] lstrlenA (lpString="BackupSeek") returned 10 [0194.149] lstrlenA (lpString="BackupWrite") returned 11 [0194.149] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0194.149] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0194.149] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0194.149] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0194.149] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0194.149] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0194.150] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0194.150] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0194.150] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0194.150] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0194.150] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0194.150] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0194.150] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0194.150] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0194.151] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0194.151] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0194.151] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0194.151] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0194.151] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0194.151] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0194.151] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0194.151] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0194.151] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0194.152] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0194.152] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0194.152] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0194.152] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0194.152] lstrlenA (lpString="Beep") returned 4 [0194.152] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0194.152] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0194.153] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0194.153] lstrlenA (lpString="BuildCommDCBA") returned 13 [0194.153] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0194.153] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0194.153] lstrlenA (lpString="BuildCommDCBW") returned 13 [0194.153] lstrlenA (lpString="CallNamedPipeA") returned 14 [0194.153] lstrlenA (lpString="CallNamedPipeW") returned 14 [0194.153] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0194.154] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0194.154] lstrlenA (lpString="CancelIo") returned 8 [0194.154] lstrlenA (lpString="CancelIoEx") returned 10 [0194.154] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0194.154] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0194.154] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0194.154] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0194.154] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0194.155] lstrlenA (lpString="CheckElevation") returned 14 [0194.155] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0194.155] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0194.155] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0194.155] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0194.155] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0194.156] lstrlenA (lpString="ClearCommBreak") returned 14 [0194.156] lstrlenA (lpString="ClearCommError") returned 14 [0194.156] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0194.156] lstrlenA (lpString="CloseHandle") returned 11 [0194.156] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0194.156] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0194.156] lstrlenA (lpString="CloseThreadpool") returned 15 [0194.156] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0194.157] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0194.157] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0194.157] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0194.157] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0194.157] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0194.157] lstrlenA (lpString="CmdBatNotification") returned 18 [0194.158] lstrlenA (lpString="CommConfigDialogA") returned 17 [0194.158] lstrlenA (lpString="CommConfigDialogW") returned 17 [0194.158] lstrlenA (lpString="CompareCalendarDates") returned 20 [0194.158] lstrlenA (lpString="CompareFileTime") returned 15 [0194.158] lstrlenA (lpString="CompareStringA") returned 14 [0194.158] lstrlenA (lpString="CompareStringEx") returned 15 [0194.158] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0194.158] lstrlenA (lpString="CompareStringW") returned 14 [0194.159] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0194.159] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0194.159] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0194.159] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0194.159] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0194.159] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0194.159] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0194.159] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0194.160] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0194.160] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0194.160] lstrlenA (lpString="CopyContext") returned 11 [0194.160] lstrlenA (lpString="CopyFileA") returned 9 [0194.160] lstrlenA (lpString="CopyFileExA") returned 11 [0194.160] lstrlenA (lpString="CopyFileExW") returned 11 [0194.161] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0194.161] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0194.161] lstrlenA (lpString="CopyFileW") returned 9 [0194.161] lstrlenA (lpString="CopyLZFile") returned 10 [0194.161] lstrlenA (lpString="CreateActCtxA") returned 13 [0194.161] lstrlenA (lpString="CreateActCtxW") returned 13 [0194.161] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0194.161] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0194.162] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0194.162] lstrlenA (lpString="CreateDirectoryA") returned 16 [0194.162] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0194.162] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0194.162] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0194.162] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0194.162] lstrlenA (lpString="CreateDirectoryW") returned 16 [0194.162] lstrlenA (lpString="CreateEventA") returned 12 [0194.162] lstrlenA (lpString="CreateEventExA") returned 14 [0194.162] lstrlenA (lpString="CreateEventExW") returned 14 [0194.162] lstrlenA (lpString="CreateEventW") returned 12 [0194.162] lstrlenA (lpString="CreateFiber") returned 11 [0194.162] lstrlenA (lpString="CreateFiberEx") returned 13 [0194.163] lstrlenA (lpString="CreateFileA") returned 11 [0194.163] lstrlenA (lpString="CreateFileMappingA") returned 18 [0194.163] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0194.163] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0194.163] lstrlenA (lpString="CreateFileMappingW") returned 18 [0194.163] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0194.163] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0194.163] lstrlenA (lpString="CreateFileW") returned 11 [0194.163] lstrlenA (lpString="CreateHardLinkA") returned 15 [0194.163] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0194.163] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0194.163] lstrlenA (lpString="CreateHardLinkW") returned 15 [0194.163] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0194.163] lstrlenA (lpString="CreateJobObjectA") returned 16 [0194.164] lstrlenA (lpString="CreateJobObjectW") returned 16 [0194.164] lstrlenA (lpString="CreateJobSet") returned 12 [0194.164] lstrlenA (lpString="CreateMailslotA") returned 15 [0194.164] lstrlenA (lpString="CreateMailslotW") returned 15 [0194.164] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0194.164] lstrlenA (lpString="CreateMutexA") returned 12 [0194.164] lstrlenA (lpString="CreateMutexExA") returned 14 [0194.164] lstrlenA (lpString="CreateMutexExW") returned 14 [0194.164] lstrlenA (lpString="CreateMutexW") returned 12 [0194.164] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0194.164] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0194.164] lstrlenA (lpString="CreatePipe") returned 10 [0194.164] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0194.164] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0194.165] lstrlenA (lpString="CreateProcessA") returned 14 [0194.165] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0194.165] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0194.165] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0194.165] lstrlenA (lpString="CreateProcessW") returned 14 [0194.165] lstrlenA (lpString="CreateRemoteThread") returned 18 [0194.165] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0194.165] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0194.165] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0194.165] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0194.165] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0194.165] lstrlenA (lpString="CreateSocketHandle") returned 18 [0194.166] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0194.166] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0194.166] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0194.166] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0194.166] lstrlenA (lpString="CreateTapePartition") returned 19 [0194.166] lstrlenA (lpString="CreateThread") returned 12 [0194.166] lstrlenA (lpString="CreateThreadpool") returned 16 [0194.166] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0194.166] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0194.166] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0194.166] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0194.166] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0194.166] lstrlenA (lpString="CreateTimerQueue") returned 16 [0194.167] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0194.167] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0194.167] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0194.167] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0194.167] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0194.167] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0194.167] lstrlenA (lpString="CtrlRoutine") returned 11 [0194.167] lstrlenA (lpString="DeactivateActCtx") returned 16 [0194.167] lstrlenA (lpString="DebugActiveProcess") returned 18 [0194.167] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0194.167] lstrlenA (lpString="DebugBreak") returned 10 [0194.168] lstrlenA (lpString="DebugBreakProcess") returned 17 [0194.168] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0194.168] lstrlenA (lpString="DecodePointer") returned 13 [0194.168] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0194.168] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0194.168] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0194.168] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0194.168] lstrlenA (lpString="DeleteAtom") returned 10 [0194.168] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0194.168] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0194.169] lstrlenA (lpString="DeleteFiber") returned 11 [0194.169] lstrlenA (lpString="DeleteFileA") returned 11 [0194.169] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0194.169] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0194.169] lstrlenA (lpString="DeleteFileW") returned 11 [0194.169] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0194.169] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0194.169] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0194.169] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0194.169] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0194.169] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0194.170] lstrlenA (lpString="DeviceIoControl") returned 15 [0194.170] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0194.170] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0194.170] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0194.170] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0194.170] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0194.170] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0194.170] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0194.170] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0194.170] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0194.170] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0194.170] lstrlenA (lpString="DuplicateHandle") returned 15 [0194.170] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0194.171] lstrlenA (lpString="EncodePointer") returned 13 [0194.171] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0194.171] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0194.171] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0194.171] lstrlenA (lpString="EnterCriticalSection") returned 20 [0194.171] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0194.171] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0194.171] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0194.171] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0194.171] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0194.171] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0194.171] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0194.172] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0194.172] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0194.181] SetThreadContext (hThread=0x634, lpContext=0x277ae94*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x435d3e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0194.313] EnumProcessModules (in: hProcess=0x304, lphModule=0x29480e8, cb=0x100, lpcbNeeded=0x3cc764 | out: lphModule=0x29480e8, lpcbNeeded=0x3cc764) returned 1 [0194.314] EnumProcessModules (in: hProcess=0x304, lphModule=0x29481f4, cb=0x200, lpcbNeeded=0x3cc764 | out: lphModule=0x29481f4, lpcbNeeded=0x3cc764) returned 1 [0194.317] GetModuleInformation (in: hProcess=0x304, hModule=0x11e0000, lpmodinfo=0x2948434, cb=0xc | out: lpmodinfo=0x2948434*(lpBaseOfDll=0x11e0000, SizeOfImage=0xa2000, EntryPoint=0x127d84e)) returned 1 [0194.317] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.317] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x11e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="geater.exe") returned 0xa [0194.317] CoTaskMemFree (pv=0x4eb248) [0194.317] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.317] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x11e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\geater.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\geater.exe")) returned 0x30 [0194.318] CoTaskMemFree (pv=0x4eb248) [0194.318] GetModuleInformation (in: hProcess=0x304, hModule=0x77150000, lpmodinfo=0x294a58c, cb=0xc | out: lpmodinfo=0x294a58c*(lpBaseOfDll=0x77150000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0194.318] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.318] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x77150000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0194.318] CoTaskMemFree (pv=0x4eb248) [0194.318] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.318] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x77150000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0194.319] CoTaskMemFree (pv=0x4eb248) [0194.319] GetModuleInformation (in: hProcess=0x304, hModule=0x74b40000, lpmodinfo=0x294c69c, cb=0xc | out: lpmodinfo=0x294c69c*(lpBaseOfDll=0x74b40000, SizeOfImage=0x4a000, EntryPoint=0x74b42e54)) returned 1 [0194.319] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.319] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74b40000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0194.319] CoTaskMemFree (pv=0x4eb248) [0194.319] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.319] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74b40000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0194.320] CoTaskMemFree (pv=0x4eb248) [0194.320] GetModuleInformation (in: hProcess=0x304, hModule=0x75620000, lpmodinfo=0x294e7b4, cb=0xc | out: lpmodinfo=0x294e7b4*(lpBaseOfDll=0x75620000, SizeOfImage=0x110000, EntryPoint=0x75633283)) returned 1 [0194.320] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.320] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75620000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0194.320] CoTaskMemFree (pv=0x4eb248) [0194.320] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.321] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75620000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0194.321] CoTaskMemFree (pv=0x4eb248) [0194.321] GetModuleInformation (in: hProcess=0x304, hModule=0x74dc0000, lpmodinfo=0x29508d4, cb=0xc | out: lpmodinfo=0x29508d4*(lpBaseOfDll=0x74dc0000, SizeOfImage=0x47000, EntryPoint=0x74dc74c1)) returned 1 [0194.322] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.322] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74dc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0194.322] CoTaskMemFree (pv=0x4eb248) [0194.322] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.322] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74dc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0194.322] CoTaskMemFree (pv=0x4eb248) [0194.322] GetModuleInformation (in: hProcess=0x304, hModule=0x767e0000, lpmodinfo=0x2952a28, cb=0xc | out: lpmodinfo=0x2952a28*(lpBaseOfDll=0x767e0000, SizeOfImage=0xa0000, EntryPoint=0x767f49e5)) returned 1 [0194.323] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.323] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x767e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0194.323] CoTaskMemFree (pv=0x4eb248) [0194.323] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.323] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x767e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0194.324] CoTaskMemFree (pv=0x4eb248) [0194.324] GetModuleInformation (in: hProcess=0x304, hModule=0x752c0000, lpmodinfo=0x2954b48, cb=0xc | out: lpmodinfo=0x2954b48*(lpBaseOfDll=0x752c0000, SizeOfImage=0xac000, EntryPoint=0x752ca472)) returned 1 [0194.324] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.324] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x752c0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0194.324] CoTaskMemFree (pv=0x4eb248) [0194.325] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.325] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x752c0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0194.325] CoTaskMemFree (pv=0x4eb248) [0194.325] GetModuleInformation (in: hProcess=0x304, hModule=0x74e10000, lpmodinfo=0x2956c60, cb=0xc | out: lpmodinfo=0x2956c60*(lpBaseOfDll=0x74e10000, SizeOfImage=0x19000, EntryPoint=0x74e14975)) returned 1 [0194.326] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.326] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74e10000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0194.326] CoTaskMemFree (pv=0x4eb248) [0194.326] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.326] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74e10000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0194.327] CoTaskMemFree (pv=0x4eb248) [0194.327] GetModuleInformation (in: hProcess=0x304, hModule=0x76450000, lpmodinfo=0x2958d78, cb=0xc | out: lpmodinfo=0x2958d78*(lpBaseOfDll=0x76450000, SizeOfImage=0xf0000, EntryPoint=0x76460569)) returned 1 [0194.327] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.327] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76450000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0194.328] CoTaskMemFree (pv=0x4eb248) [0194.328] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.328] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76450000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0194.328] CoTaskMemFree (pv=0x4eb248) [0194.328] GetModuleInformation (in: hProcess=0x304, hModule=0x74ca0000, lpmodinfo=0x295aedc, cb=0xc | out: lpmodinfo=0x295aedc*(lpBaseOfDll=0x74ca0000, SizeOfImage=0x60000, EntryPoint=0x74cba3b3)) returned 1 [0194.329] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.329] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ca0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0194.329] CoTaskMemFree (pv=0x4eb248) [0194.329] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.329] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ca0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0194.330] CoTaskMemFree (pv=0x4eb248) [0194.330] GetModuleInformation (in: hProcess=0x304, hModule=0x74c90000, lpmodinfo=0x295cff4, cb=0xc | out: lpmodinfo=0x295cff4*(lpBaseOfDll=0x74c90000, SizeOfImage=0xc000, EntryPoint=0x74c910e1)) returned 1 [0194.330] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.330] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74c90000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0194.331] CoTaskMemFree (pv=0x4eb248) [0194.331] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.331] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74c90000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0194.332] CoTaskMemFree (pv=0x4eb248) [0194.332] GetModuleInformation (in: hProcess=0x304, hModule=0x74ab0000, lpmodinfo=0x295f114, cb=0xc | out: lpmodinfo=0x295f114*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x8d000, EntryPoint=0x74ac2860)) returned 1 [0194.332] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.332] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ab0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0194.333] CoTaskMemFree (pv=0x4eb248) [0194.333] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.333] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ab0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0194.333] CoTaskMemFree (pv=0x4eb248) [0194.333] GetModuleInformation (in: hProcess=0x304, hModule=0x72cc0000, lpmodinfo=0x2961268, cb=0xc | out: lpmodinfo=0x2961268*(lpBaseOfDll=0x72cc0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0194.334] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.334] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x72cc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0194.334] CoTaskMemFree (pv=0x4eb248) [0194.334] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.334] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x72cc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0194.335] CoTaskMemFree (pv=0x4eb248) [0194.335] GetModuleInformation (in: hProcess=0x304, hModule=0x76540000, lpmodinfo=0x29633d8, cb=0xc | out: lpmodinfo=0x29633d8*(lpBaseOfDll=0x76540000, SizeOfImage=0x57000, EntryPoint=0x76559ba6)) returned 1 [0194.335] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.335] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76540000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0194.336] CoTaskMemFree (pv=0x4eb248) [0194.336] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.336] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76540000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0194.337] CoTaskMemFree (pv=0x4eb248) [0194.337] GetModuleInformation (in: hProcess=0x304, hModule=0x76ae0000, lpmodinfo=0x29654f0, cb=0xc | out: lpmodinfo=0x29654f0*(lpBaseOfDll=0x76ae0000, SizeOfImage=0x90000, EntryPoint=0x76af6343)) returned 1 [0194.337] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.337] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76ae0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0194.338] CoTaskMemFree (pv=0x4eb248) [0194.338] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.338] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76ae0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0194.339] CoTaskMemFree (pv=0x4eb248) [0194.339] GetModuleInformation (in: hProcess=0x304, hModule=0x74f70000, lpmodinfo=0x2967600, cb=0xc | out: lpmodinfo=0x2967600*(lpBaseOfDll=0x74f70000, SizeOfImage=0x100000, EntryPoint=0x74f8b6ed)) returned 1 [0194.339] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.339] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74f70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0194.340] CoTaskMemFree (pv=0x4eb248) [0194.340] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.340] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74f70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0194.341] CoTaskMemFree (pv=0x4eb248) [0194.341] GetModuleInformation (in: hProcess=0x304, hModule=0x77120000, lpmodinfo=0x2969718, cb=0xc | out: lpmodinfo=0x2969718*(lpBaseOfDll=0x77120000, SizeOfImage=0xa000, EntryPoint=0x771236a0)) returned 1 [0194.341] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.341] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x77120000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0194.342] CoTaskMemFree (pv=0x4eb248) [0194.342] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.342] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x77120000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0194.343] CoTaskMemFree (pv=0x4eb248) [0194.343] GetModuleInformation (in: hProcess=0x304, hModule=0x76740000, lpmodinfo=0x296b8ac, cb=0xc | out: lpmodinfo=0x296b8ac*(lpBaseOfDll=0x76740000, SizeOfImage=0x9d000, EntryPoint=0x76773fd7)) returned 1 [0194.344] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.344] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76740000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0194.344] CoTaskMemFree (pv=0x4eb248) [0194.344] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.344] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76740000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0194.345] CoTaskMemFree (pv=0x4eb248) [0194.345] GetModuleInformation (in: hProcess=0x304, hModule=0x769f0000, lpmodinfo=0x296d9bc, cb=0xc | out: lpmodinfo=0x296d9bc*(lpBaseOfDll=0x769f0000, SizeOfImage=0x60000, EntryPoint=0x76a0158f)) returned 1 [0194.346] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.346] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x769f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0194.346] CoTaskMemFree (pv=0x4eb248) [0194.346] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.346] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x769f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0194.347] CoTaskMemFree (pv=0x4eb248) [0194.347] GetModuleInformation (in: hProcess=0x304, hModule=0x76380000, lpmodinfo=0x296facc, cb=0xc | out: lpmodinfo=0x296facc*(lpBaseOfDll=0x76380000, SizeOfImage=0xcc000, EntryPoint=0x7638168b)) returned 1 [0194.348] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.348] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76380000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0194.348] CoTaskMemFree (pv=0x4eb248) [0194.348] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.349] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76380000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0194.349] CoTaskMemFree (pv=0x4eb248) [0194.349] GetModuleInformation (in: hProcess=0x304, hModule=0x73ca0000, lpmodinfo=0x2971bdc, cb=0xc | out: lpmodinfo=0x2971bdc*(lpBaseOfDll=0x73ca0000, SizeOfImage=0x9000, EntryPoint=0x73ca1220)) returned 1 [0194.350] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.350] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ca0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0194.351] CoTaskMemFree (pv=0x4eb248) [0194.351] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.351] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ca0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0194.351] CoTaskMemFree (pv=0x4eb248) [0194.351] GetModuleInformation (in: hProcess=0x304, hModule=0x714a0000, lpmodinfo=0x2973cf4, cb=0xc | out: lpmodinfo=0x2973cf4*(lpBaseOfDll=0x714a0000, SizeOfImage=0x7af000, EntryPoint=0x714bd0d0)) returned 1 [0194.352] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.352] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x714a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0194.353] CoTaskMemFree (pv=0x4eb248) [0194.353] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.353] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x714a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0194.354] CoTaskMemFree (pv=0x4eb248) [0194.354] GetModuleInformation (in: hProcess=0x304, hModule=0x723e0000, lpmodinfo=0x2975e30, cb=0xc | out: lpmodinfo=0x2975e30*(lpBaseOfDll=0x723e0000, SizeOfImage=0x14000, EntryPoint=0x723eac00)) returned 1 [0194.355] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.355] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x723e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0194.356] CoTaskMemFree (pv=0x4eb248) [0194.356] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.356] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x723e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0194.357] CoTaskMemFree (pv=0x4eb248) [0194.357] GetModuleInformation (in: hProcess=0x304, hModule=0x72330000, lpmodinfo=0x2977f80, cb=0xc | out: lpmodinfo=0x2977f80*(lpBaseOfDll=0x72330000, SizeOfImage=0xab000, EntryPoint=0x723c5f20)) returned 1 [0194.357] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.358] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x72330000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0194.358] CoTaskMemFree (pv=0x4eb248) [0194.358] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.358] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x72330000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0194.359] CoTaskMemFree (pv=0x4eb248) [0194.359] GetModuleInformation (in: hProcess=0x304, hModule=0x70090000, lpmodinfo=0x297a0cc, cb=0xc | out: lpmodinfo=0x297a0cc*(lpBaseOfDll=0x70090000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0194.360] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.360] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x70090000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0194.361] CoTaskMemFree (pv=0x4eb248) [0194.361] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.361] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x70090000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0194.362] CoTaskMemFree (pv=0x4eb248) [0194.362] GetModuleInformation (in: hProcess=0x304, hModule=0x75370000, lpmodinfo=0x297c280, cb=0xc | out: lpmodinfo=0x297c280*(lpBaseOfDll=0x75370000, SizeOfImage=0x15c000, EntryPoint=0x753bba3d)) returned 1 [0194.363] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.363] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75370000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0194.364] CoTaskMemFree (pv=0x4eb248) [0194.364] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.364] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75370000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0194.365] CoTaskMemFree (pv=0x4eb248) [0194.365] GetModuleInformation (in: hProcess=0x304, hModule=0x73bb0000, lpmodinfo=0x297e390, cb=0xc | out: lpmodinfo=0x297e390*(lpBaseOfDll=0x73bb0000, SizeOfImage=0x80000, EntryPoint=0x73bc37c9)) returned 1 [0194.366] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.366] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73bb0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0194.367] CoTaskMemFree (pv=0x4eb248) [0194.367] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.367] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73bb0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0194.368] CoTaskMemFree (pv=0x4eb248) [0194.368] GetModuleInformation (in: hProcess=0x304, hModule=0x74aa0000, lpmodinfo=0x29804a8, cb=0xc | out: lpmodinfo=0x29804a8*(lpBaseOfDll=0x74aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0194.369] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.369] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74aa0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0194.369] CoTaskMemFree (pv=0x4eb248) [0194.370] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.370] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74aa0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0194.371] CoTaskMemFree (pv=0x4eb248) [0194.371] GetModuleInformation (in: hProcess=0x304, hModule=0x722a0000, lpmodinfo=0x2982618, cb=0xc | out: lpmodinfo=0x2982618*(lpBaseOfDll=0x722a0000, SizeOfImage=0x89000, EntryPoint=0x722a1130)) returned 1 [0194.371] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.371] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x722a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0194.372] CoTaskMemFree (pv=0x4eb248) [0194.372] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.372] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x722a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0194.373] CoTaskMemFree (pv=0x4eb248) [0194.373] GetModuleInformation (in: hProcess=0x304, hModule=0x76a50000, lpmodinfo=0x2984764, cb=0xc | out: lpmodinfo=0x2984764*(lpBaseOfDll=0x76a50000, SizeOfImage=0x8f000, EntryPoint=0x76a53fb1)) returned 1 [0194.374] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.374] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76a50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0194.375] CoTaskMemFree (pv=0x4eb248) [0194.375] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.375] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76a50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0194.376] CoTaskMemFree (pv=0x4eb248) [0194.376] GetModuleInformation (in: hProcess=0x304, hModule=0x6f630000, lpmodinfo=0x2986884, cb=0xc | out: lpmodinfo=0x2986884*(lpBaseOfDll=0x6f630000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0194.377] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.377] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f630000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0194.378] CoTaskMemFree (pv=0x4eb248) [0194.378] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.378] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f630000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0194.380] CoTaskMemFree (pv=0x4eb248) [0194.380] GetModuleInformation (in: hProcess=0x304, hModule=0x720f0000, lpmodinfo=0x2988a2c, cb=0xc | out: lpmodinfo=0x2988a2c*(lpBaseOfDll=0x720f0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0194.381] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.381] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x720f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0194.382] CoTaskMemFree (pv=0x4eb248) [0194.382] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.382] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x720f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0194.399] CoTaskMemFree (pv=0x4eb248) [0194.399] GetModuleInformation (in: hProcess=0x304, hModule=0x6e7c0000, lpmodinfo=0x2797298, cb=0xc | out: lpmodinfo=0x2797298*(lpBaseOfDll=0x6e7c0000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0194.400] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.401] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6e7c0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0194.402] CoTaskMemFree (pv=0x4eb248) [0194.402] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.402] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6e7c0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0194.403] CoTaskMemFree (pv=0x4eb248) [0194.403] GetModuleInformation (in: hProcess=0x304, hModule=0x6dfa0000, lpmodinfo=0x27995a0, cb=0xc | out: lpmodinfo=0x27995a0*(lpBaseOfDll=0x6dfa0000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0194.404] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.404] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6dfa0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0194.405] CoTaskMemFree (pv=0x4eb248) [0194.405] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.405] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6dfa0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0194.406] CoTaskMemFree (pv=0x4eb248) [0194.406] GetModuleInformation (in: hProcess=0x304, hModule=0x71f00000, lpmodinfo=0x279b768, cb=0xc | out: lpmodinfo=0x279b768*(lpBaseOfDll=0x71f00000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0194.408] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.408] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71f00000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0194.409] CoTaskMemFree (pv=0x4eb248) [0194.409] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.409] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71f00000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0194.411] CoTaskMemFree (pv=0x4eb248) [0194.411] GetModuleInformation (in: hProcess=0x304, hModule=0x71df0000, lpmodinfo=0x279d968, cb=0xc | out: lpmodinfo=0x279d968*(lpBaseOfDll=0x71df0000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0194.412] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.412] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71df0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0194.413] CoTaskMemFree (pv=0x4eb248) [0194.413] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.413] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71df0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0194.415] CoTaskMemFree (pv=0x4eb248) [0194.415] GetModuleInformation (in: hProcess=0x304, hModule=0x6d820000, lpmodinfo=0x279fb64, cb=0xc | out: lpmodinfo=0x279fb64*(lpBaseOfDll=0x6d820000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0194.416] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.416] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d820000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0194.418] CoTaskMemFree (pv=0x4eb248) [0194.418] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.418] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d820000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0194.419] CoTaskMemFree (pv=0x4eb248) [0194.419] GetModuleInformation (in: hProcess=0x304, hModule=0x74a80000, lpmodinfo=0x27a1d24, cb=0xc | out: lpmodinfo=0x27a1d24*(lpBaseOfDll=0x74a80000, SizeOfImage=0x13000, EntryPoint=0x74a8d900)) returned 1 [0194.420] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.420] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a80000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0194.422] CoTaskMemFree (pv=0x4eb248) [0194.422] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.422] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a80000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0194.423] CoTaskMemFree (pv=0x4eb248) [0194.423] GetModuleInformation (in: hProcess=0x304, hModule=0x75730000, lpmodinfo=0x27a3e80, cb=0xc | out: lpmodinfo=0x27a3e80*(lpBaseOfDll=0x75730000, SizeOfImage=0xc4a000, EntryPoint=0x757b1601)) returned 1 [0194.425] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.425] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75730000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0194.426] CoTaskMemFree (pv=0x4eb248) [0194.426] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.426] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75730000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0194.428] CoTaskMemFree (pv=0x4eb248) [0194.428] GetModuleInformation (in: hProcess=0x304, hModule=0x73d60000, lpmodinfo=0x27a5f98, cb=0xc | out: lpmodinfo=0x27a5f98*(lpBaseOfDll=0x73d60000, SizeOfImage=0xb000, EntryPoint=0x73d61992)) returned 1 [0194.429] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.429] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73d60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0194.431] CoTaskMemFree (pv=0x4eb248) [0194.431] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.431] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73d60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0194.432] CoTaskMemFree (pv=0x4eb248) [0194.432] GetModuleInformation (in: hProcess=0x304, hModule=0x71dd0000, lpmodinfo=0x27a80b0, cb=0xc | out: lpmodinfo=0x27a80b0*(lpBaseOfDll=0x71dd0000, SizeOfImage=0x17000, EntryPoint=0x71dd35fa)) returned 1 [0194.434] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.434] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71dd0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0194.436] CoTaskMemFree (pv=0x4eb248) [0194.436] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.436] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71dd0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0194.438] CoTaskMemFree (pv=0x4eb248) [0194.438] GetModuleInformation (in: hProcess=0x304, hModule=0x73a30000, lpmodinfo=0x27aa1c8, cb=0xc | out: lpmodinfo=0x27aa1c8*(lpBaseOfDll=0x73a30000, SizeOfImage=0x17000, EntryPoint=0x73a33573)) returned 1 [0194.440] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.440] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73a30000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0194.442] CoTaskMemFree (pv=0x4eb248) [0194.442] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.442] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73a30000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0194.444] CoTaskMemFree (pv=0x4eb248) [0194.444] GetModuleInformation (in: hProcess=0x304, hModule=0x739f0000, lpmodinfo=0x27ac2e0, cb=0xc | out: lpmodinfo=0x27ac2e0*(lpBaseOfDll=0x739f0000, SizeOfImage=0x3b000, EntryPoint=0x739f128d)) returned 1 [0194.446] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.446] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x739f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0194.448] CoTaskMemFree (pv=0x4eb248) [0194.448] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.448] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x739f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0194.450] CoTaskMemFree (pv=0x4eb248) [0194.450] GetModuleInformation (in: hProcess=0x304, hModule=0x754e0000, lpmodinfo=0x27ae3f8, cb=0xc | out: lpmodinfo=0x27ae3f8*(lpBaseOfDll=0x754e0000, SizeOfImage=0x5000, EntryPoint=0x754e1438)) returned 1 [0194.452] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.452] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0194.453] CoTaskMemFree (pv=0x4eb248) [0194.453] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.453] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0194.455] CoTaskMemFree (pv=0x4eb248) [0194.455] GetModuleInformation (in: hProcess=0x304, hModule=0x73ae0000, lpmodinfo=0x27b0508, cb=0xc | out: lpmodinfo=0x27b0508*(lpBaseOfDll=0x73ae0000, SizeOfImage=0x52000, EntryPoint=0x73ae14be)) returned 1 [0194.457] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.457] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ae0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0194.459] CoTaskMemFree (pv=0x4eb248) [0194.459] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.459] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ae0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0194.460] CoTaskMemFree (pv=0x4eb248) [0194.460] GetModuleInformation (in: hProcess=0x304, hModule=0x73ac0000, lpmodinfo=0x27b2628, cb=0xc | out: lpmodinfo=0x27b2628*(lpBaseOfDll=0x73ac0000, SizeOfImage=0x15000, EntryPoint=0x73ac12de)) returned 1 [0194.462] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.462] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ac0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0194.464] CoTaskMemFree (pv=0x4eb248) [0194.464] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.464] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ac0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0194.465] CoTaskMemFree (pv=0x4eb248) [0194.465] GetModuleInformation (in: hProcess=0x304, hModule=0x76920000, lpmodinfo=0x27b4740, cb=0xc | out: lpmodinfo=0x27b4740*(lpBaseOfDll=0x76920000, SizeOfImage=0x35000, EntryPoint=0x7692145d)) returned 1 [0194.467] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.467] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76920000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0194.468] CoTaskMemFree (pv=0x4eb248) [0194.468] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.468] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76920000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0194.469] CoTaskMemFree (pv=0x4eb248) [0194.469] GetModuleInformation (in: hProcess=0x304, hModule=0x754d0000, lpmodinfo=0x27b6858, cb=0xc | out: lpmodinfo=0x27b6858*(lpBaseOfDll=0x754d0000, SizeOfImage=0x6000, EntryPoint=0x754d1782)) returned 1 [0194.470] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.470] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754d0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0194.472] CoTaskMemFree (pv=0x4eb248) [0194.472] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.472] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754d0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0194.473] CoTaskMemFree (pv=0x4eb248) [0194.473] GetModuleInformation (in: hProcess=0x304, hModule=0x73ab0000, lpmodinfo=0x27b896c, cb=0xc | out: lpmodinfo=0x27b896c*(lpBaseOfDll=0x73ab0000, SizeOfImage=0xd000, EntryPoint=0x73ab1326)) returned 1 [0194.475] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.475] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ab0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0194.476] CoTaskMemFree (pv=0x4eb248) [0194.476] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.476] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ab0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0194.478] CoTaskMemFree (pv=0x4eb248) [0194.478] GetModuleInformation (in: hProcess=0x304, hModule=0x73c60000, lpmodinfo=0x27baa84, cb=0xc | out: lpmodinfo=0x27baa84*(lpBaseOfDll=0x73c60000, SizeOfImage=0x3c000, EntryPoint=0x73c6145d)) returned 1 [0194.479] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.479] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0194.481] CoTaskMemFree (pv=0x4eb248) [0194.481] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.481] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0194.482] CoTaskMemFree (pv=0x4eb248) [0194.482] GetModuleInformation (in: hProcess=0x304, hModule=0x73c50000, lpmodinfo=0x27bcb9c, cb=0xc | out: lpmodinfo=0x27bcb9c*(lpBaseOfDll=0x73c50000, SizeOfImage=0x5000, EntryPoint=0x73c515df)) returned 1 [0194.483] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.483] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0194.485] CoTaskMemFree (pv=0x4eb248) [0194.485] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.485] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0194.487] CoTaskMemFree (pv=0x4eb248) [0194.487] GetModuleInformation (in: hProcess=0x304, hModule=0x73c40000, lpmodinfo=0x27becbc, cb=0xc | out: lpmodinfo=0x27becbc*(lpBaseOfDll=0x73c40000, SizeOfImage=0x6000, EntryPoint=0x73c41673)) returned 1 [0194.494] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.494] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c40000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0194.496] CoTaskMemFree (pv=0x4eb248) [0194.496] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.496] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c40000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0194.497] CoTaskMemFree (pv=0x4eb248) [0194.497] GetModuleInformation (in: hProcess=0x304, hModule=0x71d70000, lpmodinfo=0x27c0dd4, cb=0xc | out: lpmodinfo=0x27c0dd4*(lpBaseOfDll=0x71d70000, SizeOfImage=0x58000, EntryPoint=0x71d713b4)) returned 1 [0194.499] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.499] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0194.501] CoTaskMemFree (pv=0x4eb248) [0194.501] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.501] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0194.504] CoTaskMemFree (pv=0x4eb248) [0194.504] GetModuleInformation (in: hProcess=0x304, hModule=0x71d20000, lpmodinfo=0x27c2eec, cb=0xc | out: lpmodinfo=0x27c2eec*(lpBaseOfDll=0x71d20000, SizeOfImage=0x4f000, EntryPoint=0x71d21452)) returned 1 [0194.505] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.505] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d20000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0194.507] CoTaskMemFree (pv=0x4eb248) [0194.507] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.508] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d20000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0194.509] CoTaskMemFree (pv=0x4eb248) [0194.509] GetModuleInformation (in: hProcess=0x304, hModule=0x71d10000, lpmodinfo=0x27c4ffc, cb=0xc | out: lpmodinfo=0x27c4ffc*(lpBaseOfDll=0x71d10000, SizeOfImage=0x8000, EntryPoint=0x71d134d3)) returned 1 [0194.511] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.511] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d10000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0194.512] CoTaskMemFree (pv=0x4eb248) [0194.512] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.512] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d10000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0194.514] CoTaskMemFree (pv=0x4eb248) [0194.514] GetModuleInformation (in: hProcess=0x304, hModule=0x73cc0000, lpmodinfo=0x27c7114, cb=0xc | out: lpmodinfo=0x27c7114*(lpBaseOfDll=0x73cc0000, SizeOfImage=0x1c000, EntryPoint=0x73cca431)) returned 1 [0194.516] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.516] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73cc0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0194.517] CoTaskMemFree (pv=0x4eb248) [0194.518] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.518] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73cc0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0194.520] CoTaskMemFree (pv=0x4eb248) [0194.520] GetModuleInformation (in: hProcess=0x304, hModule=0x73cb0000, lpmodinfo=0x27c9234, cb=0xc | out: lpmodinfo=0x27c9234*(lpBaseOfDll=0x73cb0000, SizeOfImage=0x7000, EntryPoint=0x73cb128d)) returned 1 [0194.522] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.522] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73cb0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0194.525] CoTaskMemFree (pv=0x4eb248) [0194.525] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.525] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73cb0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0194.528] CoTaskMemFree (pv=0x4eb248) [0194.528] GetModuleInformation (in: hProcess=0x304, hModule=0x71d00000, lpmodinfo=0x27cb34c, cb=0xc | out: lpmodinfo=0x27cb34c*(lpBaseOfDll=0x71d00000, SizeOfImage=0xd000, EntryPoint=0x71d02012)) returned 1 [0194.530] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.530] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71d00000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0194.533] CoTaskMemFree (pv=0x4eb248) [0194.533] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.533] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71d00000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0194.535] CoTaskMemFree (pv=0x4eb248) [0194.535] GetModuleInformation (in: hProcess=0x304, hModule=0x71ce0000, lpmodinfo=0x27cd46c, cb=0xc | out: lpmodinfo=0x27cd46c*(lpBaseOfDll=0x71ce0000, SizeOfImage=0x12000, EntryPoint=0x71ce3271)) returned 1 [0194.537] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.538] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71ce0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0194.540] CoTaskMemFree (pv=0x4eb248) [0194.540] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.540] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71ce0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0194.542] CoTaskMemFree (pv=0x4eb248) [0194.542] GetModuleInformation (in: hProcess=0x304, hModule=0x73b60000, lpmodinfo=0x27cf58c, cb=0xc | out: lpmodinfo=0x27cf58c*(lpBaseOfDll=0x73b60000, SizeOfImage=0xe000, EntryPoint=0x73b61235)) returned 1 [0194.544] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.544] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73b60000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0194.546] CoTaskMemFree (pv=0x4eb248) [0194.547] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.547] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73b60000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0194.550] CoTaskMemFree (pv=0x4eb248) [0194.550] GetModuleInformation (in: hProcess=0x304, hModule=0x73ce0000, lpmodinfo=0x27d16b4, cb=0xc | out: lpmodinfo=0x27d16b4*(lpBaseOfDll=0x73ce0000, SizeOfImage=0x44000, EntryPoint=0x73cf63f9)) returned 1 [0194.552] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.552] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73ce0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0194.555] CoTaskMemFree (pv=0x4eb248) [0194.555] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.555] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73ce0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0194.557] CoTaskMemFree (pv=0x4eb248) [0194.557] GetModuleInformation (in: hProcess=0x304, hModule=0x73c30000, lpmodinfo=0x27d37cc, cb=0xc | out: lpmodinfo=0x27d37cc*(lpBaseOfDll=0x73c30000, SizeOfImage=0x6000, EntryPoint=0x73c314b2)) returned 1 [0194.559] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.559] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73c30000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0194.561] CoTaskMemFree (pv=0x4eb248) [0194.561] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.561] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73c30000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0194.563] CoTaskMemFree (pv=0x4eb248) [0194.563] GetModuleInformation (in: hProcess=0x304, hModule=0x73b70000, lpmodinfo=0x27d58ec, cb=0xc | out: lpmodinfo=0x27d58ec*(lpBaseOfDll=0x73b70000, SizeOfImage=0x38000, EntryPoint=0x73b7990e)) returned 1 [0194.565] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.565] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73b70000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0194.568] CoTaskMemFree (pv=0x4eb248) [0194.568] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.568] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73b70000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0194.570] CoTaskMemFree (pv=0x4eb248) [0194.570] GetModuleInformation (in: hProcess=0x304, hModule=0x71cd0000, lpmodinfo=0x27d7a0c, cb=0xc | out: lpmodinfo=0x27d7a0c*(lpBaseOfDll=0x71cd0000, SizeOfImage=0x8000, EntryPoint=0x71cd10e9)) returned 1 [0194.572] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.572] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71cd0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0194.575] CoTaskMemFree (pv=0x4eb248) [0194.575] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.575] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71cd0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0194.577] CoTaskMemFree (pv=0x4eb248) [0194.577] GetModuleInformation (in: hProcess=0x304, hModule=0x71c90000, lpmodinfo=0x27d9b24, cb=0xc | out: lpmodinfo=0x27d9b24*(lpBaseOfDll=0x71c90000, SizeOfImage=0x3f000, EntryPoint=0x71c92351)) returned 1 [0194.579] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.579] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71c90000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0194.581] CoTaskMemFree (pv=0x4eb248) [0194.581] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.581] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71c90000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0194.584] CoTaskMemFree (pv=0x4eb248) [0194.584] GetModuleInformation (in: hProcess=0x304, hModule=0x754f0000, lpmodinfo=0x27dbe50, cb=0xc | out: lpmodinfo=0x27dbe50*(lpBaseOfDll=0x754f0000, SizeOfImage=0x121000, EntryPoint=0x754f158e)) returned 1 [0194.585] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.585] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x754f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0194.588] CoTaskMemFree (pv=0x4eb248) [0194.588] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.588] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x754f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0194.590] CoTaskMemFree (pv=0x4eb248) [0194.590] GetModuleInformation (in: hProcess=0x304, hModule=0x74d50000, lpmodinfo=0x27ddf68, cb=0xc | out: lpmodinfo=0x27ddf68*(lpBaseOfDll=0x74d50000, SizeOfImage=0xc000, EntryPoint=0x74d5238e)) returned 1 [0194.592] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.592] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74d50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0194.594] CoTaskMemFree (pv=0x4eb248) [0194.594] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.594] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74d50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0194.597] CoTaskMemFree (pv=0x4eb248) [0194.597] GetModuleInformation (in: hProcess=0x304, hModule=0x71c50000, lpmodinfo=0x27e0080, cb=0xc | out: lpmodinfo=0x27e0080*(lpBaseOfDll=0x71c50000, SizeOfImage=0x38000, EntryPoint=0x71c51489)) returned 1 [0194.600] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.600] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71c50000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0194.603] CoTaskMemFree (pv=0x4eb248) [0194.603] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.603] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71c50000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0194.605] CoTaskMemFree (pv=0x4eb248) [0194.605] GetModuleInformation (in: hProcess=0x304, hModule=0x6d7a0000, lpmodinfo=0x27e2198, cb=0xc | out: lpmodinfo=0x27e2198*(lpBaseOfDll=0x6d7a0000, SizeOfImage=0x3d000, EntryPoint=0x6d7a10f5)) returned 1 [0194.608] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.608] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d7a0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0194.611] CoTaskMemFree (pv=0x4eb248) [0194.611] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.611] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d7a0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0194.613] CoTaskMemFree (pv=0x4eb248) [0194.613] GetModuleInformation (in: hProcess=0x304, hModule=0x6d800000, lpmodinfo=0x27e42d8, cb=0xc | out: lpmodinfo=0x27e42d8*(lpBaseOfDll=0x6d800000, SizeOfImage=0x17000, EntryPoint=0x6d801c9d)) returned 1 [0194.616] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.616] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d800000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0194.618] CoTaskMemFree (pv=0x4eb248) [0194.618] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.618] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d800000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0194.620] CoTaskMemFree (pv=0x4eb248) [0194.620] GetModuleInformation (in: hProcess=0x304, hModule=0x6d7e0000, lpmodinfo=0x27e63f0, cb=0xc | out: lpmodinfo=0x27e63f0*(lpBaseOfDll=0x6d7e0000, SizeOfImage=0x16000, EntryPoint=0x6d7e2061)) returned 1 [0194.622] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.622] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d7e0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0194.624] CoTaskMemFree (pv=0x4eb248) [0194.624] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.624] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d7e0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0194.626] CoTaskMemFree (pv=0x4eb248) [0194.626] GetModuleInformation (in: hProcess=0x304, hModule=0x6d680000, lpmodinfo=0x27e8500, cb=0xc | out: lpmodinfo=0x27e8500*(lpBaseOfDll=0x6d680000, SizeOfImage=0x84000, EntryPoint=0x6d6819a9)) returned 1 [0194.630] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.630] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d680000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0194.632] CoTaskMemFree (pv=0x4eb248) [0194.632] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.632] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d680000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0194.634] CoTaskMemFree (pv=0x4eb248) [0194.634] GetModuleInformation (in: hProcess=0x304, hModule=0x6d4f0000, lpmodinfo=0x27ea6d4, cb=0xc | out: lpmodinfo=0x27ea6d4*(lpBaseOfDll=0x6d4f0000, SizeOfImage=0x190000, EntryPoint=0x6d58d026)) returned 1 [0194.637] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.637] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d4f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0194.639] CoTaskMemFree (pv=0x4eb248) [0194.639] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.639] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d4f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0194.641] CoTaskMemFree (pv=0x4eb248) [0194.641] GetModuleInformation (in: hProcess=0x304, hModule=0x6d3f0000, lpmodinfo=0x27ec890, cb=0xc | out: lpmodinfo=0x27ec890*(lpBaseOfDll=0x6d3f0000, SizeOfImage=0xfb000, EntryPoint=0x6d4017e1)) returned 1 [0194.644] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.644] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d3f0000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0194.647] CoTaskMemFree (pv=0x4eb248) [0194.647] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.647] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d3f0000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0194.649] CoTaskMemFree (pv=0x4eb248) [0194.649] GetModuleInformation (in: hProcess=0x304, hModule=0x6c620000, lpmodinfo=0x27ee9cc, cb=0xc | out: lpmodinfo=0x27ee9cc*(lpBaseOfDll=0x6c620000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0194.652] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.652] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6c620000, lpBaseName=0x4eb248, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0194.654] CoTaskMemFree (pv=0x4eb248) [0194.654] CoTaskMemAlloc (cb=0x804) returned 0x4eb248 [0194.654] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6c620000, lpFilename=0x4eb248, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0194.656] CoTaskMemFree (pv=0x4eb248) [0194.656] CloseHandle (hObject=0x304) returned 1 [0194.674] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0194.674] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0194.674] lstrlenA (lpString="ActivateActCtx") returned 14 [0194.674] lstrlenA (lpString="AddAtomA") returned 8 [0194.675] lstrlenA (lpString="AddAtomW") returned 8 [0194.675] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0194.678] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0194.678] lstrlenA (lpString="AddDllDirectory") returned 15 [0194.678] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0194.678] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0194.679] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0194.679] lstrlenA (lpString="AddRefActCtx") returned 12 [0194.679] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0194.679] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0194.679] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0194.680] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0194.680] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0194.680] lstrlenA (lpString="AllocConsole") returned 12 [0194.680] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0194.680] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0194.680] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0194.681] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0194.681] lstrlenA (lpString="AreFileApisANSI") returned 15 [0194.681] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0194.681] lstrlenA (lpString="AttachConsole") returned 13 [0194.681] lstrlenA (lpString="BackupRead") returned 10 [0194.681] lstrlenA (lpString="BackupSeek") returned 10 [0194.682] lstrlenA (lpString="BackupWrite") returned 11 [0194.682] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0194.682] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0194.682] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0194.682] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0194.683] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0194.683] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0194.683] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0194.683] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0194.683] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0194.683] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0194.684] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0194.684] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0194.684] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0194.684] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0194.684] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0194.685] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0194.685] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0194.685] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0194.685] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0194.685] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0194.685] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0194.685] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0194.686] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0194.686] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0194.686] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0194.686] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0194.686] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0194.686] lstrlenA (lpString="Beep") returned 4 [0194.686] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0194.687] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0194.687] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0194.687] lstrlenA (lpString="BuildCommDCBA") returned 13 [0194.687] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0194.687] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0194.687] lstrlenA (lpString="BuildCommDCBW") returned 13 [0194.687] lstrlenA (lpString="CallNamedPipeA") returned 14 [0194.688] lstrlenA (lpString="CallNamedPipeW") returned 14 [0194.688] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0194.688] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0194.688] lstrlenA (lpString="CancelIo") returned 8 [0194.689] lstrlenA (lpString="CancelIoEx") returned 10 [0194.689] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0194.689] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0194.689] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0194.689] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0194.689] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0194.690] lstrlenA (lpString="CheckElevation") returned 14 [0194.690] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0194.690] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0194.690] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0194.690] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0194.690] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0194.691] lstrlenA (lpString="ClearCommBreak") returned 14 [0194.691] lstrlenA (lpString="ClearCommError") returned 14 [0194.691] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0194.691] lstrlenA (lpString="CloseHandle") returned 11 [0194.691] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0194.692] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0194.692] lstrlenA (lpString="CloseThreadpool") returned 15 [0194.692] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0194.692] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0194.692] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0194.692] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0194.693] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0194.693] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0194.693] lstrlenA (lpString="CmdBatNotification") returned 18 [0194.693] lstrlenA (lpString="CommConfigDialogA") returned 17 [0194.693] lstrlenA (lpString="CommConfigDialogW") returned 17 [0194.693] lstrlenA (lpString="CompareCalendarDates") returned 20 [0194.693] lstrlenA (lpString="CompareFileTime") returned 15 [0194.694] lstrlenA (lpString="CompareStringA") returned 14 [0194.694] lstrlenA (lpString="CompareStringEx") returned 15 [0194.694] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0194.694] lstrlenA (lpString="CompareStringW") returned 14 [0194.694] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0194.694] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0194.695] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0194.695] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0194.695] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0194.695] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0194.695] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0194.695] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0194.695] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0194.696] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0194.696] lstrlenA (lpString="CopyContext") returned 11 [0194.696] lstrlenA (lpString="CopyFileA") returned 9 [0194.696] lstrlenA (lpString="CopyFileExA") returned 11 [0194.696] lstrlenA (lpString="CopyFileExW") returned 11 [0194.696] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0194.696] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0194.697] lstrlenA (lpString="CopyFileW") returned 9 [0194.697] lstrlenA (lpString="CopyLZFile") returned 10 [0194.697] lstrlenA (lpString="CreateActCtxA") returned 13 [0194.697] lstrlenA (lpString="CreateActCtxW") returned 13 [0194.697] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0194.697] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0194.698] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0194.698] lstrlenA (lpString="CreateDirectoryA") returned 16 [0194.698] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0194.698] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0194.698] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0194.698] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0194.698] lstrlenA (lpString="CreateDirectoryW") returned 16 [0194.698] lstrlenA (lpString="CreateEventA") returned 12 [0194.698] lstrlenA (lpString="CreateEventExA") returned 14 [0194.699] lstrlenA (lpString="CreateEventExW") returned 14 [0194.699] lstrlenA (lpString="CreateEventW") returned 12 [0194.699] lstrlenA (lpString="CreateFiber") returned 11 [0194.699] lstrlenA (lpString="CreateFiberEx") returned 13 [0194.699] lstrlenA (lpString="CreateFileA") returned 11 [0194.699] lstrlenA (lpString="CreateFileMappingA") returned 18 [0194.699] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0194.699] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0194.699] lstrlenA (lpString="CreateFileMappingW") returned 18 [0194.699] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0194.700] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0194.700] lstrlenA (lpString="CreateFileW") returned 11 [0194.700] lstrlenA (lpString="CreateHardLinkA") returned 15 [0194.700] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0194.700] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0194.700] lstrlenA (lpString="CreateHardLinkW") returned 15 [0194.700] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0194.700] lstrlenA (lpString="CreateJobObjectA") returned 16 [0194.700] lstrlenA (lpString="CreateJobObjectW") returned 16 [0194.700] lstrlenA (lpString="CreateJobSet") returned 12 [0194.700] lstrlenA (lpString="CreateMailslotA") returned 15 [0194.701] lstrlenA (lpString="CreateMailslotW") returned 15 [0194.701] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0194.701] lstrlenA (lpString="CreateMutexA") returned 12 [0194.701] lstrlenA (lpString="CreateMutexExA") returned 14 [0194.701] lstrlenA (lpString="CreateMutexExW") returned 14 [0194.701] lstrlenA (lpString="CreateMutexW") returned 12 [0194.701] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0194.701] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0194.701] lstrlenA (lpString="CreatePipe") returned 10 [0194.701] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0194.702] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0194.702] lstrlenA (lpString="CreateProcessA") returned 14 [0194.702] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0194.702] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0194.702] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0194.702] lstrlenA (lpString="CreateProcessW") returned 14 [0194.702] lstrlenA (lpString="CreateRemoteThread") returned 18 [0194.702] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0194.702] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0194.703] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0194.703] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0194.703] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0194.703] lstrlenA (lpString="CreateSocketHandle") returned 18 [0194.703] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0194.703] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0194.703] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0194.703] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0194.703] lstrlenA (lpString="CreateTapePartition") returned 19 [0194.703] lstrlenA (lpString="CreateThread") returned 12 [0194.704] lstrlenA (lpString="CreateThreadpool") returned 16 [0194.704] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0194.704] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0194.704] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0194.704] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0194.704] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0194.704] lstrlenA (lpString="CreateTimerQueue") returned 16 [0194.704] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0194.704] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0194.705] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0194.705] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0194.705] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0194.705] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0194.705] lstrlenA (lpString="CtrlRoutine") returned 11 [0194.705] lstrlenA (lpString="DeactivateActCtx") returned 16 [0194.705] lstrlenA (lpString="DebugActiveProcess") returned 18 [0194.705] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0194.706] lstrlenA (lpString="DebugBreak") returned 10 [0194.706] lstrlenA (lpString="DebugBreakProcess") returned 17 [0194.706] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0194.706] lstrlenA (lpString="DecodePointer") returned 13 [0194.706] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0194.706] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0194.706] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0194.706] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0194.706] lstrlenA (lpString="DeleteAtom") returned 10 [0194.707] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0194.707] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0194.707] lstrlenA (lpString="DeleteFiber") returned 11 [0194.707] lstrlenA (lpString="DeleteFileA") returned 11 [0194.707] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0194.707] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0194.707] lstrlenA (lpString="DeleteFileW") returned 11 [0194.707] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0194.707] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0194.707] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0194.707] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0194.708] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0194.708] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0194.708] lstrlenA (lpString="DeviceIoControl") returned 15 [0194.708] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0194.708] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0194.708] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0194.708] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0194.708] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0194.709] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0194.709] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0194.709] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0194.709] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0194.709] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0194.709] lstrlenA (lpString="DuplicateHandle") returned 15 [0194.709] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0194.709] lstrlenA (lpString="EncodePointer") returned 13 [0194.709] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0194.710] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0194.710] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0194.710] lstrlenA (lpString="EnterCriticalSection") returned 20 [0194.710] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0194.710] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0194.710] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0194.710] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0194.710] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0194.710] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0194.710] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0194.711] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0194.711] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0194.749] ResumeThread (hThread=0x634) returned 0x1 [0194.961] CoGetContextToken (in: pToken=0x3cfb10 | out: pToken=0x3cfb10) returned 0x0 [0194.961] CObjectContext::QueryInterface () returned 0x0 [0194.961] CObjectContext::GetCurrentThreadType () returned 0x0 [0194.961] Release () returned 0x0 [0194.964] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x467320*=0xac, lpdwindex=0x3cf9bc | out: lpdwindex=0x3cf9bc) returned 0x0 Thread: id = 73 os_tid = 0xaa0 Thread: id = 74 os_tid = 0xaa4 [0110.264] CoGetContextToken (in: pToken=0xeef76c | out: pToken=0xeef76c) returned 0x800401f0 [0110.264] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0113.027] CertCloseStore (hCertStore=0x506f10, dwFlags=0x0) returned 1 [0113.027] CertFreeCRLContext (pCrlContext=0x4dd018) returned 1 [0113.027] CertFreeCRLContext (pCrlContext=0x5c57368) returned 1 [0113.027] CertFreeCRLContext (pCrlContext=0x4dd018) returned 1 [0113.028] CertFreeCRLContext (pCrlContext=0x4dd068) returned 1 [0113.028] CertFreeCRLContext (pCrlContext=0x505370) returned 1 [0113.028] CertFreeCRLContext (pCrlContext=0x5c573b8) returned 1 [0113.029] CertFreeCRLContext (pCrlContext=0x5c572c8) returned 1 [0116.763] GdipDisposeImage (image=0x6460030) returned 0x0 [0116.765] GdipDisposeImage (image=0x645fce8) returned 0x0 [0116.765] GdipDisposeImage (image=0x645f9a0) returned 0x0 [0116.766] GdipDisposeImage (image=0x645f658) returned 0x0 [0116.766] GdipDisposeImage (image=0x6455848) returned 0x0 [0116.767] GdipDisposeImage (image=0x644f8f0) returned 0x0 [0116.772] GdipDisposeImage (image=0x6447998) returned 0x0 [0116.775] GdipDisposeImage (image=0x6460378) returned 0x0 [0150.468] GdipDisposeImage (image=0x6435800) returned 0x0 [0150.469] GdipDisposeImage (image=0x642f778) returned 0x0 [0150.469] GdipDisposeImage (image=0x64296f0) returned 0x0 [0150.469] GdipDisposeImage (image=0x6423630) returned 0x0 [0150.469] GdipDisposeImage (image=0x641d570) returned 0x0 [0150.469] GdipDisposeImage (image=0x64174b0) returned 0x0 [0150.472] GdipDisposeImage (image=0x64113f0) returned 0x0 [0150.472] GdipDisposeImage (image=0x640b330) returned 0x0 [0150.473] GdipDisposeImage (image=0x6405270) returned 0x0 [0150.473] GdipDisposeImage (image=0x63ff1e8) returned 0x0 [0150.473] GdipDisposeImage (image=0x5f3fab0) returned 0x0 [0150.479] GdipDisposeImage (image=0x5f29118) returned 0x0 [0150.481] GdipDisposeImage (image=0x64606c0) returned 0x0 [0150.484] GdipDisposeImage (image=0x6441910) returned 0x0 [0150.484] GdipDisposeImage (image=0x6460030) returned 0x0 [0150.487] GdipDisposeImage (image=0x645fce8) returned 0x0 [0150.487] GdipDisposeImage (image=0x645f9a0) returned 0x0 [0150.489] GdipDisposeImage (image=0x645f658) returned 0x0 [0150.489] GdipDisposeImage (image=0x6460378) returned 0x0 [0150.495] GdipDisposeImage (image=0x643b888) returned 0x0 [0159.068] CloseHandle (hObject=0x63c) returned 1 [0159.069] CloseHandle (hObject=0x640) returned 1 [0194.399] CloseHandle (hObject=0x644) returned 1 [0194.987] EtwEventUnregister () returned 0x0 [0194.988] EtwEventUnregister () returned 0x0 [0194.988] EtwEventUnregister () returned 0x0 [0194.988] SetWindowLongW (hWnd=0x50064, nIndex=-4, dwNewLong=1998071261) returned 83560462 [0194.991] SetClassLongW (hWnd=0x50064, nIndex=-24, dwNewLong=1998071261) returned 0x4fb07e6 [0194.992] PostMessageW (hWnd=0x50064, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0194.993] GetModuleHandleW (lpModuleName=0x0) returned 0x11e0000 [0194.993] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", hInstance=0x11e0000) returned 0 [0194.996] IsWindow (hWnd=0x60060) returned 1 [0194.998] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74f70000 [0194.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0xeef4ec, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x86oÿ\x10\x86_DþJql÷î", lpUsedDefaultChar=0x0) returned 14 [0194.998] GetProcAddress (hModule=0x74f70000, lpProcName="DefWindowProcW") returned 0x771825dd [0194.999] SetWindowLongW (hWnd=0x60060, nIndex=-4, dwNewLong=1998071261) returned 83560542 [0194.999] SetClassLongW (hWnd=0x60060, nIndex=-24, dwNewLong=1998071261) returned 0x4fb085e [0195.000] IsWindow (hWnd=0x60060) returned 1 [0195.000] DestroyWindow (hWnd=0x60060) returned 0 [0195.001] PostMessageW (hWnd=0x60060, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0195.001] SetConsoleCtrlHandler (HandlerRoutine=0x4fb0836, Add=0) returned 1 [0195.042] GdipDeletePen (pen=0x5ef3190) returned 0x0 [0195.049] GdipDeleteBrush (brush=0x5ea00d8) returned 0x0 [0195.049] GdipDeleteFont (font=0x5ee25c0) returned 0x0 [0195.061] CloseHandle (hObject=0x59c) returned 1 [0195.068] DeleteSecurityContext (phContext=0x26c437c) returned 0x0 [0195.072] setsockopt (s=0x364, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0195.073] closesocket (s=0x364) returned 0 [0195.076] FreeCredentialsHandle (phCredential=0x26c41d0) returned 0x0 [0195.079] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0195.080] closesocket (s=0x27c) returned 0 [0195.080] CloseHandle (hObject=0x280) returned 1 [0195.081] WinHttpCloseHandle (hInternet=0x4d0690) returned 1 [0195.082] CloseHandle (hObject=0x2c4) returned 1 [0195.082] CloseHandle (hObject=0x2c0) returned 1 [0195.083] RegCloseKey (hKey=0x2bc) returned 0x0 [0195.083] CloseHandle (hObject=0x2b8) returned 1 [0195.084] RegCloseKey (hKey=0x2b4) returned 0x0 [0195.084] CloseHandle (hObject=0x2b0) returned 1 [0195.084] RegCloseKey (hKey=0x80000004) returned 0x0 [0195.085] RegCloseKey (hKey=0x2ac) returned 0x0 [0195.086] RegCloseKey (hKey=0x2a8) returned 0x0 [0195.086] CloseHandle (hObject=0x290) returned 1 [0195.087] setsockopt (s=0x378, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0195.087] closesocket (s=0x378) returned 0 [0195.088] CloseHandle (hObject=0x37c) returned 1 [0195.089] setsockopt (s=0x36c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0195.089] closesocket (s=0x36c) returned 0 [0195.090] CloseHandle (hObject=0x374) returned 1 [0195.090] CloseHandle (hObject=0x1f0) returned 1 [0195.090] UnmapViewOfFile (lpBaseAddress=0x290000) returned 1 [0195.091] setsockopt (s=0x284, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0195.091] closesocket (s=0x284) returned 0 [0195.092] CloseHandle (hObject=0x288) returned 1 Thread: id = 75 os_tid = 0xaa8 Thread: id = 76 os_tid = 0xaac Thread: id = 77 os_tid = 0xab0 Thread: id = 78 os_tid = 0xab4 Thread: id = 79 os_tid = 0xab8 [0111.845] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0111.854] ResetEvent (hEvent=0x40) returned 1 Thread: id = 80 os_tid = 0xabc Thread: id = 81 os_tid = 0xac0 Thread: id = 82 os_tid = 0xacc [0136.675] CoGetContextToken (in: pToken=0x605fb24 | out: pToken=0x605fb24) returned 0x0 [0136.676] CObjectContext::QueryInterface () returned 0x0 [0136.676] CObjectContext::GetCurrentThreadType () returned 0x0 [0136.676] Release () returned 0x0 Thread: id = 83 os_tid = 0xad0 [0114.678] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 84 os_tid = 0xad4 [0114.791] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 85 os_tid = 0xad8 Thread: id = 86 os_tid = 0xadc [0117.886] CoGetContextToken (in: pToken=0xdefc2c | out: pToken=0xdefc2c) returned 0x0 [0117.886] CObjectContext::QueryInterface () returned 0x0 [0117.886] CObjectContext::GetCurrentThreadType () returned 0x0 [0117.886] Release () returned 0x0 [0117.886] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 92 os_tid = 0xb10 [0149.639] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0149.640] CoGetContextToken (in: pToken=0x61bf9d4 | out: pToken=0x61bf9d4) returned 0x0 [0149.640] CObjectContext::QueryInterface () returned 0x0 [0149.640] CObjectContext::GetCurrentThreadType () returned 0x0 [0149.640] Release () returned 0x0 [0149.640] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0149.641] CoUninitialize () [0172.009] CoUninitialize () Thread: id = 93 os_tid = 0xb14 Thread: id = 94 os_tid = 0xb18 [0177.375] CoGetContextToken (in: pToken=0x76ef9c4 | out: pToken=0x76ef9c4) returned 0x0 [0177.375] CObjectContext::QueryInterface () returned 0x0 [0177.375] CObjectContext::GetCurrentThreadType () returned 0x0 [0177.375] Release () returned 0x0 Thread: id = 95 os_tid = 0xb1c [0151.857] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 96 os_tid = 0xb20 [0151.980] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 122 os_tid = 0x870 Thread: id = 124 os_tid = 0x34c Process: id = "4" image_name = "installutil.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe" page_root = "0x33f16000" os_pid = "0xb28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xa90" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe\"" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2283 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2284 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2285 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2286 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2287 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2288 start_va = 0x70000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2289 start_va = 0x250000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2290 start_va = 0x1060000 end_va = 0x106bfff monitored = 0 entry_point = 0x1067286 region_type = mapped_file name = "installutil.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe") Region: id = 2291 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2292 start_va = 0x77150000 end_va = 0x772cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2293 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2294 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2295 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2296 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2297 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2298 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2299 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2303 start_va = 0x400000 end_va = 0x439fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2479 start_va = 0xb0000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2480 start_va = 0x74a40000 end_va = 0x74a7efff monitored = 0 entry_point = 0x74a6e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2481 start_va = 0x749e0000 end_va = 0x74a3bfff monitored = 0 entry_point = 0x74a1f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2482 start_va = 0x749d0000 end_va = 0x749d7fff monitored = 0 entry_point = 0x749d20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2483 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2484 start_va = 0x75620000 end_va = 0x7572ffff monitored = 0 entry_point = 0x75633283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2485 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2486 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076e50000" filename = "" Region: id = 2487 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2488 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076d50000" filename = "" Region: id = 2489 start_va = 0x140000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2490 start_va = 0x74b40000 end_va = 0x74b89fff monitored = 1 entry_point = 0x74b42e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 2491 start_va = 0x75620000 end_va = 0x7572ffff monitored = 0 entry_point = 0x75633283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2492 start_va = 0x74dc0000 end_va = 0x74e06fff monitored = 0 entry_point = 0x74dc74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2493 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2494 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2495 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2496 start_va = 0x350000 end_va = 0x3b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2497 start_va = 0x440000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2498 start_va = 0x580000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2499 start_va = 0x767e0000 end_va = 0x7687ffff monitored = 0 entry_point = 0x767f49e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2500 start_va = 0x752c0000 end_va = 0x7536bfff monitored = 0 entry_point = 0x752ca472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2501 start_va = 0x74e10000 end_va = 0x74e28fff monitored = 0 entry_point = 0x74e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2502 start_va = 0x76450000 end_va = 0x7653ffff monitored = 0 entry_point = 0x76460569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2503 start_va = 0x74ca0000 end_va = 0x74cfffff monitored = 0 entry_point = 0x74cba3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2504 start_va = 0x74c90000 end_va = 0x74c9bfff monitored = 0 entry_point = 0x74c910e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2505 start_va = 0x440000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2506 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2507 start_va = 0x74ab0000 end_va = 0x74b3cfff monitored = 1 entry_point = 0x74ac2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 2508 start_va = 0x72cc0000 end_va = 0x72cc2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2509 start_va = 0x76540000 end_va = 0x76596fff monitored = 0 entry_point = 0x76559ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2510 start_va = 0x76ae0000 end_va = 0x76b6ffff monitored = 0 entry_point = 0x76af6343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2511 start_va = 0x74f70000 end_va = 0x7506ffff monitored = 0 entry_point = 0x74f8b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2512 start_va = 0x77120000 end_va = 0x77129fff monitored = 0 entry_point = 0x771236a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2513 start_va = 0x76740000 end_va = 0x767dcfff monitored = 0 entry_point = 0x76773fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2514 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2515 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2516 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2517 start_va = 0x769f0000 end_va = 0x76a4ffff monitored = 0 entry_point = 0x76a0158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2518 start_va = 0x76380000 end_va = 0x7644bfff monitored = 0 entry_point = 0x7638168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2522 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2523 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2524 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2525 start_va = 0x1070000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001070000" filename = "" Region: id = 2526 start_va = 0x73ca0000 end_va = 0x73ca8fff monitored = 0 entry_point = 0x73ca1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2527 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2528 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2529 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2530 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2531 start_va = 0x714a0000 end_va = 0x71c4efff monitored = 1 entry_point = 0x714bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2532 start_va = 0x723e0000 end_va = 0x723f3fff monitored = 0 entry_point = 0x723eac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 2533 start_va = 0x72330000 end_va = 0x723dafff monitored = 0 entry_point = 0x723c5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 2534 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2535 start_va = 0xc0000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2536 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2537 start_va = 0x150000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2538 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2539 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2540 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2541 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2542 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2543 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2544 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2545 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2546 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2547 start_va = 0x6c0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2548 start_va = 0xa20000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 2549 start_va = 0xab0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 2550 start_va = 0xb80000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 2551 start_va = 0xd60000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 2552 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2553 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2554 start_va = 0x2470000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 2555 start_va = 0x470000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2556 start_va = 0x5f0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2557 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2558 start_va = 0x4470000 end_va = 0x456ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004470000" filename = "" Region: id = 2559 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2560 start_va = 0xa20000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 2561 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2562 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2563 start_va = 0x4570000 end_va = 0x483efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2564 start_va = 0x6ec80000 end_va = 0x7008afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 2565 start_va = 0x75370000 end_va = 0x754cbfff monitored = 0 entry_point = 0x753bba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2566 start_va = 0x73bb0000 end_va = 0x73c2ffff monitored = 0 entry_point = 0x73bc37c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2567 start_va = 0xe60000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2568 start_va = 0xe60000 end_va = 0xf3efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e60000" filename = "" Region: id = 2569 start_va = 0x1000000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 2570 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2571 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2572 start_va = 0x74a90000 end_va = 0x74a92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 2573 start_va = 0x72210000 end_va = 0x72298fff monitored = 1 entry_point = 0x72211130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 2574 start_va = 0x76a50000 end_va = 0x76adefff monitored = 0 entry_point = 0x76a53fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2575 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2576 start_va = 0x70a40000 end_va = 0x71494fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 2577 start_va = 0x72060000 end_va = 0x72202fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 2578 start_va = 0x6de10000 end_va = 0x6ec75fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 2579 start_va = 0x72310000 end_va = 0x72322fff monitored = 1 entry_point = 0x7231d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 2580 start_va = 0x4840000 end_va = 0x4b11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 2581 start_va = 0x70220000 end_va = 0x70a37fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 2582 start_va = 0x71f50000 end_va = 0x72054fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 2583 start_va = 0x6d690000 end_va = 0x6de03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 2584 start_va = 0x75730000 end_va = 0x76379fff monitored = 0 entry_point = 0x757b1601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2585 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2586 start_va = 0x73d60000 end_va = 0x73d6afff monitored = 0 entry_point = 0x73d61992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2587 start_va = 0x4b20000 end_va = 0x4c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 2588 start_va = 0x722f0000 end_va = 0x72306fff monitored = 0 entry_point = 0x722f35fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 2589 start_va = 0x73a30000 end_va = 0x73a46fff monitored = 0 entry_point = 0x73a33573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2590 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2591 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2592 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2593 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2594 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2595 start_va = 0x739f0000 end_va = 0x73a2afff monitored = 0 entry_point = 0x739f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2596 start_va = 0x754e0000 end_va = 0x754e4fff monitored = 0 entry_point = 0x754e1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2597 start_va = 0x71d60000 end_va = 0x71f41fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 2598 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2599 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2600 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2601 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2602 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2603 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2604 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2605 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2606 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2607 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2608 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2609 start_va = 0x4b60000 end_va = 0x4b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 2610 start_va = 0x4c30000 end_va = 0x4c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 2611 start_va = 0x4d10000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d10000" filename = "" Region: id = 2612 start_va = 0x73b60000 end_va = 0x73b6dfff monitored = 0 entry_point = 0x73b61235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2613 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2614 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2615 start_va = 0xf70000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 2616 start_va = 0x4c70000 end_va = 0x4caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c70000" filename = "" Region: id = 2617 start_va = 0x4f50000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f50000" filename = "" Region: id = 2618 start_va = 0x50a0000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2619 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2620 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2621 start_va = 0x76880000 end_va = 0x76902fff monitored = 0 entry_point = 0x768823d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2622 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2623 start_va = 0x722b0000 end_va = 0x722e0fff monitored = 1 entry_point = 0x722b12d7 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 2624 start_va = 0x71d00000 end_va = 0x71d5bfff monitored = 0 entry_point = 0x71d22b48 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 2625 start_va = 0x76920000 end_va = 0x76954fff monitored = 0 entry_point = 0x7692145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2626 start_va = 0x754d0000 end_va = 0x754d5fff monitored = 0 entry_point = 0x754d1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2627 start_va = 0x590000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2628 start_va = 0x74aa0000 end_va = 0x74aaafff monitored = 0 entry_point = 0x74aa52a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 2629 start_va = 0x71c90000 end_va = 0x71cf0fff monitored = 0 entry_point = 0x71ccbf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 2630 start_va = 0x71c70000 end_va = 0x71c89fff monitored = 0 entry_point = 0x71c803d0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 2631 start_va = 0x74a80000 end_va = 0x74a8efff monitored = 0 entry_point = 0x74a893d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 2632 start_va = 0x70170000 end_va = 0x70215fff monitored = 0 entry_point = 0x701da2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 2633 start_va = 0x71c50000 end_va = 0x71c67fff monitored = 0 entry_point = 0x71c51335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 2634 start_va = 0x4e10000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e10000" filename = "" Region: id = 2635 start_va = 0x72570000 end_va = 0x725cefff monitored = 0 entry_point = 0x72572134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 2636 start_va = 0x590000 end_va = 0x59efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 2637 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2638 start_va = 0x51a0000 end_va = 0x525ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2744 start_va = 0x70130000 end_va = 0x70164fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custommarshalers.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\CustomMarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\CustomMarshalers.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\custommarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\custommarshalers.ni.dll") Region: id = 2745 start_va = 0x70110000 end_va = 0x70127fff monitored = 1 entry_point = 0x701158de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2746 start_va = 0x680000 end_va = 0x698fff monitored = 1 entry_point = 0x6858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2747 start_va = 0x680000 end_va = 0x698fff monitored = 1 entry_point = 0x6858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2748 start_va = 0x680000 end_va = 0x698fff monitored = 1 entry_point = 0x6858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2749 start_va = 0x680000 end_va = 0x698fff monitored = 1 entry_point = 0x6858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2750 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2758 start_va = 0x630000 end_va = 0x633fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 2759 start_va = 0x6d560000 end_va = 0x6d68ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll") Region: id = 2760 start_va = 0xb20000 end_va = 0xb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 2761 start_va = 0x5380000 end_va = 0x547ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005380000" filename = "" Region: id = 2762 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2763 start_va = 0x7ef50000 end_va = 0x7ef9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef50000" filename = "" Region: id = 2764 start_va = 0x7ef40000 end_va = 0x7ef4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef40000" filename = "" Region: id = 2765 start_va = 0x5050000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 2766 start_va = 0x54b0000 end_va = 0x55affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054b0000" filename = "" Region: id = 2767 start_va = 0x7ef3d000 end_va = 0x7ef3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3d000" filename = "" Region: id = 2768 start_va = 0x700e0000 end_va = 0x70100fff monitored = 1 entry_point = 0x700e98e0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2769 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2770 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2771 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2772 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2853 start_va = 0xfb0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2854 start_va = 0x5490000 end_va = 0x558ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 2855 start_va = 0xbc0000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 2856 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 2857 start_va = 0x7ef3a000 end_va = 0x7ef3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3a000" filename = "" Region: id = 2858 start_va = 0x690000 end_va = 0x694fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 3520 start_va = 0xa60000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3521 start_va = 0x58b0000 end_va = 0x59affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058b0000" filename = "" Region: id = 3522 start_va = 0x7ef37000 end_va = 0x7ef39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef37000" filename = "" Region: id = 3523 start_va = 0x690000 end_va = 0x6a2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 3524 start_va = 0x5260000 end_va = 0x535ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3542 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3543 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3544 start_va = 0x5050000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 3545 start_va = 0x5630000 end_va = 0x566ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005630000" filename = "" Region: id = 3546 start_va = 0x7ef37000 end_va = 0x7ef39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef37000" filename = "" Region: id = 3547 start_va = 0x690000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3548 start_va = 0x4bc0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 3549 start_va = 0x55d0000 end_va = 0x560ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055d0000" filename = "" Region: id = 3550 start_va = 0x5810000 end_va = 0x584ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005810000" filename = "" Region: id = 3551 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 3552 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 3553 start_va = 0x7ef34000 end_va = 0x7ef36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef34000" filename = "" Region: id = 3554 start_va = 0x6a0000 end_va = 0x6a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3555 start_va = 0x690000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3556 start_va = 0x6a0000 end_va = 0x6a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3557 start_va = 0x690000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3558 start_va = 0x690000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3559 start_va = 0x690000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3560 start_va = 0x690000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3561 start_va = 0x690000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3562 start_va = 0x690000 end_va = 0x696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3563 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3564 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3565 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3566 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3567 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3568 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3569 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3570 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 3571 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 3572 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 3575 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3576 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3577 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3578 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3579 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3580 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3581 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3582 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3583 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3584 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3585 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3586 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3587 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3588 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3589 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3590 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3591 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3592 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3593 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3594 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3595 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3596 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3597 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3598 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3599 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3600 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3601 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3602 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3603 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3604 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3605 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3606 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3607 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3608 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3609 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3610 start_va = 0x6d480000 end_va = 0x6d557fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\93d03eb9812405fa70e89d4efd5f7e14\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\93d03eb9812405fa70e89d4efd5f7e14\\system.security.ni.dll") Region: id = 3611 start_va = 0x754f0000 end_va = 0x75610fff monitored = 0 entry_point = 0x754f158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 3612 start_va = 0x74d50000 end_va = 0x74d5bfff monitored = 0 entry_point = 0x74d5238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 3613 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3614 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3615 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3616 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3617 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3618 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3619 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3620 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3621 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3622 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3623 start_va = 0x4ba0000 end_va = 0x4c01fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 3624 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3625 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3626 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3627 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3628 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3629 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3630 start_va = 0x722a0000 end_va = 0x722abfff monitored = 0 entry_point = 0x722a505c region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 3631 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3632 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3633 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3634 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3635 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3636 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3637 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 3638 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 3639 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3640 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3641 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3642 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3643 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3644 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 3645 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 3646 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 3647 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3648 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3649 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3650 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3651 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3652 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3653 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3654 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3655 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3656 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 3657 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3658 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3659 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3660 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 3661 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 3662 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3663 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 3664 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3665 start_va = 0x5a00000 end_va = 0x5a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 3666 start_va = 0x5a70000 end_va = 0x5b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a70000" filename = "" Region: id = 3667 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 3668 start_va = 0xa60000 end_va = 0xa62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 3669 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3670 start_va = 0xa60000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3671 start_va = 0x5b30000 end_va = 0x5c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b30000" filename = "" Region: id = 3672 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 4331 start_va = 0xa60000 end_va = 0xa62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 4332 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 4333 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 4334 start_va = 0x73cc0000 end_va = 0x73cdbfff monitored = 0 entry_point = 0x73cca431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 4335 start_va = 0x73cb0000 end_va = 0x73cb6fff monitored = 0 entry_point = 0x73cb128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 4336 start_va = 0x73ce0000 end_va = 0x73d23fff monitored = 0 entry_point = 0x73cf63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 4337 start_va = 0x5a00000 end_va = 0x5c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 4338 start_va = 0x700d0000 end_va = 0x700dcfff monitored = 0 entry_point = 0x700d2012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 4339 start_va = 0x700b0000 end_va = 0x700c1fff monitored = 0 entry_point = 0x700b3271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 4340 start_va = 0x56c0000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056c0000" filename = "" Region: id = 4341 start_va = 0x5cc0000 end_va = 0x5dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cc0000" filename = "" Region: id = 4342 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 4343 start_va = 0x73c60000 end_va = 0x73c9bfff monitored = 0 entry_point = 0x73c6145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 4344 start_va = 0x73c50000 end_va = 0x73c54fff monitored = 0 entry_point = 0x73c515df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 4345 start_va = 0x73c40000 end_va = 0x73c45fff monitored = 0 entry_point = 0x73c41673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 4346 start_va = 0x73c30000 end_va = 0x73c35fff monitored = 0 entry_point = 0x73c314b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 4347 start_va = 0x73b70000 end_va = 0x73ba7fff monitored = 0 entry_point = 0x73b7990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 4348 start_va = 0x5a00000 end_va = 0x5b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 4349 start_va = 0x5bf0000 end_va = 0x5c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bf0000" filename = "" Region: id = 4350 start_va = 0x58b0000 end_va = 0x58effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058b0000" filename = "" Region: id = 4351 start_va = 0x5dc0000 end_va = 0x5ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dc0000" filename = "" Region: id = 4352 start_va = 0x7ef2e000 end_va = 0x7ef30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef2e000" filename = "" Region: id = 4353 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 4354 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 4355 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 4356 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 4357 start_va = 0x5800000 end_va = 0x5881fff monitored = 0 entry_point = 0x58019a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 4358 start_va = 0x5800000 end_va = 0x5881fff monitored = 0 entry_point = 0x58019a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 4359 start_va = 0x6d3f0000 end_va = 0x6d473fff monitored = 0 entry_point = 0x6d3f19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 4360 start_va = 0x5a00000 end_va = 0x5b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 4361 start_va = 0x5b50000 end_va = 0x5b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 4362 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 4363 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 4364 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 4365 start_va = 0xa60000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 4366 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 4367 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 4368 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 4369 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Thread: id = 97 os_tid = 0xb2c [0196.046] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0196.716] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e4 [0196.718] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1e8 [0196.771] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x34def4 | out: phkResult=0x34def4*=0x1f8) returned 0x0 [0196.773] RegQueryValueExW (in: hKey=0x1f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x34df14, lpData=0x0, lpcbData=0x34df10*=0x0 | out: lpType=0x34df14*=0x1, lpData=0x0, lpcbData=0x34df10*=0xe) returned 0x0 [0196.773] RegQueryValueExW (in: hKey=0x1f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x34df14, lpData=0x247418c, lpcbData=0x34df10*=0xe | out: lpType=0x34df14*=0x1, lpData="Client", lpcbData=0x34df10*=0xe) returned 0x0 [0196.775] RegCloseKey (hKey=0x1f8) returned 0x0 [0196.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x34d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0196.989] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x34d5a8 | out: phkResult=0x34d5a8*=0x0) returned 0x2 [0196.990] RegCloseKey (hKey=0x80000002) returned 0x0 [0197.136] GetCurrentProcess () returned 0xffffffff [0197.137] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34dbe4 | out: TokenHandle=0x34dbe4*=0x40) returned 1 [0197.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x34d69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0197.148] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x34dbdc | out: lpFileInformation=0x34dbdc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0197.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x34d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0197.151] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x34dbe4 | out: lpFileInformation=0x34dbe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0197.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x34d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0197.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34db1c) returned 1 [0197.154] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8 [0197.155] GetFileType (hFile=0x1f8) returned 0x1 [0197.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34db18) returned 1 [0197.155] GetFileType (hFile=0x1f8) returned 0x1 [0197.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x34ce58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0197.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x34cebc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0197.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34d0fc) returned 1 [0197.198] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x34d3c0 | out: lpFileInformation=0x34d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0197.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d0f8) returned 1 [0197.290] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x34d28c | out: pfEnabled=0x34d28c) returned 0x0 [0197.342] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x34dbd8 | out: lpFileSizeHigh=0x34dbd8*=0x0) returned 0x8c8e [0197.343] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34db94, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34db94*=0x1000, lpOverlapped=0x0) returned 1 [0197.358] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34da44, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34da44*=0x1000, lpOverlapped=0x0) returned 1 [0197.360] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d8f8, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d8f8*=0x1000, lpOverlapped=0x0) returned 1 [0197.361] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d8f8, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d8f8*=0x1000, lpOverlapped=0x0) returned 1 [0197.361] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d8f8, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d8f8*=0x1000, lpOverlapped=0x0) returned 1 [0197.362] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d830, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d830*=0x1000, lpOverlapped=0x0) returned 1 [0197.369] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d99c, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d99c*=0x1000, lpOverlapped=0x0) returned 1 [0197.371] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d890, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d890*=0x1000, lpOverlapped=0x0) returned 1 [0197.371] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d890, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d890*=0xc8e, lpOverlapped=0x0) returned 1 [0197.371] ReadFile (in: hFile=0x1f8, lpBuffer=0x249f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34d954, lpOverlapped=0x0 | out: lpBuffer=0x249f944*, lpNumberOfBytesRead=0x34d954*=0x0, lpOverlapped=0x0) returned 1 [0197.372] CloseHandle (hObject=0x1f8) returned 1 [0197.372] CloseHandle (hObject=0x40) returned 1 [0197.373] GetCurrentProcess () returned 0xffffffff [0197.373] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34dd30 | out: TokenHandle=0x34dd30*=0x40) returned 1 [0197.374] CloseHandle (hObject=0x40) returned 1 [0197.374] GetCurrentProcess () returned 0xffffffff [0197.375] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34dd30 | out: TokenHandle=0x34dd30*=0x40) returned 1 [0197.375] CloseHandle (hObject=0x40) returned 1 [0197.382] GetCurrentProcess () returned 0xffffffff [0197.382] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34dbe4 | out: TokenHandle=0x34dbe4*=0x40) returned 1 [0197.383] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x34dbdc | out: lpFileInformation=0x34dbdc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6823800, ftCreationTime.dwHighDateTime=0x1cd5d46, ftLastAccessTime.dwLowDateTime=0x70169cf0, ftLastAccessTime.dwHighDateTime=0x1d706ad, ftLastWriteTime.dwLowDateTime=0xe6823800, ftLastWriteTime.dwHighDateTime=0x1cd5d46, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0197.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x34d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0197.383] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x34dbe4 | out: lpFileInformation=0x34dbe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6823800, ftCreationTime.dwHighDateTime=0x1cd5d46, ftLastAccessTime.dwLowDateTime=0x70169cf0, ftLastAccessTime.dwHighDateTime=0x1d706ad, ftLastWriteTime.dwLowDateTime=0xe6823800, ftLastWriteTime.dwHighDateTime=0x1cd5d46, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0197.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x34d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0197.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34db1c) returned 1 [0197.384] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8 [0197.384] GetFileType (hFile=0x1f8) returned 0x1 [0197.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34db18) returned 1 [0197.384] GetFileType (hFile=0x1f8) returned 0x1 [0197.385] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x34dbd8 | out: lpFileSizeHigh=0x34dbd8*=0x0) returned 0xb6 [0197.385] ReadFile (in: hFile=0x1f8, lpBuffer=0x24b8024, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34db94, lpOverlapped=0x0 | out: lpBuffer=0x24b8024*, lpNumberOfBytesRead=0x34db94*=0xb6, lpOverlapped=0x0) returned 1 [0197.390] ReadFile (in: hFile=0x1f8, lpBuffer=0x24b8024, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34da58, lpOverlapped=0x0 | out: lpBuffer=0x24b8024*, lpNumberOfBytesRead=0x34da58*=0x0, lpOverlapped=0x0) returned 1 [0197.390] CloseHandle (hObject=0x1f8) returned 1 [0197.391] CloseHandle (hObject=0x40) returned 1 [0197.391] GetCurrentProcess () returned 0xffffffff [0197.391] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34dd30 | out: TokenHandle=0x34dd30*=0x40) returned 1 [0197.392] CloseHandle (hObject=0x40) returned 1 [0197.393] GetCurrentProcess () returned 0xffffffff [0197.393] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34dd30 | out: TokenHandle=0x34dd30*=0x40) returned 1 [0197.394] CloseHandle (hObject=0x40) returned 1 [0197.414] GetCurrentProcess () returned 0xffffffff [0197.414] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34db48 | out: TokenHandle=0x34db48*=0x40) returned 1 [0197.444] CloseHandle (hObject=0x40) returned 1 [0197.444] GetCurrentProcess () returned 0xffffffff [0197.445] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34db60 | out: TokenHandle=0x34db60*=0x40) returned 1 [0197.446] CloseHandle (hObject=0x40) returned 1 [0197.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc0 | out: phkResult=0x34ecc0*=0x40) returned 0x0 [0197.473] RegQueryValueExW (in: hKey=0x40, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x34ecdc, lpData=0x0, lpcbData=0x34ecd8*=0x0 | out: lpType=0x34ecdc*=0x0, lpData=0x0, lpcbData=0x34ecd8*=0x0) returned 0x2 [0197.473] RegCloseKey (hKey=0x40) returned 0x0 [0197.478] GetCurrentProcessId () returned 0xb28 [0197.507] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x34e55c | out: lpLuid=0x34e55c*(LowPart=0x14, HighPart=0)) returned 1 [0197.511] GetCurrentProcess () returned 0xffffffff [0197.511] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x34e558 | out: TokenHandle=0x34e558*=0x238) returned 1 [0197.512] AdjustTokenPrivileges (in: TokenHandle=0x238, DisableAllPrivileges=0, NewState=0x24be2c4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0197.512] CloseHandle (hObject=0x238) returned 1 [0197.529] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.542] EnumProcessModules (in: hProcess=0x238, lphModule=0x24be308, cb=0x100, lpcbNeeded=0x34eccc | out: lphModule=0x24be308, lpcbNeeded=0x34eccc) returned 1 [0197.544] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24be448, cb=0xc | out: lpmodinfo=0x24be448*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.546] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.546] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.547] CoTaskMemFree (pv=0x1ec6e0) [0197.548] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.548] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.549] CoTaskMemFree (pv=0x1ec6e0) [0197.549] CloseHandle (hObject=0x238) returned 1 [0197.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x0) returned 0x2 [0197.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.552] RegQueryValueExW (in: hKey=0x238, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.552] RegCloseKey (hKey=0x238) returned 0x0 [0197.553] GetCurrentProcessId () returned 0xb28 [0197.553] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.553] EnumProcessModules (in: hProcess=0x238, lphModule=0x24c0ecc, cb=0x100, lpcbNeeded=0x34eccc | out: lphModule=0x24c0ecc, lpcbNeeded=0x34eccc) returned 1 [0197.554] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24c100c, cb=0xc | out: lpmodinfo=0x24c100c*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.555] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.555] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.556] CoTaskMemFree (pv=0x1ec6e0) [0197.556] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.556] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.556] CoTaskMemFree (pv=0x1ec6e0) [0197.556] CloseHandle (hObject=0x238) returned 1 [0197.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x0) returned 0x2 [0197.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.557] RegQueryValueExW (in: hKey=0x238, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.557] RegCloseKey (hKey=0x238) returned 0x0 [0197.558] GetCurrentProcessId () returned 0xb28 [0197.558] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.558] EnumProcessModules (in: hProcess=0x238, lphModule=0x24c3ab0, cb=0x100, lpcbNeeded=0x34eccc | out: lphModule=0x24c3ab0, lpcbNeeded=0x34eccc) returned 1 [0197.559] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24c3bf0, cb=0xc | out: lpmodinfo=0x24c3bf0*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.560] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.560] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.560] CoTaskMemFree (pv=0x1ec6e0) [0197.560] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.560] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.561] CoTaskMemFree (pv=0x1ec6e0) [0197.561] CloseHandle (hObject=0x238) returned 1 [0197.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x0) returned 0x2 [0197.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.562] RegQueryValueExW (in: hKey=0x238, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.562] RegCloseKey (hKey=0x238) returned 0x0 [0197.563] GetCurrentProcessId () returned 0xb28 [0197.563] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.563] EnumProcessModules (in: hProcess=0x238, lphModule=0x24c673c, cb=0x100, lpcbNeeded=0x34eccc | out: lphModule=0x24c673c, lpcbNeeded=0x34eccc) returned 1 [0197.564] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24c687c, cb=0xc | out: lpmodinfo=0x24c687c*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.564] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.565] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.565] CoTaskMemFree (pv=0x1ec6e0) [0197.565] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.565] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.565] CoTaskMemFree (pv=0x1ec6e0) [0197.565] CloseHandle (hObject=0x238) returned 1 [0197.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x0) returned 0x2 [0197.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.567] RegQueryValueExW (in: hKey=0x238, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.567] RegCloseKey (hKey=0x238) returned 0x0 [0197.567] GetCurrentProcessId () returned 0xb28 [0197.568] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.568] EnumProcessModules (in: hProcess=0x238, lphModule=0x24c9180, cb=0x100, lpcbNeeded=0x34eccc | out: lphModule=0x24c9180, lpcbNeeded=0x34eccc) returned 1 [0197.569] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24c92c0, cb=0xc | out: lpmodinfo=0x24c92c0*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.569] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.569] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.570] CoTaskMemFree (pv=0x1ec6e0) [0197.570] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.570] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.570] CoTaskMemFree (pv=0x1ec6e0) [0197.570] CloseHandle (hObject=0x238) returned 1 [0197.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x0) returned 0x2 [0197.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.571] RegQueryValueExW (in: hKey=0x238, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.571] RegCloseKey (hKey=0x238) returned 0x0 [0197.572] GetCurrentProcessId () returned 0xb28 [0197.572] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.572] EnumProcessModules (in: hProcess=0x238, lphModule=0x24cbba8, cb=0x100, lpcbNeeded=0x34eccc | out: lphModule=0x24cbba8, lpcbNeeded=0x34eccc) returned 1 [0197.573] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24cbce8, cb=0xc | out: lpmodinfo=0x24cbce8*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.574] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.574] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.574] CoTaskMemFree (pv=0x1ec6e0) [0197.574] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.574] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.574] CoTaskMemFree (pv=0x1ec6e0) [0197.575] CloseHandle (hObject=0x238) returned 1 [0197.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x0) returned 0x2 [0197.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.576] RegQueryValueExW (in: hKey=0x238, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.576] RegCloseKey (hKey=0x238) returned 0x0 [0197.590] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.590] RegQueryValueExW (in: hKey=0x238, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.590] RegCloseKey (hKey=0x238) returned 0x0 [0197.591] GetCurrentProcessId () returned 0xb28 [0197.591] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.591] EnumProcessModules (in: hProcess=0x238, lphModule=0x24cf4e8, cb=0x100, lpcbNeeded=0x34ecc8 | out: lphModule=0x24cf4e8, lpcbNeeded=0x34ecc8) returned 1 [0197.593] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24cf628, cb=0xc | out: lpmodinfo=0x24cf628*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.593] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.593] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.594] CoTaskMemFree (pv=0x1ec6e0) [0197.594] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.594] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.594] CoTaskMemFree (pv=0x1ec6e0) [0197.594] CloseHandle (hObject=0x238) returned 1 [0197.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.595] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc0 | out: phkResult=0x34ecc0*=0x0) returned 0x2 [0197.595] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc0 | out: phkResult=0x34ecc0*=0x238) returned 0x0 [0197.596] RegQueryValueExW (in: hKey=0x238, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x34ecdc, lpData=0x0, lpcbData=0x34ecd8*=0x0 | out: lpType=0x34ecdc*=0x0, lpData=0x0, lpcbData=0x34ecd8*=0x0) returned 0x2 [0197.596] RegCloseKey (hKey=0x238) returned 0x0 [0197.597] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc4 | out: phkResult=0x34ecc4*=0x238) returned 0x0 [0197.597] RegQueryValueExW (in: hKey=0x238, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x34ece0, lpData=0x0, lpcbData=0x34ecdc*=0x0 | out: lpType=0x34ece0*=0x0, lpData=0x0, lpcbData=0x34ecdc*=0x0) returned 0x2 [0197.597] RegCloseKey (hKey=0x238) returned 0x0 [0197.599] GetCurrentProcessId () returned 0xb28 [0197.600] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x238 [0197.600] EnumProcessModules (in: hProcess=0x238, lphModule=0x24d2300, cb=0x100, lpcbNeeded=0x34ecc8 | out: lphModule=0x24d2300, lpcbNeeded=0x34ecc8) returned 1 [0197.601] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x24d2440, cb=0xc | out: lpmodinfo=0x24d2440*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0197.602] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.602] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x1ec6e0, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0197.602] CoTaskMemFree (pv=0x1ec6e0) [0197.602] CoTaskMemAlloc (cb=0x804) returned 0x1ec6e0 [0197.602] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x1ec6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0197.603] CoTaskMemFree (pv=0x1ec6e0) [0197.603] CloseHandle (hObject=0x238) returned 1 [0197.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0197.604] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc0 | out: phkResult=0x34ecc0*=0x0) returned 0x2 [0197.604] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x34ecc0 | out: phkResult=0x34ecc0*=0x238) returned 0x0 [0197.605] RegQueryValueExW (in: hKey=0x238, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x34ecdc, lpData=0x0, lpcbData=0x34ecd8*=0x0 | out: lpType=0x34ecdc*=0x0, lpData=0x0, lpcbData=0x34ecd8*=0x0) returned 0x2 [0197.605] RegCloseKey (hKey=0x238) returned 0x0 [0197.816] GetCurrentProcessId () returned 0xb28 [0197.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3479540, Length=0x20000, ResultLength=0x34ed40 | out: SystemInformation=0x3479540, ResultLength=0x34ed40*=0xc360) returned 0x0 [0197.840] GetCurrentProcessId () returned 0xb28 [0197.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3479540, Length=0x20000, ResultLength=0x34ed30 | out: SystemInformation=0x3479540, ResultLength=0x34ed30*=0xc360) returned 0x0 [0198.054] CreateBindCtx (in: reserved=0x0, ppbc=0x34ed10 | out: ppbc=0x34ed10*=0x197d70) returned 0x0 [0198.055] IUnknown:QueryInterface (in: This=0x197d70, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e7cc | out: ppvObject=0x34e7cc*=0x197d70) returned 0x0 [0198.059] IUnknown:QueryInterface (in: This=0x197d70, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e780 | out: ppvObject=0x34e780*=0x0) returned 0x80004002 [0198.059] IUnknown:QueryInterface (in: This=0x197d70, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e5a8 | out: ppvObject=0x34e5a8*=0x0) returned 0x80004002 [0198.059] IUnknown:AddRef (This=0x197d70) returned 0x3 [0198.059] IUnknown:QueryInterface (in: This=0x197d70, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34e0dc | out: ppvObject=0x34e0dc*=0x0) returned 0x80004002 [0198.059] IUnknown:QueryInterface (in: This=0x197d70, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34e08c | out: ppvObject=0x34e08c*=0x0) returned 0x80004002 [0198.060] IUnknown:QueryInterface (in: This=0x197d70, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e098 | out: ppvObject=0x34e098*=0x0) returned 0x80004002 [0198.060] CoGetContextToken (in: pToken=0x34e0f8 | out: pToken=0x34e0f8) returned 0x0 [0198.060] CObjectContext::QueryInterface () returned 0x0 [0198.062] CObjectContext::GetCurrentApartmentType () returned 0x0 [0198.062] Release () returned 0x0 [0198.063] CoGetObjectContext (in: riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1ee0fc | out: ppv=0x1ee0fc*=0x1a2880) returned 0x0 [0198.094] CoGetContextToken (in: pToken=0x34e50c | out: pToken=0x34e50c) returned 0x0 [0198.094] IUnknown:QueryInterface (in: This=0x197d70, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e58c | out: ppvObject=0x34e58c*=0x0) returned 0x80004002 [0198.094] IUnknown:Release (This=0x197d70) returned 0x2 [0198.095] CoGetContextToken (in: pToken=0x34eadc | out: pToken=0x34eadc) returned 0x0 [0198.095] CoGetContextToken (in: pToken=0x34ea3c | out: pToken=0x34ea3c) returned 0x0 [0198.095] IUnknown:QueryInterface (in: This=0x197d70, riid=0x34eb0c*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb08 | out: ppvObject=0x34eb08*=0x197d70) returned 0x0 [0198.095] IUnknown:AddRef (This=0x197d70) returned 0x4 [0198.095] IUnknown:Release (This=0x197d70) returned 0x3 [0198.096] IUnknown:Release (This=0x197d70) returned 0x2 [0198.097] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0198.097] IUnknown:AddRef (This=0x197d70) returned 0x3 [0198.097] MkParseDisplayName (in: pbc=0x197d70, szUserName="WinMgmts:", pchEaten=0x34ed44, ppmk=0x34ecfc | out: pchEaten=0x34ed44, ppmk=0x34ecfc*=0x20e760) returned 0x0 [0198.641] malloc (_Size=0x80) returned 0x552de8 [0198.646] DllGetClassObject (in: rclsid=0x21037c*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x34e930*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34dfe8 | out: ppv=0x34dfe8*=0x0) returned 0x80004002 [0198.646] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0810 [0198.646] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0198.647] DllGetClassObject (in: rclsid=0x21037c*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x753bee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34eaf0 | out: ppv=0x34eaf0*=0x5b0810) returned 0x0 [0198.647] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0810 [0198.647] WinMGMTS:IClassFactory:CreateInstance (in: This=0x5b0810, pUnkOuter=0x0, riid=0x753bf084*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea9c | out: ppvObject=0x34ea9c*=0x5b0850) returned 0x0 [0198.647] GetVersionExW (in: lpVersionInformation=0x34e8e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7f, dwMinorVersion=0x36b7, dwBuildNumber=0x3, dwPlatformId=0x34e94c, szCSDVersion="堡畣\x08쀕") | out: lpVersionInformation=0x34e8e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0198.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x278) returned 0x0 [0198.648] RegQueryValueExW (in: hKey=0x278, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x34e8e4, lpcbData=0x34e8e0*=0x4 | out: lpType=0x0, lpData=0x34e8e4*=0x3, lpcbData=0x34e8e0*=0x4) returned 0x0 [0198.648] RegCloseKey (hKey=0x278) returned 0x0 [0198.648] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0828 [0198.648] GetSystemDirectoryW (in: lpBuffer=0x5b0828, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0198.648] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x767e0000 [0198.650] GetProcAddress (hModule=0x767e0000, lpProcName="DuplicateTokenEx") returned 0x767eca24 [0198.650] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0198.650] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0828 [0198.651] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0850 [0198.651] WinMGMTS:IUnknown:Release (This=0x5b0810) returned 0x0 [0198.651] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0198.651] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x5b0850, pbc=0x197d70, pszDisplayName="WinMgmts:", pchEaten=0x34ecb4, ppmkOut=0x34ecb8 | out: pchEaten=0x34ecb4*=0x9, ppmkOut=0x34ecb8*=0x20e760) returned 0x0 [0198.651] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0198.653] IBindCtx:GetObjectParam (in: This=0x197d70, pszKey="WmiObject", ppunk=0x34ebbc | out: ppunk=0x34ebbc*=0x0) returned 0x80004005 [0198.653] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0860 [0198.653] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0198.653] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0880 [0198.653] CoCreateInstance (in: rclsid=0x722b42b0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x722b42a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5b0898 | out: ppv=0x5b0898*=0x1eea58) returned 0x0 [0199.086] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b08e8 [0199.086] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0950 [0199.086] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b09b0 [0199.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0199.086] GetCurrentThreadId () returned 0xb2c [0199.087] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0199.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0199.087] GetCurrentThreadId () returned 0xb2c [0199.087] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x34eaa4 | out: phkResult=0x34eaa4*=0x28c) returned 0x0 [0199.087] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x34eaac*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x34eaac*=0x16) returned 0x0 [0199.087] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b09d0 [0199.087] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x5b09d0, lpcbData=0x34eaac*=0x16 | out: lpType=0x0, lpData=0x5b09d0*=0x72, lpcbData=0x34eaac*=0x16) returned 0x0 [0199.088] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b09f0 [0199.088] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0199.088] RegCloseKey (hKey=0x28c) returned 0x0 [0199.088] CoCreateInstance (in: rclsid=0x722b53b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x722b50dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x34ead8 | out: ppv=0x34ead8*=0x1e97e0) returned 0x0 [0199.249] SysStringLen (param_1=".") returned 0x1 [0199.249] WbemDefPath:IWbemPath:SetServer (This=0x1e97e0, Name=".") returned 0x0 [0199.250] CoCreateInstance (in: rclsid=0x722b53b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x722b50dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x34ea90 | out: ppv=0x34ea90*=0x1e9850) returned 0x0 [0199.250] CoCreateInstance (in: rclsid=0x722b53b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x722b50dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x34ea34 | out: ppv=0x34ea34*=0x1e98c0) returned 0x0 [0199.250] WbemDefPath:IWbemPath:SetText (This=0x1e98c0, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0199.250] WbemDefPath:IUnknown:Release (This=0x1e98c0) returned 0x0 [0199.250] SysStringLen (param_1="root\\cimv2") returned 0xa [0199.250] WbemDefPath:IWbemPath:SetText (This=0x1e9850, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0199.250] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9850, puCount=0x34eaa0 | out: puCount=0x34eaa0*=0x2) returned 0x0 [0199.250] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x1e97e0) returned 0x0 [0199.250] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x1e9850, uIndex=0x0, puNameBufLength=0x34ea68*=0x0, pName=0x0 | out: puNameBufLength=0x34ea68*=0x5, pName=0x0) returned 0x0 [0199.250] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0810 [0199.251] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x1e9850, uIndex=0x0, puNameBufLength=0x34ea68*=0x5, pName="৐[Ä[\x03" | out: puNameBufLength=0x34ea68*=0x5, pName="root") returned 0x0 [0199.251] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0199.251] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x1e97e0, uIndex=0x0, pszName="root") returned 0x0 [0199.251] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x1e9850, uIndex=0x1, puNameBufLength=0x34ea68*=0x0, pName=0x0 | out: puNameBufLength=0x34ea68*=0x6, pName=0x0) returned 0x0 [0199.251] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0810 [0199.251] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x1e9850, uIndex=0x1, puNameBufLength=0x34ea68*=0x6, pName="৐[Ä[" | out: puNameBufLength=0x34ea68*=0x6, pName="cimv2") returned 0x0 [0199.252] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0199.252] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x1e97e0, uIndex=0x1, pszName="cimv2") returned 0x0 [0199.252] WbemDefPath:IUnknown:Release (This=0x1e9850) returned 0x0 [0199.252] WbemDefPath:IWbemPath:GetText (in: This=0x1e97e0, lFlags=4, puBuffLength=0x34eabc*=0x0, pszText=0x0 | out: puBuffLength=0x34eabc*=0xf, pszText=0x0) returned 0x0 [0199.252] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0a10 [0199.252] WbemDefPath:IWbemPath:GetText (in: This=0x1e97e0, lFlags=4, puBuffLength=0x34eabc*=0xf, pszText="Ä[৐[" | out: puBuffLength=0x34eabc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.253] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0199.253] WbemDefPath:IUnknown:Release (This=0x1e97e0) returned 0x0 [0199.253] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1eea58, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x34eb44 | out: ppNamespace=0x34eb44*=0x211a18) returned 0x0 [0200.035] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0a10 [0200.035] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0a80 [0200.035] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0ae0 [0200.035] WbemLocator:IUnknown:QueryInterface (in: This=0x211a18, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea14 | out: ppvObject=0x34ea14*=0x214e34) returned 0x0 [0200.035] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x214e34, pProxy=0x211a18, pAuthnSvc=0x34ea04, pAuthzSvc=0x34ea08, pServerPrincName=0x0, pAuthnLevel=0x34ea30, pImpLevel=0x34ea2c, pAuthInfo=0x0, pCapabilites=0x34ea1c | out: pAuthnSvc=0x34ea04*=0xa, pAuthzSvc=0x34ea08*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34ea30*=0x6, pImpLevel=0x34ea2c*=0x2, pAuthInfo=0x0, pCapabilites=0x34ea1c*=0x1) returned 0x0 [0200.035] WbemLocator:IUnknown:Release (This=0x214e34) returned 0x1 [0200.035] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.036] GetCurrentThreadId () returned 0xb2c [0200.036] WbemLocator:IUnknown:QueryInterface (in: This=0x211a18, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea44 | out: ppvObject=0x34ea44*=0x214e34) returned 0x0 [0200.036] WbemLocator:IClientSecurity:CopyProxy (in: This=0x214e34, pProxy=0x211a18, ppCopy=0x34ea48 | out: ppCopy=0x34ea48*=0x211ab8) returned 0x0 [0200.036] WbemLocator:IUnknown:QueryInterface (in: This=0x211ab8, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e960 | out: ppvObject=0x34e960*=0x214e34) returned 0x0 [0200.036] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x214e34, pProxy=0x211ab8, pAuthnSvc=0x34e984, pAuthzSvc=0x34e974, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x34e984*=0xa, pAuthzSvc=0x34e974*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0200.037] WbemLocator:IUnknown:Release (This=0x214e34) returned 0x3 [0200.037] WbemLocator:IUnknown:QueryInterface (in: This=0x211ab8, riid=0x722b34f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e938 | out: ppvObject=0x34e938*=0x214e54) returned 0x0 [0200.037] WbemLocator:IUnknown:QueryInterface (in: This=0x211ab8, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e93c | out: ppvObject=0x34e93c*=0x214e34) returned 0x0 [0200.037] WbemLocator:IClientSecurity:SetBlanket (This=0x214e34, pProxy=0x211ab8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.037] WbemLocator:IUnknown:Release (This=0x214e34) returned 0x4 [0200.037] WbemLocator:IUnknown:Release (This=0x214e54) returned 0x3 [0200.037] WbemLocator:IUnknown:Release (This=0x214e34) returned 0x2 [0200.037] WbemLocator:IUnknown:AddRef (This=0x211ab8) returned 0x3 [0200.038] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0b98 [0200.038] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b09d0 [0200.038] WbemLocator:IUnknown:Release (This=0x211a18) returned 0x2 [0200.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.038] GetCurrentThreadId () returned 0xb2c [0200.038] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.038] GetCurrentThreadId () returned 0xb2c [0200.038] WbemLocator:IUnknown:QueryInterface (in: This=0x211ab8, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb08 | out: ppvObject=0x34eb08*=0x214e34) returned 0x0 [0200.038] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x214e34, pProxy=0x211ab8, pAuthnSvc=0x34eaf8, pAuthzSvc=0x34eafc, pServerPrincName=0x0, pAuthnLevel=0x34eb28, pImpLevel=0x34eb2c, pAuthInfo=0x0, pCapabilites=0x34eb10 | out: pAuthnSvc=0x34eaf8*=0xa, pAuthzSvc=0x34eafc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34eb28*=0x6, pImpLevel=0x34eb2c*=0x3, pAuthInfo=0x0, pCapabilites=0x34eb10*=0x20) returned 0x0 [0200.038] WbemLocator:IUnknown:Release (This=0x214e34) returned 0x2 [0200.039] CreatePointerMoniker (in: punk=0x5b0a10, ppmk=0x34ecb8 | out: ppmk=0x34ecb8*=0x20e760) returned 0x0 [0200.039] IUnknown:AddRef (This=0x5b0a10) returned 0x2 [0200.039] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0200.039] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0200.039] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0200.040] WbemLocator:IUnknown:Release (This=0x1eea58) returned 0x0 [0200.040] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0200.040] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0200.040] WinMGMTS:IUnknown:Release (This=0x5b0850) returned 0x0 [0200.040] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0200.042] IUnknown:QueryInterface (in: This=0x20e760, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e7c0 | out: ppvObject=0x34e7c0*=0x20e760) returned 0x0 [0200.042] IUnknown:QueryInterface (in: This=0x20e760, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e774 | out: ppvObject=0x34e774*=0x0) returned 0x80004002 [0200.042] IUnknown:QueryInterface (in: This=0x20e760, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e59c | out: ppvObject=0x34e59c*=0x0) returned 0x80004002 [0200.043] IUnknown:AddRef (This=0x20e760) returned 0x3 [0200.043] IUnknown:QueryInterface (in: This=0x20e760, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34e0d0 | out: ppvObject=0x34e0d0*=0x0) returned 0x80004002 [0200.043] IUnknown:QueryInterface (in: This=0x20e760, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34e080 | out: ppvObject=0x34e080*=0x0) returned 0x80004002 [0200.043] IUnknown:QueryInterface (in: This=0x20e760, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e08c | out: ppvObject=0x34e08c*=0x20e774) returned 0x0 [0200.043] IMarshal:GetUnmarshalClass (in: This=0x20e774, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34e094 | out: pCid=0x34e094*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.043] IUnknown:Release (This=0x20e774) returned 0x3 [0200.043] CoGetContextToken (in: pToken=0x34e0ec | out: pToken=0x34e0ec) returned 0x0 [0200.043] CoGetContextToken (in: pToken=0x34e4fc | out: pToken=0x34e4fc) returned 0x0 [0200.043] IUnknown:QueryInterface (in: This=0x20e760, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e580 | out: ppvObject=0x34e580*=0x0) returned 0x80004002 [0200.044] IUnknown:Release (This=0x20e760) returned 0x2 [0200.044] CoGetContextToken (in: pToken=0x34eacc | out: pToken=0x34eacc) returned 0x0 [0200.044] CoGetContextToken (in: pToken=0x34ea2c | out: pToken=0x34ea2c) returned 0x0 [0200.044] IUnknown:QueryInterface (in: This=0x20e760, riid=0x34eafc*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eaf8 | out: ppvObject=0x34eaf8*=0x20e760) returned 0x0 [0200.044] IUnknown:AddRef (This=0x20e760) returned 0x4 [0200.044] IUnknown:Release (This=0x20e760) returned 0x3 [0200.044] IUnknown:Release (This=0x197d70) returned 0x2 [0200.044] IUnknown:Release (This=0x20e760) returned 0x2 [0200.048] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0200.048] IUnknown:AddRef (This=0x20e760) returned 0x3 [0200.048] BindMoniker (in: pmk=0x20e760, grfOpt=0x0, iidResult=0x24fa4a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x34ed00 | out: ppvResult=0x34ed00*=0x5b0a10) returned 0x0 [0200.048] IUnknown:QueryInterface (in: This=0x5b0a10, riid=0x24fa4a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ed00 | out: ppvObject=0x34ed00*=0x5b0a10) returned 0x0 [0200.051] LoadRegTypeLib (in: rguid=0x722b364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x34e56c*=0x0 | out: pptlib=0x34e56c*=0x1f54e0) returned 0x0 [0200.280] ITypeLib:GetTypeInfoOfGuid (in: This=0x1f54e0, GUID=0x5b0a54*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x5b0a3c | out: ppTInfo=0x5b0a3c*=0x2177d4) returned 0x0 [0200.281] IUnknown:Release (This=0x1f54e0) returned 0x1 [0200.281] IUnknown:AddRef (This=0x2177d4) returned 0x2 [0200.281] ITypeInfo:RemoteGetTypeAttr (in: This=0x2177d4, ppTypeAttr=0x34e59c, pDummy=0x328d7726 | out: ppTypeAttr=0x34e59c, pDummy=0x328d7726) returned 0x0 [0200.290] ITypeInfo:LocalReleaseTypeAttr (This=0x2177d4) returned 0x1db370 [0200.290] IUnknown:Release (This=0x2177d4) returned 0x1 [0200.290] CoGetContextToken (in: pToken=0x34e0f0 | out: pToken=0x34e0f0) returned 0x0 [0200.290] CoGetContextToken (in: pToken=0x34e504 | out: pToken=0x34e504) returned 0x0 [0200.291] IUnknown:Release (This=0x20e760) returned 0x2 [0200.313] CoGetContextToken (in: pToken=0x34e7d4 | out: pToken=0x34e7d4) returned 0x0 [0200.313] LoadRegTypeLib (in: rguid=0x722b364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x34e7e4*=0x0 | out: pptlib=0x34e7e4*=0x1f54e0) returned 0x0 [0200.315] ITypeLib:GetTypeInfoOfGuid (in: This=0x1f54e0, GUID=0x5b0a44*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x5b0a38 | out: ppTInfo=0x5b0a38*=0x217800) returned 0x0 [0200.315] IUnknown:Release (This=0x1f54e0) returned 0x2 [0200.315] IUnknown:AddRef (This=0x217800) returned 0x2 [0200.315] DispGetIDsOfNames (in: ptinfo=0x217800, rgszNames=0x34e840*="InstancesOf", cNames=0x1, rgdispid=0x34e830 | out: rgdispid=0x34e830*=5) returned 0x0 [0200.318] IUnknown:Release (This=0x217800) returned 0x1 [0200.320] IUnknown:AddRef (This=0x217800) returned 0x2 [0200.320] ITypeInfo:LocalInvoke (This=0x217800) returned 0x0 [0200.321] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.321] GetCurrentThreadId () returned 0xb2c [0200.321] WbemLocator:IUnknown:AddRef (This=0x211ab8) returned 0x3 [0200.321] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.321] GetCurrentThreadId () returned 0xb2c [0200.321] IWbemServices:CreateInstanceEnum (in: This=0x211ab8, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x34e484 | out: ppEnum=0x34e484*=0x1fa6c0) returned 0x0 [0200.335] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0850 [0200.335] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b08b0 [0200.335] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0910 [0200.335] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0970 [0200.335] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0bf8 [0200.335] IUnknown:QueryInterface (in: This=0x1fa6c0, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e39c | out: ppvObject=0x34e39c*=0x1fa6c4) returned 0x0 [0200.335] IClientSecurity:QueryBlanket (in: This=0x1fa6c4, pProxy=0x1fa6c0, pAuthnSvc=0x34e38c, pAuthzSvc=0x34e390, pServerPrincName=0x0, pAuthnLevel=0x34e3b8, pImpLevel=0x34e3b4, pAuthInfo=0x0, pCapabilites=0x34e3a4 | out: pAuthnSvc=0x34e38c*=0xa, pAuthzSvc=0x34e390*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34e3b8*=0x6, pImpLevel=0x34e3b4*=0x2, pAuthInfo=0x0, pCapabilites=0x34e3a4*=0x1) returned 0x0 [0200.335] IUnknown:Release (This=0x1fa6c4) returned 0x1 [0200.335] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.335] GetCurrentThreadId () returned 0xb2c [0200.336] WbemLocator:IUnknown:QueryInterface (in: This=0x211ab8, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e380 | out: ppvObject=0x34e380*=0x214e34) returned 0x0 [0200.336] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x214e34, pProxy=0x211ab8, pAuthnSvc=0x34e370, pAuthzSvc=0x34e374, pServerPrincName=0x0, pAuthnLevel=0x34e3a0, pImpLevel=0x34e3a4, pAuthInfo=0x0, pCapabilites=0x34e388 | out: pAuthnSvc=0x34e370*=0xa, pAuthzSvc=0x34e374*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34e3a0*=0x6, pImpLevel=0x34e3a4*=0x3, pAuthInfo=0x0, pCapabilites=0x34e388*=0x20) returned 0x0 [0200.336] WbemLocator:IUnknown:Release (This=0x214e34) returned 0x3 [0200.336] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.336] GetCurrentThreadId () returned 0xb2c [0200.336] WbemLocator:IUnknown:QueryInterface (in: This=0x211ab8, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e380 | out: ppvObject=0x34e380*=0x214e34) returned 0x0 [0200.336] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x214e34, pProxy=0x211ab8, pAuthnSvc=0x34e370, pAuthzSvc=0x34e374, pServerPrincName=0x0, pAuthnLevel=0x34e3a4, pImpLevel=0x34e3a0, pAuthInfo=0x0, pCapabilites=0x34e388 | out: pAuthnSvc=0x34e370*=0xa, pAuthzSvc=0x34e374*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34e3a4*=0x6, pImpLevel=0x34e3a0*=0x3, pAuthInfo=0x0, pCapabilites=0x34e388*=0x20) returned 0x0 [0200.336] WbemLocator:IUnknown:Release (This=0x214e34) returned 0x3 [0200.336] IUnknown:QueryInterface (in: This=0x1fa6c0, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e3cc | out: ppvObject=0x34e3cc*=0x1fa6c4) returned 0x0 [0200.336] IClientSecurity:CopyProxy (in: This=0x1fa6c4, pProxy=0x1fa6c0, ppCopy=0x34e3d0 | out: ppCopy=0x34e3d0*=0x1fa788) returned 0x0 [0200.336] IUnknown:QueryInterface (in: This=0x1fa788, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e2e8 | out: ppvObject=0x34e2e8*=0x1fa78c) returned 0x0 [0200.336] IClientSecurity:QueryBlanket (in: This=0x1fa78c, pProxy=0x1fa788, pAuthnSvc=0x34e30c, pAuthzSvc=0x34e2fc, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x34e30c*=0xa, pAuthzSvc=0x34e2fc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0200.336] IUnknown:Release (This=0x1fa78c) returned 0x3 [0200.336] IUnknown:QueryInterface (in: This=0x1fa788, riid=0x722b34f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e2c0 | out: ppvObject=0x34e2c0*=0x212afc) returned 0x0 [0200.336] IUnknown:QueryInterface (in: This=0x1fa788, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e2c4 | out: ppvObject=0x34e2c4*=0x1fa78c) returned 0x0 [0200.336] IClientSecurity:SetBlanket (This=0x1fa78c, pProxy=0x1fa788, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.461] IUnknown:Release (This=0x1fa78c) returned 0x4 [0200.461] WbemLocator:IUnknown:Release (This=0x212afc) returned 0x3 [0200.461] IUnknown:Release (This=0x1fa6c4) returned 0x2 [0200.461] IUnknown:AddRef (This=0x1fa788) returned 0x3 [0200.461] IUnknown:Release (This=0x1fa6c0) returned 0x2 [0200.461] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x34e43c | out: pperrinfo=0x34e43c*=0x0) returned 0x1 [0200.462] WbemLocator:IUnknown:Release (This=0x211ab8) returned 0x2 [0200.462] IUnknown:Release (This=0x217800) returned 0x1 [0200.466] LoadRegTypeLib (in: rguid=0x722b364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x34e02c*=0x0 | out: pptlib=0x34e02c*=0x1f54e0) returned 0x0 [0200.468] ITypeLib:GetTypeInfoOfGuid (in: This=0x1f54e0, GUID=0x5b0888*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5b0870 | out: ppTInfo=0x5b0870*=0x217908) returned 0x0 [0200.468] IUnknown:Release (This=0x1f54e0) returned 0x3 [0200.468] IUnknown:AddRef (This=0x217908) returned 0x2 [0200.468] ITypeInfo:RemoteGetTypeAttr (in: This=0x217908, ppTypeAttr=0x34e05c, pDummy=0x328d7266 | out: ppTypeAttr=0x34e05c, pDummy=0x328d7266) returned 0x0 [0200.470] ITypeInfo:LocalReleaseTypeAttr (This=0x217908) returned 0x1db370 [0200.470] IUnknown:Release (This=0x217908) returned 0x1 [0200.470] CoGetContextToken (in: pToken=0x34dbb0 | out: pToken=0x34dbb0) returned 0x0 [0200.470] CoGetContextToken (in: pToken=0x34dfc4 | out: pToken=0x34dfc4) returned 0x0 [0200.471] CoGetContextToken (in: pToken=0x34ebac | out: pToken=0x34ebac) returned 0x0 [0200.471] CoGetContextToken (in: pToken=0x34eb0c | out: pToken=0x34eb0c) returned 0x0 [0200.474] CoGetContextToken (in: pToken=0x34eb2c | out: pToken=0x34eb2c) returned 0x0 [0200.474] LoadRegTypeLib (in: rguid=0x722b364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x34eb3c*=0x0 | out: pptlib=0x34eb3c*=0x1f54e0) returned 0x0 [0200.476] ITypeLib:GetTypeInfoOfGuid (in: This=0x1f54e0, GUID=0x5b0878*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5b086c | out: ppTInfo=0x5b086c*=0x2178b0) returned 0x0 [0200.476] IUnknown:Release (This=0x1f54e0) returned 0x4 [0200.476] IUnknown:AddRef (This=0x2178b0) returned 0x2 [0200.476] ITypeInfo:LocalInvoke (This=0x2178b0) returned 0x0 [0200.476] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.476] GetCurrentThreadId () returned 0xb2c [0200.476] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0810 [0200.476] IUnknown:Release (This=0x2178b0) returned 0x1 [0200.476] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0200.710] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x1d3a90 [0200.712] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x1d3b18 [0200.851] CoGetContextToken (in: pToken=0x34e874 | out: pToken=0x34e874) returned 0x0 [0200.854] CoGetContextToken (in: pToken=0x34e38c | out: pToken=0x34e38c) returned 0x0 [0200.854] IUnknown:AddRef (This=0x2178b0) returned 0x2 [0200.854] ITypeInfo:LocalInvoke (This=0x2178b0) returned 0x0 [0200.854] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.854] GetCurrentThreadId () returned 0xb2c [0200.854] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.854] GetCurrentThreadId () returned 0xb2c [0200.854] IUnknown:AddRef (This=0x1fa788) returned 0x3 [0200.854] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.854] GetCurrentThreadId () returned 0xb2c [0200.854] IEnumWbemClassObject:Clone (in: This=0x1fa788, ppEnum=0x34e5e0 | out: ppEnum=0x34e5e0*=0x1fa850) returned 0x0 [0200.856] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0cb0 [0200.856] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0d10 [0200.856] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0d70 [0200.856] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0990 [0200.857] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0dd0 [0200.857] IUnknown:QueryInterface (in: This=0x1fa850, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e4f8 | out: ppvObject=0x34e4f8*=0x1fa854) returned 0x0 [0200.857] IClientSecurity:QueryBlanket (in: This=0x1fa854, pProxy=0x1fa850, pAuthnSvc=0x34e4e8, pAuthzSvc=0x34e4ec, pServerPrincName=0x0, pAuthnLevel=0x34e514, pImpLevel=0x34e510, pAuthInfo=0x0, pCapabilites=0x34e500 | out: pAuthnSvc=0x34e4e8*=0xa, pAuthzSvc=0x34e4ec*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34e514*=0x6, pImpLevel=0x34e510*=0x2, pAuthInfo=0x0, pCapabilites=0x34e500*=0x1) returned 0x0 [0200.857] IUnknown:Release (This=0x1fa854) returned 0x1 [0200.857] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.857] GetCurrentThreadId () returned 0xb2c [0200.857] IUnknown:QueryInterface (in: This=0x1fa788, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e4dc | out: ppvObject=0x34e4dc*=0x1fa78c) returned 0x0 [0200.857] IClientSecurity:QueryBlanket (in: This=0x1fa78c, pProxy=0x1fa788, pAuthnSvc=0x34e4cc, pAuthzSvc=0x34e4d0, pServerPrincName=0x0, pAuthnLevel=0x34e4fc, pImpLevel=0x34e500, pAuthInfo=0x0, pCapabilites=0x34e4e4 | out: pAuthnSvc=0x34e4cc*=0xa, pAuthzSvc=0x34e4d0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34e4fc*=0x6, pImpLevel=0x34e500*=0x3, pAuthInfo=0x0, pCapabilites=0x34e4e4*=0x20) returned 0x0 [0200.857] IUnknown:Release (This=0x1fa78c) returned 0x3 [0200.857] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.857] GetCurrentThreadId () returned 0xb2c [0200.858] IUnknown:QueryInterface (in: This=0x1fa788, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e4dc | out: ppvObject=0x34e4dc*=0x1fa78c) returned 0x0 [0200.858] IClientSecurity:QueryBlanket (in: This=0x1fa78c, pProxy=0x1fa788, pAuthnSvc=0x34e4cc, pAuthzSvc=0x34e4d0, pServerPrincName=0x0, pAuthnLevel=0x34e500, pImpLevel=0x34e4fc, pAuthInfo=0x0, pCapabilites=0x34e4e4 | out: pAuthnSvc=0x34e4cc*=0xa, pAuthzSvc=0x34e4d0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34e500*=0x6, pImpLevel=0x34e4fc*=0x3, pAuthInfo=0x0, pCapabilites=0x34e4e4*=0x20) returned 0x0 [0200.858] IUnknown:Release (This=0x1fa78c) returned 0x3 [0200.858] IUnknown:QueryInterface (in: This=0x1fa850, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e528 | out: ppvObject=0x34e528*=0x1fa854) returned 0x0 [0200.858] IClientSecurity:CopyProxy (in: This=0x1fa854, pProxy=0x1fa850, ppCopy=0x34e52c | out: ppCopy=0x34e52c*=0x1fa918) returned 0x0 [0200.858] IUnknown:QueryInterface (in: This=0x1fa918, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e444 | out: ppvObject=0x34e444*=0x1fa91c) returned 0x0 [0200.858] IClientSecurity:QueryBlanket (in: This=0x1fa91c, pProxy=0x1fa918, pAuthnSvc=0x34e468, pAuthzSvc=0x34e458, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x34e468*=0xa, pAuthzSvc=0x34e458*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0200.858] IUnknown:Release (This=0x1fa91c) returned 0x3 [0200.858] IUnknown:QueryInterface (in: This=0x1fa918, riid=0x722b34f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e41c | out: ppvObject=0x34e41c*=0x1a7d54) returned 0x0 [0200.858] IUnknown:QueryInterface (in: This=0x1fa918, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e420 | out: ppvObject=0x34e420*=0x1fa91c) returned 0x0 [0200.858] IClientSecurity:SetBlanket (This=0x1fa91c, pProxy=0x1fa918, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.861] IUnknown:Release (This=0x1fa91c) returned 0x4 [0200.861] WbemLocator:IUnknown:Release (This=0x1a7d54) returned 0x3 [0200.861] IUnknown:Release (This=0x1fa854) returned 0x2 [0200.861] IUnknown:AddRef (This=0x1fa918) returned 0x3 [0200.861] IUnknown:Release (This=0x1fa850) returned 0x2 [0200.861] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x34e598 | out: pperrinfo=0x34e598*=0x0) returned 0x1 [0200.861] IUnknown:Release (This=0x1fa788) returned 0x2 [0200.861] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.861] GetCurrentThreadId () returned 0xb2c [0200.862] IUnknown:AddRef (This=0x1fa918) returned 0x3 [0200.862] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.862] GetCurrentThreadId () returned 0xb2c [0200.862] IEnumWbemClassObject:Reset (This=0x1fa918) returned 0x0 [0200.863] IUnknown:Release (This=0x1fa918) returned 0x2 [0200.863] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0810 [0200.863] IUnknown:Release (This=0x2178b0) returned 0x1 [0200.864] CoGetContextToken (in: pToken=0x34db58 | out: pToken=0x34db58) returned 0x0 [0200.864] CoGetContextToken (in: pToken=0x34df6c | out: pToken=0x34df6c) returned 0x0 [0200.874] CoGetContextToken (in: pToken=0x34e94c | out: pToken=0x34e94c) returned 0x0 [0200.874] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.874] GetCurrentThreadId () returned 0xb2c [0200.875] IUnknown:AddRef (This=0x1fa918) returned 0x3 [0200.875] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.875] GetCurrentThreadId () returned 0xb2c [0200.875] IEnumWbemClassObject:Next (in: This=0x1fa918, lTimeout=-1, uCount=0x1, apObjects=0x34eccc, puReturned=0x34ecc4 | out: apObjects=0x34eccc*=0x21acf8, puReturned=0x34ecc4*=0x1) returned 0x0 [0200.883] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0e88 [0200.883] IUnknown:AddRef (This=0x21acf8) returned 0x2 [0200.883] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0ed0 [0200.883] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0f40 [0200.883] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b0fa0 [0200.883] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b09b0 [0200.883] WbemLocator:IUnknown:AddRef (This=0x211ab8) returned 0x3 [0200.883] IUnknown:AddRef (This=0x1fa918) returned 0x4 [0200.884] IUnknown:QueryInterface (in: This=0x1fa918, riid=0x722b31fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ec2c | out: ppvObject=0x34ec2c*=0x1fa91c) returned 0x0 [0200.884] IClientSecurity:QueryBlanket (in: This=0x1fa91c, pProxy=0x1fa918, pAuthnSvc=0x34ec1c, pAuthzSvc=0x34ec20, pServerPrincName=0x0, pAuthnLevel=0x34ec3c, pImpLevel=0x34ec48, pAuthInfo=0x0, pCapabilites=0x34ec34 | out: pAuthnSvc=0x34ec1c*=0xa, pAuthzSvc=0x34ec20*=0x0, pServerPrincName=0x0, pAuthnLevel=0x34ec3c*=0x6, pImpLevel=0x34ec48*=0x3, pAuthInfo=0x0, pCapabilites=0x34ec34*=0x20) returned 0x0 [0200.884] IUnknown:Release (This=0x1fa91c) returned 0x4 [0200.884] WbemLocator:IUnknown:Release (This=0x211ab8) returned 0x2 [0200.884] WbemLocator:IUnknown:AddRef (This=0x211ab8) returned 0x3 [0200.884] IUnknown:Release (This=0x1fa918) returned 0x3 [0200.884] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0200.884] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b1000 [0200.884] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b1030 [0200.884] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b1050 [0200.884] IUnknown:AddRef (This=0x21acf8) returned 0x3 [0200.884] IUnknown:Release (This=0x21acf8) returned 0x2 [0200.884] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x34ec80 | out: pperrinfo=0x34ec80*=0x0) returned 0x1 [0200.884] IUnknown:Release (This=0x1fa918) returned 0x2 [0200.885] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x34ecc4 | out: pperrinfo=0x34ecc4*=0x0) returned 0x1 [0200.887] LoadRegTypeLib (in: rguid=0x722b364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x34e48c*=0x0 | out: pptlib=0x34e48c*=0x1f54e0) returned 0x0 [0200.888] ITypeLib:GetTypeInfoOfGuid (in: This=0x1f54e0, GUID=0x722c70c4*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x5b101c | out: ppTInfo=0x5b101c*=0x217934) returned 0x0 [0200.888] IUnknown:Release (This=0x1f54e0) returned 0x5 [0200.888] IUnknown:AddRef (This=0x217934) returned 0x2 [0200.888] ITypeInfo:RemoteGetTypeAttr (in: This=0x217934, ppTypeAttr=0x34e4cc, pDummy=0x328d7616 | out: ppTypeAttr=0x34e4cc, pDummy=0x328d7616) returned 0x0 [0200.890] ITypeInfo:LocalReleaseTypeAttr (This=0x217934) returned 0x1db370 [0200.890] IUnknown:Release (This=0x217934) returned 0x1 [0200.890] CoGetContextToken (in: pToken=0x34e020 | out: pToken=0x34e020) returned 0x0 [0200.890] CoGetContextToken (in: pToken=0x34e434 | out: pToken=0x34e434) returned 0x0 [0200.894] CoGetContextToken (in: pToken=0x34e7ec | out: pToken=0x34e7ec) returned 0x0 [0200.894] LoadRegTypeLib (in: rguid=0x722b364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x34e7e8*=0x0 | out: pptlib=0x34e7e8*=0x1f54e0) returned 0x0 [0200.895] ITypeLib:GetTypeInfoOfGuid (in: This=0x1f54e0, GUID=0x722b55e4*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x5b1018 | out: ppTInfo=0x5b1018*=0x217960) returned 0x0 [0200.896] IUnknown:Release (This=0x1f54e0) returned 0x6 [0200.896] IUnknown:AddRef (This=0x217960) returned 0x2 [0200.896] DispGetIDsOfNames (in: ptinfo=0x217960, rgszNames=0x34e860*="SerialNumber", cNames=0x1, rgdispid=0x34e850 | out: rgdispid=0x34e850*=-1) returned 0x80020006 [0200.918] IUnknown:AddRef (This=0x21acf8) returned 0x3 [0200.918] IWbemClassObject:Get (in: This=0x21acf8, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x34e770*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x34e770*=0) returned 0x0 [0200.918] IUnknown:Release (This=0x21acf8) returned 0x2 [0200.919] SysStringLen (param_1="SerialNumber") returned 0xc [0200.919] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b1078 [0200.919] SysStringLen (param_1="SerialNumber") returned 0xc [0200.919] IUnknown:Release (This=0x217960) returned 0x1 [0200.919] IUnknown:AddRef (This=0x217960) returned 0x2 [0200.919] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.919] GetCurrentThreadId () returned 0xb2c [0200.919] SysStringLen (param_1="SerialNumber") returned 0xc [0200.919] IWbemClassObject:Get (in: This=0x21acf8, wszName="SerialNumber", lFlags=0, pVal=0x34e5f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x34e628, varVal2=0x722b2d81), pType=0x34e600*=1915432326, plFlavor=0x0 | out: pVal=0x34e5f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..CN747510BO0504.", varVal2=0x722b2d81), pType=0x34e600*=8, plFlavor=0x0) returned 0x0 [0200.919] IUnknown:Release (This=0x217960) returned 0x1 [0200.921] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22 [0200.921] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22 [0200.922] CoGetContextToken (in: pToken=0x34e94c | out: pToken=0x34e94c) returned 0x0 [0200.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.922] GetCurrentThreadId () returned 0xb2c [0200.922] IUnknown:AddRef (This=0x1fa918) returned 0x3 [0200.922] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.923] GetCurrentThreadId () returned 0xb2c [0200.923] IEnumWbemClassObject:Next (in: This=0x1fa918, lTimeout=-1, uCount=0x1, apObjects=0x34eccc, puReturned=0x34ecc4 | out: apObjects=0x34eccc*=0x0, puReturned=0x34ecc4*=0x0) returned 0x1 [0200.924] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x34ec80 | out: pperrinfo=0x34ec80*=0x0) returned 0x1 [0200.924] IUnknown:Release (This=0x1fa918) returned 0x2 [0200.924] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x34ecc4 | out: pperrinfo=0x34ecc4*=0x0) returned 0x1 [0201.088] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0201.090] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8 [0201.100] SetEvent (hEvent=0x2b8) returned 1 [0201.134] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ecb4*=0x2b4, lpdwindex=0x34ead8 | out: lpdwindex=0x34ead8) returned 0x0 [0201.135] CoGetContextToken (in: pToken=0x34eb8c | out: pToken=0x34eb8c) returned 0x0 [0201.135] CoGetContextToken (in: pToken=0x34eaec | out: pToken=0x34eaec) returned 0x0 [0201.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e99a0, riid=0x34ebbc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34ebb8 | out: ppvObject=0x34ebb8*=0x1e99a0) returned 0x0 [0201.135] WbemDefPath:IUnknown:AddRef (This=0x1e99a0) returned 0x3 [0201.135] WbemDefPath:IUnknown:Release (This=0x1e99a0) returned 0x2 [0201.138] WbemDefPath:IWbemPath:SetText (This=0x1e99a0, uMode=0x4, pszPath="win32_processor") returned 0x0 [0201.141] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e99a0, puCount=0x34ed34 | out: puCount=0x34ed34*=0x0) returned 0x0 [0201.141] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34ed30*=0x0, pszText=0x0 | out: puBuffLength=0x34ed30*=0x10, pszText=0x0) returned 0x0 [0201.141] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34ed30*=0x10, pszText="000000000000000" | out: puBuffLength=0x34ed30*=0x10, pszText="win32_processor") returned 0x0 [0201.142] WbemDefPath:IWbemPath:GetInfo (in: This=0x1e99a0, uRequestedInfo=0x0, puResponse=0x34ed3c | out: puResponse=0x34ed3c*=0xc15) returned 0x0 [0201.142] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e99a0, puCount=0x34ed34 | out: puCount=0x34ed34*=0x0) returned 0x0 [0201.142] WbemDefPath:IWbemPath:GetInfo (in: This=0x1e99a0, uRequestedInfo=0x0, puResponse=0x34ed3c | out: puResponse=0x34ed3c*=0xc15) returned 0x0 [0201.143] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e99a0, puCount=0x34ed24 | out: puCount=0x34ed24*=0x0) returned 0x0 [0201.143] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34ed20*=0x0, pszText=0x0 | out: puBuffLength=0x34ed20*=0x10, pszText=0x0) returned 0x0 [0201.143] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34ed20*=0x10, pszText="000000000000000" | out: puBuffLength=0x34ed20*=0x10, pszText="win32_processor") returned 0x0 [0201.143] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e99a0, puCount=0x34ed24 | out: puCount=0x34ed24*=0x0) returned 0x0 [0201.143] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34ed20*=0x0, pszText=0x0 | out: puBuffLength=0x34ed20*=0x10, pszText=0x0) returned 0x0 [0201.143] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34ed20*=0x10, pszText="000000000000000" | out: puBuffLength=0x34ed20*=0x10, pszText="win32_processor") returned 0x0 [0201.143] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e99a0, puCount=0x34ecb4 | out: puCount=0x34ecb4*=0x0) returned 0x0 [0201.144] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8 [0201.144] SetEvent (hEvent=0x2b8) returned 1 [0201.144] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34e50c*=0x2e8, lpdwindex=0x34e330 | out: lpdwindex=0x34e330) returned 0x0 [0201.147] CoGetContextToken (in: pToken=0x34e3e4 | out: pToken=0x34e3e4) returned 0x0 [0201.147] CoGetContextToken (in: pToken=0x34e344 | out: pToken=0x34e344) returned 0x0 [0201.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a10, riid=0x34e414*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34e410 | out: ppvObject=0x34e410*=0x1e9a10) returned 0x0 [0201.147] WbemDefPath:IUnknown:AddRef (This=0x1e9a10) returned 0x3 [0201.147] WbemDefPath:IUnknown:Release (This=0x1e9a10) returned 0x2 [0201.147] WbemDefPath:IWbemPath:SetText (This=0x1e9a10, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0201.148] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34eca0 | out: puCount=0x34eca0*=0x2) returned 0x0 [0201.148] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec9c*=0x0, pszText=0x0 | out: puBuffLength=0x34ec9c*=0xf, pszText=0x0) returned 0x0 [0201.148] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.148] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec [0201.148] SetEvent (hEvent=0x2b8) returned 1 [0201.148] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ebfc*=0x2ec, lpdwindex=0x34ea20 | out: lpdwindex=0x34ea20) returned 0x0 [0201.151] CoGetContextToken (in: pToken=0x34ead4 | out: pToken=0x34ead4) returned 0x0 [0201.151] CoGetContextToken (in: pToken=0x34ea34 | out: pToken=0x34ea34) returned 0x0 [0201.151] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a80, riid=0x34eb04*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb00 | out: ppvObject=0x34eb00*=0x1e9a80) returned 0x0 [0201.151] WbemDefPath:IUnknown:AddRef (This=0x1e9a80) returned 0x3 [0201.151] WbemDefPath:IUnknown:Release (This=0x1e9a80) returned 0x2 [0201.151] WbemDefPath:IWbemPath:SetText (This=0x1e9a80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0201.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a80, puCount=0x34ec78 | out: puCount=0x34ec78*=0x2) returned 0x0 [0201.151] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ec74*=0x0, pszText=0x0 | out: puBuffLength=0x34ec74*=0xf, pszText=0x0) returned 0x0 [0201.151] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ec74*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec74*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.162] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34eb98*=0x300, lpdwindex=0x34ea50 | out: lpdwindex=0x34ea50) returned 0x0 [0202.058] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a80, puCount=0x34ec9c | out: puCount=0x34ec9c*=0x2) returned 0x0 [0202.058] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ec98*=0x0, pszText=0x0 | out: puBuffLength=0x34ec98*=0xf, pszText=0x0) returned 0x0 [0202.058] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ec98*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.058] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34eca0*=0x0, pszText=0x0 | out: puBuffLength=0x34eca0*=0x10, pszText=0x0) returned 0x0 [0202.058] WbemDefPath:IWbemPath:GetText (in: This=0x1e99a0, lFlags=2, puBuffLength=0x34eca0*=0x10, pszText="000000000000000" | out: puBuffLength=0x34eca0*=0x10, pszText="win32_processor") returned 0x0 [0202.061] CoGetContextToken (in: pToken=0x34ea44 | out: pToken=0x34ea44) returned 0x0 [0202.061] CoGetContextToken (in: pToken=0x34e9a4 | out: pToken=0x34e9a4) returned 0x0 [0202.061] CoGetContextToken (in: pToken=0x34e9a4 | out: pToken=0x34e9a4) returned 0x0 [0202.061] CoGetContextToken (in: pToken=0x34e944 | out: pToken=0x34e944) returned 0x0 [0202.061] IUnknown:QueryInterface (in: This=0x1a29f0, riid=0x71668ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e91c | out: ppvObject=0x34e91c*=0x1a2a00) returned 0x0 [0202.062] CObjectContext::ContextCallback () returned 0x0 [0202.072] IUnknown:Release (This=0x1a2a00) returned 0x1 [0202.073] CoUnmarshalInterface (in: pStm=0x1ecff8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34e998 | out: ppv=0x34e998*=0x200c7c) returned 0x0 [0202.073] CoMarshalInterface (pStm=0x1ecff8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x200c7c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0202.073] WbemLocator:IUnknown:QueryInterface (in: This=0x200c7c, riid=0x34ea74*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x34ea70 | out: ppvObject=0x34ea70*=0x2120a8) returned 0x0 [0202.078] WbemLocator:IUnknown:Release (This=0x200c7c) returned 0x1 [0202.078] IWbemServices:GetObject (in: This=0x2120a8, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x34ec54*=0x0, ppCallResult=0x0 | out: ppObject=0x34ec54*=0x235d30, ppCallResult=0x0) returned 0x0 [0202.087] WbemLocator:IUnknown:Release (This=0x2120a8) returned 0x0 [0202.088] IWbemClassObject:Get (in: This=0x235d30, wszName="__PATH", lFlags=0, pVal=0x34ec3c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ece4*=0, plFlavor=0x34ece0*=0 | out: pVal=0x34ec3c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor", varVal2=0x0), pType=0x34ece4*=8, plFlavor=0x34ece0*=64) returned 0x0 [0202.090] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e [0202.090] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e [0202.091] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c [0202.091] SetEvent (hEvent=0x2b8) returned 1 [0202.091] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ebf8*=0x33c, lpdwindex=0x34ea1c | out: lpdwindex=0x34ea1c) returned 0x0 [0202.095] CoGetContextToken (in: pToken=0x34eacc | out: pToken=0x34eacc) returned 0x0 [0202.095] CoGetContextToken (in: pToken=0x34ea2c | out: pToken=0x34ea2c) returned 0x0 [0202.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9af0, riid=0x34eafc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eaf8 | out: ppvObject=0x34eaf8*=0x1e9af0) returned 0x0 [0202.095] WbemDefPath:IUnknown:AddRef (This=0x1e9af0) returned 0x3 [0202.095] WbemDefPath:IUnknown:Release (This=0x1e9af0) returned 0x2 [0202.095] WbemDefPath:IWbemPath:SetText (This=0x1e9af0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x0 [0202.095] IWbemClassObject:Get (in: This=0x235d30, wszName="__CLASS", lFlags=0, pVal=0x34ecac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed2c*=0, plFlavor=0x34ed28*=0 | out: pVal=0x34ecac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x34ed2c*=8, plFlavor=0x34ed28*=64) returned 0x0 [0202.095] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0202.095] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0202.096] CoGetContextToken (in: pToken=0x34eacc | out: pToken=0x34eacc) returned 0x0 [0202.096] CoGetContextToken (in: pToken=0x34ea2c | out: pToken=0x34ea2c) returned 0x0 [0202.096] CoGetContextToken (in: pToken=0x34ea2c | out: pToken=0x34ea2c) returned 0x0 [0202.096] CoUnmarshalInterface (in: pStm=0x1ecff8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34ea20 | out: ppv=0x34ea20*=0x200c7c) returned 0x0 [0202.096] CoMarshalInterface (pStm=0x1ecff8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x200c7c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0202.097] WbemLocator:IUnknown:QueryInterface (in: This=0x200c7c, riid=0x34eafc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x34eaf8 | out: ppvObject=0x34eaf8*=0x212198) returned 0x0 [0202.097] WbemLocator:IUnknown:Release (This=0x200c7c) returned 0x1 [0202.097] IWbemServices:CreateInstanceEnum (in: This=0x212198, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x34eca8 | out: ppEnum=0x34eca8*=0x1faaa8) returned 0x0 [0202.111] IUnknown:QueryInterface (in: This=0x1faaa8, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb34 | out: ppvObject=0x34eb34*=0x1faaac) returned 0x0 [0202.111] IClientSecurity:QueryBlanket (in: This=0x1faaac, pProxy=0x1faaa8, pAuthnSvc=0x34eb84, pAuthzSvc=0x34eb80, pServerPrincName=0x34eb78, pAuthnLevel=0x34eb7c, pImpLevel=0x34eb6c, pAuthInfo=0x34eb70, pCapabilites=0x34eb74 | out: pAuthnSvc=0x34eb84*=0xa, pAuthzSvc=0x34eb80*=0x0, pServerPrincName=0x34eb78, pAuthnLevel=0x34eb7c*=0x6, pImpLevel=0x34eb6c*=0x2, pAuthInfo=0x34eb70, pCapabilites=0x34eb74*=0x1) returned 0x0 [0202.111] IUnknown:Release (This=0x1faaac) returned 0x1 [0202.111] IUnknown:QueryInterface (in: This=0x1faaa8, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb28 | out: ppvObject=0x34eb28*=0x200d6c) returned 0x0 [0202.111] IUnknown:QueryInterface (in: This=0x1faaa8, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb14 | out: ppvObject=0x34eb14*=0x1faaac) returned 0x0 [0202.111] IClientSecurity:SetBlanket (This=0x1faaac, pProxy=0x1faaa8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.124] IUnknown:Release (This=0x1faaac) returned 0x2 [0202.124] WbemLocator:IUnknown:Release (This=0x200d6c) returned 0x1 [0202.124] CoTaskMemFree (pv=0x21a480) [0202.124] IUnknown:AddRef (This=0x1faaa8) returned 0x2 [0202.124] CoGetContextToken (in: pToken=0x34e050 | out: pToken=0x34e050) returned 0x0 [0202.125] CoGetContextToken (in: pToken=0x34e464 | out: pToken=0x34e464) returned 0x0 [0202.125] IUnknown:QueryInterface (in: This=0x1faaa8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e3fc | out: ppvObject=0x34e3fc*=0x200d54) returned 0x0 [0202.125] WbemLocator:IRpcOptions:Query (in: This=0x200d54, pPrx=0x224048, dwProperty=2, pdwValue=0x34e4f0 | out: pdwValue=0x34e4f0) returned 0x80004002 [0202.125] WbemLocator:IUnknown:Release (This=0x200d54) returned 0x2 [0202.125] CoGetContextToken (in: pToken=0x34ea34 | out: pToken=0x34ea34) returned 0x0 [0202.125] CoGetContextToken (in: pToken=0x34e994 | out: pToken=0x34e994) returned 0x0 [0202.125] IUnknown:QueryInterface (in: This=0x1faaa8, riid=0x34ea64*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e930 | out: ppvObject=0x34e930*=0x1faaa8) returned 0x0 [0202.126] IUnknown:Release (This=0x1faaa8) returned 0x2 [0202.126] WbemLocator:IUnknown:Release (This=0x212198) returned 0x0 [0202.126] SysStringLen (param_1=0x0) returned 0x0 [0202.126] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a80, puCount=0x34ece4 | out: puCount=0x34ece4*=0x2) returned 0x0 [0202.126] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ece0*=0x0, pszText=0x0 | out: puBuffLength=0x34ece0*=0xf, pszText=0x0) returned 0x0 [0202.126] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ece0*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ece0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.126] CoGetContextToken (in: pToken=0x34eb2c | out: pToken=0x34eb2c) returned 0x0 [0202.126] IEnumWbemClassObject:Clone (in: This=0x1faaa8, ppEnum=0x34ece4 | out: ppEnum=0x34ece4*=0x1fab70) returned 0x0 [0202.185] IUnknown:QueryInterface (in: This=0x1fab70, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eba0 | out: ppvObject=0x34eba0*=0x1fab74) returned 0x0 [0202.185] IClientSecurity:QueryBlanket (in: This=0x1fab74, pProxy=0x1fab70, pAuthnSvc=0x34ebf0, pAuthzSvc=0x34ebec, pServerPrincName=0x34ebe4, pAuthnLevel=0x34ebe8, pImpLevel=0x34ebd8, pAuthInfo=0x34ebdc, pCapabilites=0x34ebe0 | out: pAuthnSvc=0x34ebf0*=0xa, pAuthzSvc=0x34ebec*=0x0, pServerPrincName=0x34ebe4, pAuthnLevel=0x34ebe8*=0x6, pImpLevel=0x34ebd8*=0x2, pAuthInfo=0x34ebdc, pCapabilites=0x34ebe0*=0x1) returned 0x0 [0202.185] IUnknown:Release (This=0x1fab74) returned 0x1 [0202.185] IUnknown:QueryInterface (in: This=0x1fab70, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb94 | out: ppvObject=0x34eb94*=0x200c7c) returned 0x0 [0202.185] IUnknown:QueryInterface (in: This=0x1fab70, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb80 | out: ppvObject=0x34eb80*=0x1fab74) returned 0x0 [0202.186] IClientSecurity:SetBlanket (This=0x1fab74, pProxy=0x1fab70, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.261] IUnknown:Release (This=0x1fab74) returned 0x2 [0202.261] WbemLocator:IUnknown:Release (This=0x200c7c) returned 0x1 [0202.261] CoTaskMemFree (pv=0x21a450) [0202.261] IUnknown:AddRef (This=0x1fab70) returned 0x2 [0202.262] CoGetContextToken (in: pToken=0x34e0b0 | out: pToken=0x34e0b0) returned 0x0 [0202.262] CoGetContextToken (in: pToken=0x34e4c4 | out: pToken=0x34e4c4) returned 0x0 [0202.262] IUnknown:QueryInterface (in: This=0x1fab70, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e45c | out: ppvObject=0x34e45c*=0x200c64) returned 0x0 [0202.262] WbemLocator:IRpcOptions:Query (in: This=0x200c64, pPrx=0x2361f0, dwProperty=2, pdwValue=0x34e550 | out: pdwValue=0x34e550) returned 0x80004002 [0202.262] WbemLocator:IUnknown:Release (This=0x200c64) returned 0x2 [0202.262] CoGetContextToken (in: pToken=0x34ea94 | out: pToken=0x34ea94) returned 0x0 [0202.262] CoGetContextToken (in: pToken=0x34e9f4 | out: pToken=0x34e9f4) returned 0x0 [0202.262] IUnknown:QueryInterface (in: This=0x1fab70, riid=0x34eac4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e990 | out: ppvObject=0x34e990*=0x1fab70) returned 0x0 [0202.263] IUnknown:Release (This=0x1fab70) returned 0x2 [0202.263] SysStringLen (param_1=0x0) returned 0x0 [0202.263] IEnumWbemClassObject:Reset (This=0x1fab70) returned 0x0 [0202.379] CoTaskMemAlloc (cb=0x4) returned 0x219b70 [0202.380] IEnumWbemClassObject:Next (in: This=0x1fab70, lTimeout=-1, uCount=0x1, apObjects=0x219b70, puReturned=0x2500844 | out: apObjects=0x219b70*=0x2399e8, puReturned=0x2500844*=0x1) returned 0x0 [0210.753] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x2399e8) returned 0x0 [0210.753] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0210.753] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0210.754] IUnknown:AddRef (This=0x2399e8) returned 0x3 [0210.754] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0210.754] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0210.754] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x2399ec) returned 0x0 [0210.754] IMarshal:GetUnmarshalClass (in: This=0x2399ec, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0210.754] IUnknown:Release (This=0x2399ec) returned 0x3 [0210.754] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0210.755] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0210.755] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0210.755] IUnknown:Release (This=0x2399e8) returned 0x2 [0210.755] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0210.755] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0210.755] IUnknown:QueryInterface (in: This=0x2399e8, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x2399e8) returned 0x0 [0210.755] IUnknown:AddRef (This=0x2399e8) returned 0x4 [0210.755] IUnknown:Release (This=0x2399e8) returned 0x3 [0210.756] IUnknown:Release (This=0x2399e8) returned 0x2 [0210.757] CoTaskMemFree (pv=0x219b70) [0210.758] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0210.758] IUnknown:AddRef (This=0x2399e8) returned 0x3 [0210.759] IWbemClassObject:Get (in: This=0x2399e8, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0210.760] IWbemClassObject:Get (in: This=0x2399e8, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0210.761] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0210.761] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0210.762] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x348 [0210.762] SetEvent (hEvent=0x2b8) returned 1 [0210.762] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x348, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0210.769] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0210.769] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0210.769] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9bd0, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x1e9bd0) returned 0x0 [0210.769] WbemDefPath:IUnknown:AddRef (This=0x1e9bd0) returned 0x3 [0210.769] WbemDefPath:IUnknown:Release (This=0x1e9bd0) returned 0x2 [0210.769] WbemDefPath:IWbemPath:SetText (This=0x1e9bd0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0210.769] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a80, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0210.769] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0210.769] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.770] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a80, puCount=0x34ecf0 | out: puCount=0x34ecf0*=0x2) returned 0x0 [0210.770] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ecec*=0x0, pszText=0x0 | out: puBuffLength=0x34ecec*=0xf, pszText=0x0) returned 0x0 [0210.770] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=4, puBuffLength=0x34ecec*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.778] IWbemClassObject:Get (in: This=0x2399e8, wszName="processorID", lFlags=0, pVal=0x34ecec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2501108*=0, plFlavor=0x250110c*=0 | out: pVal=0x34ecec*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x2501108*=8, plFlavor=0x250110c*=0) returned 0x0 [0210.778] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0210.778] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0210.779] IWbemClassObject:Get (in: This=0x2399e8, wszName="processorID", lFlags=0, pVal=0x34ecf4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2501108*=8, plFlavor=0x250110c*=0 | out: pVal=0x34ecf4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x2501108*=8, plFlavor=0x250110c*=0) returned 0x0 [0210.779] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0210.779] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0210.780] CoTaskMemAlloc (cb=0x4) returned 0x219bc0 [0210.781] IEnumWbemClassObject:Next (in: This=0x1fab70, lTimeout=-1, uCount=0x1, apObjects=0x219bc0, puReturned=0x2500844 | out: apObjects=0x219bc0*=0x0, puReturned=0x2500844*=0x0) returned 0x1 [0210.783] CoTaskMemFree (pv=0x219bc0) [0210.785] CoGetContextToken (in: pToken=0x34ec08 | out: pToken=0x34ec08) returned 0x0 [0210.785] IUnknown:Release (This=0x1fab70) returned 0x1 [0210.785] IUnknown:Release (This=0x1fab70) returned 0x0 [0210.817] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x34c [0210.817] SetEvent (hEvent=0x2b8) returned 1 [0210.817] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ecb4*=0x34c, lpdwindex=0x34ead8 | out: lpdwindex=0x34ead8) returned 0x0 [0210.821] CoGetContextToken (in: pToken=0x34eb8c | out: pToken=0x34eb8c) returned 0x0 [0210.821] CoGetContextToken (in: pToken=0x34eaec | out: pToken=0x34eaec) returned 0x0 [0210.821] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9c40, riid=0x34ebbc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34ebb8 | out: ppvObject=0x34ebb8*=0x1e9c40) returned 0x0 [0210.821] WbemDefPath:IUnknown:AddRef (This=0x1e9c40) returned 0x3 [0210.821] WbemDefPath:IUnknown:Release (This=0x1e9c40) returned 0x2 [0210.821] WbemDefPath:IWbemPath:SetText (This=0x1e9c40, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0210.821] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9c40, puCount=0x34ed34 | out: puCount=0x34ed34*=0x0) returned 0x0 [0210.821] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34ed30*=0x0, pszText=0x0 | out: puBuffLength=0x34ed30*=0x22, pszText=0x0) returned 0x0 [0210.821] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34ed30*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x34ed30*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0210.821] WbemDefPath:IWbemPath:GetInfo (in: This=0x1e9c40, uRequestedInfo=0x0, puResponse=0x34ed3c | out: puResponse=0x34ed3c*=0xc15) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9c40, puCount=0x34ed34 | out: puCount=0x34ed34*=0x0) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetInfo (in: This=0x1e9c40, uRequestedInfo=0x0, puResponse=0x34ed3c | out: puResponse=0x34ed3c*=0xc15) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9c40, puCount=0x34ed24 | out: puCount=0x34ed24*=0x0) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34ed20*=0x0, pszText=0x0 | out: puBuffLength=0x34ed20*=0x22, pszText=0x0) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34ed20*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x34ed20*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9c40, puCount=0x34ed24 | out: puCount=0x34ed24*=0x0) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34ed20*=0x0, pszText=0x0 | out: puBuffLength=0x34ed20*=0x22, pszText=0x0) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34ed20*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x34ed20*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9c40, puCount=0x34ecb4 | out: puCount=0x34ecb4*=0x0) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34eca0 | out: puCount=0x34eca0*=0x2) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec9c*=0x0, pszText=0x0 | out: puBuffLength=0x34ec9c*=0xf, pszText=0x0) returned 0x0 [0210.822] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.822] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350 [0210.822] SetEvent (hEvent=0x2b8) returned 1 [0210.823] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ebfc*=0x350, lpdwindex=0x34ea20 | out: lpdwindex=0x34ea20) returned 0x0 [0210.826] CoGetContextToken (in: pToken=0x34ead4 | out: pToken=0x34ead4) returned 0x0 [0210.826] CoGetContextToken (in: pToken=0x34ea34 | out: pToken=0x34ea34) returned 0x0 [0210.827] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9cb0, riid=0x34eb04*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb00 | out: ppvObject=0x34eb00*=0x1e9cb0) returned 0x0 [0210.827] WbemDefPath:IUnknown:AddRef (This=0x1e9cb0) returned 0x3 [0210.827] WbemDefPath:IUnknown:Release (This=0x1e9cb0) returned 0x2 [0210.827] WbemDefPath:IWbemPath:SetText (This=0x1e9cb0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0210.827] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ec78 | out: puCount=0x34ec78*=0x2) returned 0x0 [0210.827] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ec74*=0x0, pszText=0x0 | out: puBuffLength=0x34ec74*=0xf, pszText=0x0) returned 0x0 [0210.827] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ec74*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec74*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.846] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34eb98*=0x364, lpdwindex=0x34ea50 | out: lpdwindex=0x34ea50) returned 0x0 [0210.872] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ec9c | out: puCount=0x34ec9c*=0x2) returned 0x0 [0210.872] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ec98*=0x0, pszText=0x0 | out: puBuffLength=0x34ec98*=0xf, pszText=0x0) returned 0x0 [0210.872] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ec98*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.872] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34eca0*=0x0, pszText=0x0 | out: puBuffLength=0x34eca0*=0x22, pszText=0x0) returned 0x0 [0210.872] WbemDefPath:IWbemPath:GetText (in: This=0x1e9c40, lFlags=2, puBuffLength=0x34eca0*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x34eca0*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0210.873] CoGetContextToken (in: pToken=0x34ea1c | out: pToken=0x34ea1c) returned 0x0 [0210.873] CoGetContextToken (in: pToken=0x34e97c | out: pToken=0x34e97c) returned 0x0 [0210.873] CoGetContextToken (in: pToken=0x34e97c | out: pToken=0x34e97c) returned 0x0 [0210.873] CoGetContextToken (in: pToken=0x34e91c | out: pToken=0x34e91c) returned 0x0 [0210.873] IUnknown:QueryInterface (in: This=0x1a29f0, riid=0x71668ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e8f4 | out: ppvObject=0x34e8f4*=0x1a2a00) returned 0x0 [0210.874] CObjectContext::ContextCallback () returned 0x0 [0210.878] IUnknown:Release (This=0x1a2a00) returned 0x1 [0210.878] CoUnmarshalInterface (in: pStm=0x1ecfd8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34e970 | out: ppv=0x34e970*=0x20103c) returned 0x0 [0210.878] CoMarshalInterface (pStm=0x1ecfd8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x20103c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0210.879] WbemLocator:IUnknown:QueryInterface (in: This=0x20103c, riid=0x34ea4c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x34ea48 | out: ppvObject=0x34ea48*=0x2123c8) returned 0x0 [0210.879] WbemLocator:IUnknown:Release (This=0x20103c) returned 0x1 [0210.880] IWbemServices:GetObject (in: This=0x2123c8, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x34ec54*=0x0, ppCallResult=0x0 | out: ppObject=0x34ec54*=0x23a570, ppCallResult=0x0) returned 0x0 [0210.946] WbemLocator:IUnknown:Release (This=0x2123c8) returned 0x0 [0210.947] IWbemClassObject:Get (in: This=0x23a570, wszName="__PATH", lFlags=0, pVal=0x34ec3c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ece4*=0, plFlavor=0x34ece0*=0 | out: pVal=0x34ec3c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x34ece4*=8, plFlavor=0x34ece0*=64) returned 0x0 [0210.947] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72 [0210.947] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72 [0210.947] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380 [0210.947] SetEvent (hEvent=0x2b8) returned 1 [0210.948] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ebf8*=0x380, lpdwindex=0x34ea1c | out: lpdwindex=0x34ea1c) returned 0x0 [0210.952] CoGetContextToken (in: pToken=0x34eacc | out: pToken=0x34eacc) returned 0x0 [0210.952] CoGetContextToken (in: pToken=0x34ea2c | out: pToken=0x34ea2c) returned 0x0 [0210.952] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d20, riid=0x34eafc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eaf8 | out: ppvObject=0x34eaf8*=0x1e9d20) returned 0x0 [0210.952] WbemDefPath:IUnknown:AddRef (This=0x1e9d20) returned 0x3 [0210.952] WbemDefPath:IUnknown:Release (This=0x1e9d20) returned 0x2 [0210.952] WbemDefPath:IWbemPath:SetText (This=0x1e9d20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0210.952] IWbemClassObject:Get (in: This=0x23a570, wszName="__CLASS", lFlags=0, pVal=0x34ecac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed2c*=0, plFlavor=0x34ed28*=0 | out: pVal=0x34ecac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x34ed2c*=8, plFlavor=0x34ed28*=64) returned 0x0 [0210.953] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0210.953] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0210.953] CoGetContextToken (in: pToken=0x34eaac | out: pToken=0x34eaac) returned 0x0 [0210.953] CoGetContextToken (in: pToken=0x34ea0c | out: pToken=0x34ea0c) returned 0x0 [0210.953] CoGetContextToken (in: pToken=0x34ea0c | out: pToken=0x34ea0c) returned 0x0 [0210.953] CoUnmarshalInterface (in: pStm=0x1ecfd8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34ea00 | out: ppv=0x34ea00*=0x20103c) returned 0x0 [0210.953] CoMarshalInterface (pStm=0x1ecfd8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x20103c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0210.954] WbemLocator:IUnknown:QueryInterface (in: This=0x20103c, riid=0x34eadc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x34ead8 | out: ppvObject=0x34ead8*=0x2124b8) returned 0x0 [0210.954] WbemLocator:IUnknown:Release (This=0x20103c) returned 0x1 [0210.954] IWbemServices:CreateInstanceEnum (in: This=0x2124b8, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x34eca8 | out: ppEnum=0x34eca8*=0x1fad00) returned 0x0 [0210.978] IUnknown:QueryInterface (in: This=0x1fad00, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb10 | out: ppvObject=0x34eb10*=0x1fad04) returned 0x0 [0210.978] IClientSecurity:QueryBlanket (in: This=0x1fad04, pProxy=0x1fad00, pAuthnSvc=0x34eb60, pAuthzSvc=0x34eb5c, pServerPrincName=0x34eb54, pAuthnLevel=0x34eb58, pImpLevel=0x34eb48, pAuthInfo=0x34eb4c, pCapabilites=0x34eb50 | out: pAuthnSvc=0x34eb60*=0xa, pAuthzSvc=0x34eb5c*=0x0, pServerPrincName=0x34eb54, pAuthnLevel=0x34eb58*=0x6, pImpLevel=0x34eb48*=0x2, pAuthInfo=0x34eb4c, pCapabilites=0x34eb50*=0x1) returned 0x0 [0210.978] IUnknown:Release (This=0x1fad04) returned 0x1 [0210.978] IUnknown:QueryInterface (in: This=0x1fad00, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb04 | out: ppvObject=0x34eb04*=0x20112c) returned 0x0 [0210.978] IUnknown:QueryInterface (in: This=0x1fad00, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eaf0 | out: ppvObject=0x34eaf0*=0x1fad04) returned 0x0 [0210.978] IClientSecurity:SetBlanket (This=0x1fad04, pProxy=0x1fad00, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0211.018] IUnknown:Release (This=0x1fad04) returned 0x2 [0211.018] WbemLocator:IUnknown:Release (This=0x20112c) returned 0x1 [0211.018] CoTaskMemFree (pv=0x21a540) [0211.018] IUnknown:AddRef (This=0x1fad00) returned 0x2 [0211.018] CoGetContextToken (in: pToken=0x34e02c | out: pToken=0x34e02c) returned 0x0 [0211.019] CoGetContextToken (in: pToken=0x34e43c | out: pToken=0x34e43c) returned 0x0 [0211.019] IUnknown:QueryInterface (in: This=0x1fad00, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e3d8 | out: ppvObject=0x34e3d8*=0x201114) returned 0x0 [0211.019] WbemLocator:IRpcOptions:Query (in: This=0x201114, pPrx=0x2390f0, dwProperty=2, pdwValue=0x34e4cc | out: pdwValue=0x34e4cc) returned 0x80004002 [0211.019] WbemLocator:IUnknown:Release (This=0x201114) returned 0x2 [0211.019] CoGetContextToken (in: pToken=0x34ea0c | out: pToken=0x34ea0c) returned 0x0 [0211.019] CoGetContextToken (in: pToken=0x34e96c | out: pToken=0x34e96c) returned 0x0 [0211.019] IUnknown:QueryInterface (in: This=0x1fad00, riid=0x34ea3c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e908 | out: ppvObject=0x34e908*=0x1fad00) returned 0x0 [0211.020] IUnknown:Release (This=0x1fad00) returned 0x2 [0211.020] WbemLocator:IUnknown:Release (This=0x2124b8) returned 0x0 [0211.020] SysStringLen (param_1=0x0) returned 0x0 [0211.020] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ece4 | out: puCount=0x34ece4*=0x2) returned 0x0 [0211.020] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ece0*=0x0, pszText=0x0 | out: puBuffLength=0x34ece0*=0xf, pszText=0x0) returned 0x0 [0211.020] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ece0*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ece0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.020] CoGetContextToken (in: pToken=0x34eb2c | out: pToken=0x34eb2c) returned 0x0 [0211.021] IEnumWbemClassObject:Clone (in: This=0x1fad00, ppEnum=0x34ece4 | out: ppEnum=0x34ece4*=0x1fadc8) returned 0x0 [0211.072] IUnknown:QueryInterface (in: This=0x1fadc8, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eba0 | out: ppvObject=0x34eba0*=0x1fadcc) returned 0x0 [0211.072] IClientSecurity:QueryBlanket (in: This=0x1fadcc, pProxy=0x1fadc8, pAuthnSvc=0x34ebf0, pAuthzSvc=0x34ebec, pServerPrincName=0x34ebe4, pAuthnLevel=0x34ebe8, pImpLevel=0x34ebd8, pAuthInfo=0x34ebdc, pCapabilites=0x34ebe0 | out: pAuthnSvc=0x34ebf0*=0xa, pAuthzSvc=0x34ebec*=0x0, pServerPrincName=0x34ebe4, pAuthnLevel=0x34ebe8*=0x6, pImpLevel=0x34ebd8*=0x2, pAuthInfo=0x34ebdc, pCapabilites=0x34ebe0*=0x1) returned 0x0 [0211.072] IUnknown:Release (This=0x1fadcc) returned 0x1 [0211.072] IUnknown:QueryInterface (in: This=0x1fadc8, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb94 | out: ppvObject=0x34eb94*=0x20103c) returned 0x0 [0211.072] IUnknown:QueryInterface (in: This=0x1fadc8, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eb80 | out: ppvObject=0x34eb80*=0x1fadcc) returned 0x0 [0211.072] IClientSecurity:SetBlanket (This=0x1fadcc, pProxy=0x1fadc8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0211.143] IUnknown:Release (This=0x1fadcc) returned 0x2 [0211.143] WbemLocator:IUnknown:Release (This=0x20103c) returned 0x1 [0211.143] CoTaskMemFree (pv=0x21a450) [0211.143] IUnknown:AddRef (This=0x1fadc8) returned 0x2 [0211.144] CoGetContextToken (in: pToken=0x34e0b0 | out: pToken=0x34e0b0) returned 0x0 [0211.144] CoGetContextToken (in: pToken=0x34e4c4 | out: pToken=0x34e4c4) returned 0x0 [0211.144] IUnknown:QueryInterface (in: This=0x1fadc8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e45c | out: ppvObject=0x34e45c*=0x201024) returned 0x0 [0211.144] WbemLocator:IRpcOptions:Query (in: This=0x201024, pPrx=0x239150, dwProperty=2, pdwValue=0x34e550 | out: pdwValue=0x34e550) returned 0x80004002 [0211.144] WbemLocator:IUnknown:Release (This=0x201024) returned 0x2 [0211.145] CoGetContextToken (in: pToken=0x34ea94 | out: pToken=0x34ea94) returned 0x0 [0211.145] CoGetContextToken (in: pToken=0x34e9f4 | out: pToken=0x34e9f4) returned 0x0 [0211.145] IUnknown:QueryInterface (in: This=0x1fadc8, riid=0x34eac4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e990 | out: ppvObject=0x34e990*=0x1fadc8) returned 0x0 [0211.145] IUnknown:Release (This=0x1fadc8) returned 0x2 [0211.145] SysStringLen (param_1=0x0) returned 0x0 [0211.145] IEnumWbemClassObject:Reset (This=0x1fadc8) returned 0x0 [0211.226] CoTaskMemAlloc (cb=0x4) returned 0x23eb80 [0211.227] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23eb80, puReturned=0x2502d3c | out: apObjects=0x23eb80*=0x5275c70, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.405] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5275c70) returned 0x0 [0211.405] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.405] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.406] IUnknown:AddRef (This=0x5275c70) returned 0x3 [0211.406] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.406] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.406] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5275c74) returned 0x0 [0211.406] IMarshal:GetUnmarshalClass (in: This=0x5275c74, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.406] IUnknown:Release (This=0x5275c74) returned 0x3 [0211.406] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.406] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.406] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.406] IUnknown:Release (This=0x5275c70) returned 0x2 [0211.406] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.406] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.406] IUnknown:QueryInterface (in: This=0x5275c70, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5275c70) returned 0x0 [0211.407] IUnknown:AddRef (This=0x5275c70) returned 0x4 [0211.407] IUnknown:Release (This=0x5275c70) returned 0x3 [0211.407] IUnknown:Release (This=0x5275c70) returned 0x2 [0211.407] CoTaskMemFree (pv=0x23eb80) [0211.407] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.407] IUnknown:AddRef (This=0x5275c70) returned 0x3 [0211.407] IWbemClassObject:Get (in: This=0x5275c70, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.408] IWbemClassObject:Get (in: This=0x5275c70, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.408] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82 [0211.408] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82 [0211.409] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384 [0211.409] SetEvent (hEvent=0x2b8) returned 1 [0211.409] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x384, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.413] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.413] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.413] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d90, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x1e9d90) returned 0x0 [0211.413] WbemDefPath:IUnknown:AddRef (This=0x1e9d90) returned 0x3 [0211.413] WbemDefPath:IUnknown:Release (This=0x1e9d90) returned 0x2 [0211.414] WbemDefPath:IWbemPath:SetText (This=0x1e9d90, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0211.417] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.417] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.417] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.420] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.420] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.420] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.420] IWbemClassObject:Get (in: This=0x5275c70, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25035dc*=0, plFlavor=0x25035e0*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25035dc*=11, plFlavor=0x25035e0*=0) returned 0x0 [0211.421] IWbemClassObject:Get (in: This=0x5275c70, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25035dc*=11, plFlavor=0x25035e0*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25035dc*=11, plFlavor=0x25035e0*=0) returned 0x0 [0211.427] IUnknown:Release (This=0x5275c70) returned 0x2 [0211.431] CoTaskMemAlloc (cb=0x4) returned 0x23ebd0 [0211.431] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ebd0, puReturned=0x2502d3c | out: apObjects=0x23ebd0*=0x52760b0, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.433] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x52760b0) returned 0x0 [0211.433] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.433] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.434] IUnknown:AddRef (This=0x52760b0) returned 0x3 [0211.434] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.434] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.434] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x52760b4) returned 0x0 [0211.434] IMarshal:GetUnmarshalClass (in: This=0x52760b4, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.434] IUnknown:Release (This=0x52760b4) returned 0x3 [0211.434] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.434] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.434] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.434] IUnknown:Release (This=0x52760b0) returned 0x2 [0211.435] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.435] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.435] IUnknown:QueryInterface (in: This=0x52760b0, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x52760b0) returned 0x0 [0211.435] IUnknown:AddRef (This=0x52760b0) returned 0x4 [0211.435] IUnknown:Release (This=0x52760b0) returned 0x3 [0211.435] IUnknown:Release (This=0x52760b0) returned 0x2 [0211.435] CoTaskMemFree (pv=0x23ebd0) [0211.435] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.435] IUnknown:AddRef (This=0x52760b0) returned 0x3 [0211.435] IWbemClassObject:Get (in: This=0x52760b0, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.436] IWbemClassObject:Get (in: This=0x52760b0, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.436] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82 [0211.436] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82 [0211.436] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388 [0211.436] SetEvent (hEvent=0x2b8) returned 1 [0211.436] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x388, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.440] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.440] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e00, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x1e9e00) returned 0x0 [0211.440] WbemDefPath:IUnknown:AddRef (This=0x1e9e00) returned 0x3 [0211.440] WbemDefPath:IUnknown:Release (This=0x1e9e00) returned 0x2 [0211.440] WbemDefPath:IWbemPath:SetText (This=0x1e9e00, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0211.440] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.440] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.440] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.441] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.441] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.441] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.441] IWbemClassObject:Get (in: This=0x52760b0, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25040c8*=0, plFlavor=0x25040cc*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25040c8*=11, plFlavor=0x25040cc*=0) returned 0x0 [0211.441] IWbemClassObject:Get (in: This=0x52760b0, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25040c8*=11, plFlavor=0x25040cc*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25040c8*=11, plFlavor=0x25040cc*=0) returned 0x0 [0211.442] IUnknown:Release (This=0x52760b0) returned 0x2 [0211.442] CoTaskMemAlloc (cb=0x4) returned 0x23ec20 [0211.442] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ec20, puReturned=0x2502d3c | out: apObjects=0x23ec20*=0x5276898, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.443] IUnknown:QueryInterface (in: This=0x5276898, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5276898) returned 0x0 [0211.444] IUnknown:QueryInterface (in: This=0x5276898, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.444] IUnknown:QueryInterface (in: This=0x5276898, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.444] IUnknown:AddRef (This=0x5276898) returned 0x3 [0211.444] IUnknown:QueryInterface (in: This=0x5276898, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.444] IUnknown:QueryInterface (in: This=0x5276898, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.444] IUnknown:QueryInterface (in: This=0x5276898, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x527689c) returned 0x0 [0211.444] IMarshal:GetUnmarshalClass (in: This=0x527689c, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.444] IUnknown:Release (This=0x527689c) returned 0x3 [0211.444] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.444] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.444] IUnknown:QueryInterface (in: This=0x5276898, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.444] IUnknown:Release (This=0x5276898) returned 0x2 [0211.444] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.444] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.444] IUnknown:QueryInterface (in: This=0x5276898, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5276898) returned 0x0 [0211.445] IUnknown:AddRef (This=0x5276898) returned 0x4 [0211.445] IUnknown:Release (This=0x5276898) returned 0x3 [0211.445] IUnknown:Release (This=0x5276898) returned 0x2 [0211.445] CoTaskMemFree (pv=0x23ec20) [0211.445] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.445] IUnknown:AddRef (This=0x5276898) returned 0x3 [0211.445] IWbemClassObject:Get (in: This=0x5276898, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.445] IWbemClassObject:Get (in: This=0x5276898, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.445] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82 [0211.446] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82 [0211.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c [0211.446] SetEvent (hEvent=0x2b8) returned 1 [0211.446] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x38c, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.449] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.449] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.449] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e70, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x1e9e70) returned 0x0 [0211.449] WbemDefPath:IUnknown:AddRef (This=0x1e9e70) returned 0x3 [0211.449] WbemDefPath:IUnknown:Release (This=0x1e9e70) returned 0x2 [0211.449] WbemDefPath:IWbemPath:SetText (This=0x1e9e70, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0211.449] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.449] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.449] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.450] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.450] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.450] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.450] IWbemClassObject:Get (in: This=0x5276898, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2504944*=0, plFlavor=0x2504948*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2504944*=11, plFlavor=0x2504948*=0) returned 0x0 [0211.450] IWbemClassObject:Get (in: This=0x5276898, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2504944*=11, plFlavor=0x2504948*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2504944*=11, plFlavor=0x2504948*=0) returned 0x0 [0211.450] IUnknown:Release (This=0x5276898) returned 0x2 [0211.450] CoTaskMemAlloc (cb=0x4) returned 0x23ec70 [0211.450] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ec70, puReturned=0x2502d3c | out: apObjects=0x23ec70*=0x5276bd0, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.451] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5276bd0) returned 0x0 [0211.452] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.452] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.452] IUnknown:AddRef (This=0x5276bd0) returned 0x3 [0211.452] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.452] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.452] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5276bd4) returned 0x0 [0211.452] IMarshal:GetUnmarshalClass (in: This=0x5276bd4, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.452] IUnknown:Release (This=0x5276bd4) returned 0x3 [0211.452] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.452] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.452] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.453] IUnknown:Release (This=0x5276bd0) returned 0x2 [0211.453] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.453] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.453] IUnknown:QueryInterface (in: This=0x5276bd0, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5276bd0) returned 0x0 [0211.453] IUnknown:AddRef (This=0x5276bd0) returned 0x4 [0211.453] IUnknown:Release (This=0x5276bd0) returned 0x3 [0211.453] IUnknown:Release (This=0x5276bd0) returned 0x2 [0211.453] CoTaskMemFree (pv=0x23ec70) [0211.453] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.453] IUnknown:AddRef (This=0x5276bd0) returned 0x3 [0211.453] IWbemClassObject:Get (in: This=0x5276bd0, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.454] IWbemClassObject:Get (in: This=0x5276bd0, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.454] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82 [0211.454] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82 [0211.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390 [0211.454] SetEvent (hEvent=0x2b8) returned 1 [0211.454] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x390, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.457] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.457] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f20, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5276f20) returned 0x0 [0211.457] WbemDefPath:IUnknown:AddRef (This=0x5276f20) returned 0x3 [0211.457] WbemDefPath:IUnknown:Release (This=0x5276f20) returned 0x2 [0211.457] WbemDefPath:IWbemPath:SetText (This=0x5276f20, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0211.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.457] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.457] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.457] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.457] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.458] IWbemClassObject:Get (in: This=0x5276bd0, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25051c0*=0, plFlavor=0x25051c4*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25051c0*=11, plFlavor=0x25051c4*=0) returned 0x0 [0211.458] IWbemClassObject:Get (in: This=0x5276bd0, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25051c0*=11, plFlavor=0x25051c4*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25051c0*=11, plFlavor=0x25051c4*=0) returned 0x0 [0211.458] IUnknown:Release (This=0x5276bd0) returned 0x2 [0211.458] CoTaskMemAlloc (cb=0x4) returned 0x23ecc0 [0211.458] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ecc0, puReturned=0x2502d3c | out: apObjects=0x23ecc0*=0x5277f08, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.459] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5277f08) returned 0x0 [0211.459] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.459] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.460] IUnknown:AddRef (This=0x5277f08) returned 0x3 [0211.460] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.460] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.460] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5277f0c) returned 0x0 [0211.460] IMarshal:GetUnmarshalClass (in: This=0x5277f0c, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.460] IUnknown:Release (This=0x5277f0c) returned 0x3 [0211.460] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.461] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.461] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.461] IUnknown:Release (This=0x5277f08) returned 0x2 [0211.461] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.461] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.461] IUnknown:QueryInterface (in: This=0x5277f08, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5277f08) returned 0x0 [0211.461] IUnknown:AddRef (This=0x5277f08) returned 0x4 [0211.461] IUnknown:Release (This=0x5277f08) returned 0x3 [0211.461] IUnknown:Release (This=0x5277f08) returned 0x2 [0211.461] CoTaskMemFree (pv=0x23ecc0) [0211.461] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.461] IUnknown:AddRef (This=0x5277f08) returned 0x3 [0211.461] IWbemClassObject:Get (in: This=0x5277f08, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.462] IWbemClassObject:Get (in: This=0x5277f08, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.462] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82 [0211.462] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82 [0211.462] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394 [0211.462] SetEvent (hEvent=0x2b8) returned 1 [0211.462] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x394, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.465] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.465] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.465] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f90, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5276f90) returned 0x0 [0211.465] WbemDefPath:IUnknown:AddRef (This=0x5276f90) returned 0x3 [0211.465] WbemDefPath:IUnknown:Release (This=0x5276f90) returned 0x2 [0211.466] WbemDefPath:IWbemPath:SetText (This=0x5276f90, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x0 [0211.466] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.466] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.466] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.466] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.466] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.466] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.466] IWbemClassObject:Get (in: This=0x5277f08, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2505a3c*=0, plFlavor=0x2505a40*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2505a3c*=11, plFlavor=0x2505a40*=0) returned 0x0 [0211.466] IWbemClassObject:Get (in: This=0x5277f08, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2505a3c*=11, plFlavor=0x2505a40*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2505a3c*=11, plFlavor=0x2505a40*=0) returned 0x0 [0211.466] IUnknown:Release (This=0x5277f08) returned 0x2 [0211.466] CoTaskMemAlloc (cb=0x4) returned 0x23ed10 [0211.467] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ed10, puReturned=0x2502d3c | out: apObjects=0x23ed10*=0x5275e08, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.468] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5275e08) returned 0x0 [0211.468] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.468] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.468] IUnknown:AddRef (This=0x5275e08) returned 0x3 [0211.468] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.468] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.468] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5275e0c) returned 0x0 [0211.468] IMarshal:GetUnmarshalClass (in: This=0x5275e0c, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.468] IUnknown:Release (This=0x5275e0c) returned 0x3 [0211.468] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.468] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.469] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.469] IUnknown:Release (This=0x5275e08) returned 0x2 [0211.469] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.469] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.469] IUnknown:QueryInterface (in: This=0x5275e08, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5275e08) returned 0x0 [0211.469] IUnknown:AddRef (This=0x5275e08) returned 0x4 [0211.469] IUnknown:Release (This=0x5275e08) returned 0x3 [0211.469] IUnknown:Release (This=0x5275e08) returned 0x2 [0211.469] CoTaskMemFree (pv=0x23ed10) [0211.469] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.469] IUnknown:AddRef (This=0x5275e08) returned 0x3 [0211.469] IWbemClassObject:Get (in: This=0x5275e08, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.470] IWbemClassObject:Get (in: This=0x5275e08, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.470] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82 [0211.470] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82 [0211.470] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0211.470] SetEvent (hEvent=0x2b8) returned 1 [0211.470] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x398, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.473] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.473] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.473] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277000, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5277000) returned 0x0 [0211.473] WbemDefPath:IUnknown:AddRef (This=0x5277000) returned 0x3 [0211.473] WbemDefPath:IUnknown:Release (This=0x5277000) returned 0x2 [0211.473] WbemDefPath:IWbemPath:SetText (This=0x5277000, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x0 [0211.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.474] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.474] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.474] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.474] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.474] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.474] IWbemClassObject:Get (in: This=0x5275e08, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25062c4*=0, plFlavor=0x25062c8*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25062c4*=11, plFlavor=0x25062c8*=0) returned 0x0 [0211.474] IWbemClassObject:Get (in: This=0x5275e08, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25062c4*=11, plFlavor=0x25062c8*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25062c4*=11, plFlavor=0x25062c8*=0) returned 0x0 [0211.474] IUnknown:Release (This=0x5275e08) returned 0x2 [0211.474] CoTaskMemAlloc (cb=0x4) returned 0x23ed60 [0211.474] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ed60, puReturned=0x2502d3c | out: apObjects=0x23ed60*=0x5278a40, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.475] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5278a40) returned 0x0 [0211.476] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.476] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.476] IUnknown:AddRef (This=0x5278a40) returned 0x3 [0211.476] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.476] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.476] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5278a44) returned 0x0 [0211.476] IMarshal:GetUnmarshalClass (in: This=0x5278a44, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.476] IUnknown:Release (This=0x5278a44) returned 0x3 [0211.476] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.476] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.476] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.477] IUnknown:Release (This=0x5278a40) returned 0x2 [0211.477] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.477] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.477] IUnknown:QueryInterface (in: This=0x5278a40, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5278a40) returned 0x0 [0211.477] IUnknown:AddRef (This=0x5278a40) returned 0x4 [0211.477] IUnknown:Release (This=0x5278a40) returned 0x3 [0211.477] IUnknown:Release (This=0x5278a40) returned 0x2 [0211.477] CoTaskMemFree (pv=0x23ed60) [0211.477] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.477] IUnknown:AddRef (This=0x5278a40) returned 0x3 [0211.477] IWbemClassObject:Get (in: This=0x5278a40, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.478] IWbemClassObject:Get (in: This=0x5278a40, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.478] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82 [0211.478] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82 [0211.478] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c [0211.478] SetEvent (hEvent=0x2b8) returned 1 [0211.478] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x39c, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.481] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.481] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277070, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5277070) returned 0x0 [0211.481] WbemDefPath:IUnknown:AddRef (This=0x5277070) returned 0x3 [0211.481] WbemDefPath:IUnknown:Release (This=0x5277070) returned 0x2 [0211.482] WbemDefPath:IWbemPath:SetText (This=0x5277070, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x0 [0211.482] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.482] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.482] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.482] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.482] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.482] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.482] IWbemClassObject:Get (in: This=0x5278a40, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2506b40*=0, plFlavor=0x2506b44*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2506b40*=11, plFlavor=0x2506b44*=0) returned 0x0 [0211.482] IWbemClassObject:Get (in: This=0x5278a40, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2506b40*=11, plFlavor=0x2506b44*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2506b40*=11, plFlavor=0x2506b44*=0) returned 0x0 [0211.482] IUnknown:Release (This=0x5278a40) returned 0x2 [0211.482] CoTaskMemAlloc (cb=0x4) returned 0x23edb0 [0211.483] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23edb0, puReturned=0x2502d3c | out: apObjects=0x23edb0*=0x5273f78, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.486] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5273f78) returned 0x0 [0211.486] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.486] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.486] IUnknown:AddRef (This=0x5273f78) returned 0x3 [0211.486] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.486] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.486] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5273f7c) returned 0x0 [0211.486] IMarshal:GetUnmarshalClass (in: This=0x5273f7c, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.486] IUnknown:Release (This=0x5273f7c) returned 0x3 [0211.486] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.486] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.486] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.487] IUnknown:Release (This=0x5273f78) returned 0x2 [0211.487] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.487] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.487] IUnknown:QueryInterface (in: This=0x5273f78, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5273f78) returned 0x0 [0211.487] IUnknown:AddRef (This=0x5273f78) returned 0x4 [0211.487] IUnknown:Release (This=0x5273f78) returned 0x3 [0211.487] IUnknown:Release (This=0x5273f78) returned 0x2 [0211.487] CoTaskMemFree (pv=0x23edb0) [0211.487] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.487] IUnknown:AddRef (This=0x5273f78) returned 0x3 [0211.487] IWbemClassObject:Get (in: This=0x5273f78, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.487] IWbemClassObject:Get (in: This=0x5273f78, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.488] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82 [0211.488] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82 [0211.488] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0 [0211.488] SetEvent (hEvent=0x2b8) returned 1 [0211.488] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3a0, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.491] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.491] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.491] WbemDefPath:IUnknown:QueryInterface (in: This=0x52770e0, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x52770e0) returned 0x0 [0211.491] WbemDefPath:IUnknown:AddRef (This=0x52770e0) returned 0x3 [0211.491] WbemDefPath:IUnknown:Release (This=0x52770e0) returned 0x2 [0211.491] WbemDefPath:IWbemPath:SetText (This=0x52770e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x0 [0211.491] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.491] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.491] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.491] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.491] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.492] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.492] IWbemClassObject:Get (in: This=0x5273f78, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25073bc*=0, plFlavor=0x25073c0*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25073bc*=11, plFlavor=0x25073c0*=0) returned 0x0 [0211.492] IWbemClassObject:Get (in: This=0x5273f78, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25073bc*=11, plFlavor=0x25073c0*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25073bc*=11, plFlavor=0x25073c0*=0) returned 0x0 [0211.492] IUnknown:Release (This=0x5273f78) returned 0x2 [0211.492] CoTaskMemAlloc (cb=0x4) returned 0x23ee00 [0211.492] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ee00, puReturned=0x2502d3c | out: apObjects=0x23ee00*=0x52749b8, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.494] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x52749b8) returned 0x0 [0211.494] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.494] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.494] IUnknown:AddRef (This=0x52749b8) returned 0x3 [0211.494] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.494] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.494] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x52749bc) returned 0x0 [0211.494] IMarshal:GetUnmarshalClass (in: This=0x52749bc, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.494] IUnknown:Release (This=0x52749bc) returned 0x3 [0211.494] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.495] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.495] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.495] IUnknown:Release (This=0x52749b8) returned 0x2 [0211.495] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.495] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.495] IUnknown:QueryInterface (in: This=0x52749b8, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x52749b8) returned 0x0 [0211.495] IUnknown:AddRef (This=0x52749b8) returned 0x4 [0211.495] IUnknown:Release (This=0x52749b8) returned 0x3 [0211.495] IUnknown:Release (This=0x52749b8) returned 0x2 [0211.495] CoTaskMemFree (pv=0x23ee00) [0211.495] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.495] IUnknown:AddRef (This=0x52749b8) returned 0x3 [0211.495] IWbemClassObject:Get (in: This=0x52749b8, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.496] IWbemClassObject:Get (in: This=0x52749b8, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.496] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82 [0211.496] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82 [0211.496] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0211.496] SetEvent (hEvent=0x2b8) returned 1 [0211.496] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3a4, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.500] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.500] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.500] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277150, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5277150) returned 0x0 [0211.500] WbemDefPath:IUnknown:AddRef (This=0x5277150) returned 0x3 [0211.500] WbemDefPath:IUnknown:Release (This=0x5277150) returned 0x2 [0211.500] WbemDefPath:IWbemPath:SetText (This=0x5277150, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x0 [0211.500] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.500] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.500] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.500] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.500] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.500] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.500] IWbemClassObject:Get (in: This=0x52749b8, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2507c38*=0, plFlavor=0x2507c3c*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2507c38*=11, plFlavor=0x2507c3c*=0) returned 0x0 [0211.501] IWbemClassObject:Get (in: This=0x52749b8, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2507c38*=11, plFlavor=0x2507c3c*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2507c38*=11, plFlavor=0x2507c3c*=0) returned 0x0 [0211.501] IUnknown:Release (This=0x52749b8) returned 0x2 [0211.501] CoTaskMemAlloc (cb=0x4) returned 0x23ee50 [0211.501] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23ee50, puReturned=0x2502d3c | out: apObjects=0x23ee50*=0x5274cf0, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.502] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5274cf0) returned 0x0 [0211.503] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.503] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.503] IUnknown:AddRef (This=0x5274cf0) returned 0x3 [0211.503] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.503] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.503] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5274cf4) returned 0x0 [0211.503] IMarshal:GetUnmarshalClass (in: This=0x5274cf4, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.503] IUnknown:Release (This=0x5274cf4) returned 0x3 [0211.503] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.503] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.503] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.503] IUnknown:Release (This=0x5274cf0) returned 0x2 [0211.503] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.504] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.504] IUnknown:QueryInterface (in: This=0x5274cf0, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5274cf0) returned 0x0 [0211.504] IUnknown:AddRef (This=0x5274cf0) returned 0x4 [0211.504] IUnknown:Release (This=0x5274cf0) returned 0x3 [0211.504] IUnknown:Release (This=0x5274cf0) returned 0x2 [0211.504] CoTaskMemFree (pv=0x23ee50) [0211.504] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.504] IUnknown:AddRef (This=0x5274cf0) returned 0x3 [0211.504] IWbemClassObject:Get (in: This=0x5274cf0, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.505] IWbemClassObject:Get (in: This=0x5274cf0, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.505] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82 [0211.505] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82 [0211.505] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0211.505] SetEvent (hEvent=0x2b8) returned 1 [0211.505] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3a8, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.509] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.509] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.509] WbemDefPath:IUnknown:QueryInterface (in: This=0x52771c0, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x52771c0) returned 0x0 [0211.509] WbemDefPath:IUnknown:AddRef (This=0x52771c0) returned 0x3 [0211.509] WbemDefPath:IUnknown:Release (This=0x52771c0) returned 0x2 [0211.509] WbemDefPath:IWbemPath:SetText (This=0x52771c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x0 [0211.509] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.509] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.509] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.509] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.509] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.509] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.509] IWbemClassObject:Get (in: This=0x5274cf0, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25084c0*=0, plFlavor=0x25084c4*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25084c0*=11, plFlavor=0x25084c4*=0) returned 0x0 [0211.510] IWbemClassObject:Get (in: This=0x5274cf0, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25084c0*=11, plFlavor=0x25084c4*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25084c0*=11, plFlavor=0x25084c4*=0) returned 0x0 [0211.510] IUnknown:Release (This=0x5274cf0) returned 0x2 [0211.510] CoTaskMemAlloc (cb=0x4) returned 0x23eea0 [0211.510] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x23eea0, puReturned=0x2502d3c | out: apObjects=0x23eea0*=0x52754d8, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.511] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x52754d8) returned 0x0 [0211.511] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.512] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.512] IUnknown:AddRef (This=0x52754d8) returned 0x3 [0211.512] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.512] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.512] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x52754dc) returned 0x0 [0211.512] IMarshal:GetUnmarshalClass (in: This=0x52754dc, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.512] IUnknown:Release (This=0x52754dc) returned 0x3 [0211.512] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.512] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.512] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.512] IUnknown:Release (This=0x52754d8) returned 0x2 [0211.512] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.513] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.513] IUnknown:QueryInterface (in: This=0x52754d8, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x52754d8) returned 0x0 [0211.513] IUnknown:AddRef (This=0x52754d8) returned 0x4 [0211.513] IUnknown:Release (This=0x52754d8) returned 0x3 [0211.513] IUnknown:Release (This=0x52754d8) returned 0x2 [0211.513] CoTaskMemFree (pv=0x23eea0) [0211.513] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.513] IUnknown:AddRef (This=0x52754d8) returned 0x3 [0211.513] IWbemClassObject:Get (in: This=0x52754d8, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.514] IWbemClassObject:Get (in: This=0x52754d8, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.514] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84 [0211.514] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84 [0211.514] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac [0211.514] SetEvent (hEvent=0x2b8) returned 1 [0211.515] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3ac, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.518] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.518] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277230, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5277230) returned 0x0 [0211.518] WbemDefPath:IUnknown:AddRef (This=0x5277230) returned 0x3 [0211.518] WbemDefPath:IUnknown:Release (This=0x5277230) returned 0x2 [0211.518] WbemDefPath:IWbemPath:SetText (This=0x5277230, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x0 [0211.518] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.518] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.518] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.518] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.518] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.518] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.519] IWbemClassObject:Get (in: This=0x52754d8, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2508d40*=0, plFlavor=0x2508d44*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2508d40*=11, plFlavor=0x2508d44*=0) returned 0x0 [0211.519] IWbemClassObject:Get (in: This=0x52754d8, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2508d40*=11, plFlavor=0x2508d44*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2508d40*=11, plFlavor=0x2508d44*=0) returned 0x0 [0211.519] IUnknown:Release (This=0x52754d8) returned 0x2 [0211.519] CoTaskMemAlloc (cb=0x4) returned 0x5275130 [0211.519] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x5275130, puReturned=0x2502d3c | out: apObjects=0x5275130*=0x5275898, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.521] IUnknown:QueryInterface (in: This=0x5275898, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5275898) returned 0x0 [0211.521] IUnknown:QueryInterface (in: This=0x5275898, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.521] IUnknown:QueryInterface (in: This=0x5275898, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.521] IUnknown:AddRef (This=0x5275898) returned 0x3 [0211.521] IUnknown:QueryInterface (in: This=0x5275898, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.521] IUnknown:QueryInterface (in: This=0x5275898, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.521] IUnknown:QueryInterface (in: This=0x5275898, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x527589c) returned 0x0 [0211.521] IMarshal:GetUnmarshalClass (in: This=0x527589c, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.521] IUnknown:Release (This=0x527589c) returned 0x3 [0211.521] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.522] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.522] IUnknown:QueryInterface (in: This=0x5275898, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.522] IUnknown:Release (This=0x5275898) returned 0x2 [0211.522] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.522] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.522] IUnknown:QueryInterface (in: This=0x5275898, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5275898) returned 0x0 [0211.522] IUnknown:AddRef (This=0x5275898) returned 0x4 [0211.522] IUnknown:Release (This=0x5275898) returned 0x3 [0211.522] IUnknown:Release (This=0x5275898) returned 0x2 [0211.522] CoTaskMemFree (pv=0x5275130) [0211.522] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.522] IUnknown:AddRef (This=0x5275898) returned 0x3 [0211.522] IWbemClassObject:Get (in: This=0x5275898, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.523] IWbemClassObject:Get (in: This=0x5275898, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.523] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84 [0211.523] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84 [0211.523] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0 [0211.523] SetEvent (hEvent=0x2b8) returned 1 [0211.524] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3b0, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.527] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.527] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.527] WbemDefPath:IUnknown:QueryInterface (in: This=0x52772a0, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x52772a0) returned 0x0 [0211.527] WbemDefPath:IUnknown:AddRef (This=0x52772a0) returned 0x3 [0211.527] WbemDefPath:IUnknown:Release (This=0x52772a0) returned 0x2 [0211.527] WbemDefPath:IWbemPath:SetText (This=0x52772a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x0 [0211.527] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.527] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.527] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.527] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.528] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.528] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.528] IWbemClassObject:Get (in: This=0x5275898, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25095c0*=0, plFlavor=0x25095c4*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25095c0*=11, plFlavor=0x25095c4*=0) returned 0x0 [0211.528] IWbemClassObject:Get (in: This=0x5275898, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25095c0*=11, plFlavor=0x25095c4*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25095c0*=11, plFlavor=0x25095c4*=0) returned 0x0 [0211.528] IUnknown:Release (This=0x5275898) returned 0x2 [0211.528] CoTaskMemAlloc (cb=0x4) returned 0x5275180 [0211.528] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x5275180, puReturned=0x2502d3c | out: apObjects=0x5275180*=0x5282900, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.531] IUnknown:QueryInterface (in: This=0x5282900, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5282900) returned 0x0 [0211.531] IUnknown:QueryInterface (in: This=0x5282900, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.531] IUnknown:QueryInterface (in: This=0x5282900, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.531] IUnknown:AddRef (This=0x5282900) returned 0x3 [0211.531] IUnknown:QueryInterface (in: This=0x5282900, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.531] IUnknown:QueryInterface (in: This=0x5282900, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.531] IUnknown:QueryInterface (in: This=0x5282900, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5282904) returned 0x0 [0211.532] IMarshal:GetUnmarshalClass (in: This=0x5282904, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.532] IUnknown:Release (This=0x5282904) returned 0x3 [0211.532] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.532] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.532] IUnknown:QueryInterface (in: This=0x5282900, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.532] IUnknown:Release (This=0x5282900) returned 0x2 [0211.532] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.532] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.532] IUnknown:QueryInterface (in: This=0x5282900, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5282900) returned 0x0 [0211.532] IUnknown:AddRef (This=0x5282900) returned 0x4 [0211.532] IUnknown:Release (This=0x5282900) returned 0x3 [0211.532] IUnknown:Release (This=0x5282900) returned 0x2 [0211.532] CoTaskMemFree (pv=0x5275180) [0211.532] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.532] IUnknown:AddRef (This=0x5282900) returned 0x3 [0211.533] IWbemClassObject:Get (in: This=0x5282900, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.533] IWbemClassObject:Get (in: This=0x5282900, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.533] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84 [0211.533] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84 [0211.533] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0211.533] SetEvent (hEvent=0x2b8) returned 1 [0211.534] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3b4, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.537] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.537] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277310, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5277310) returned 0x0 [0211.537] WbemDefPath:IUnknown:AddRef (This=0x5277310) returned 0x3 [0211.537] WbemDefPath:IUnknown:Release (This=0x5277310) returned 0x2 [0211.537] WbemDefPath:IWbemPath:SetText (This=0x5277310, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x0 [0211.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.537] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.537] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.537] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.537] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.537] IWbemClassObject:Get (in: This=0x5282900, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2509e40*=0, plFlavor=0x2509e44*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2509e40*=11, plFlavor=0x2509e44*=0) returned 0x0 [0211.538] IWbemClassObject:Get (in: This=0x5282900, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2509e40*=11, plFlavor=0x2509e44*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2509e40*=11, plFlavor=0x2509e44*=0) returned 0x0 [0211.538] IUnknown:Release (This=0x5282900) returned 0x2 [0211.538] CoTaskMemAlloc (cb=0x4) returned 0x52751d0 [0211.538] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x52751d0, puReturned=0x2502d3c | out: apObjects=0x52751d0*=0x5282a98, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.544] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5282a98) returned 0x0 [0211.545] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.545] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.545] IUnknown:AddRef (This=0x5282a98) returned 0x3 [0211.545] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.545] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.545] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5282a9c) returned 0x0 [0211.545] IMarshal:GetUnmarshalClass (in: This=0x5282a9c, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.545] IUnknown:Release (This=0x5282a9c) returned 0x3 [0211.545] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.546] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.546] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.546] IUnknown:Release (This=0x5282a98) returned 0x2 [0211.546] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.546] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.546] IUnknown:QueryInterface (in: This=0x5282a98, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5282a98) returned 0x0 [0211.546] IUnknown:AddRef (This=0x5282a98) returned 0x4 [0211.546] IUnknown:Release (This=0x5282a98) returned 0x3 [0211.546] IUnknown:Release (This=0x5282a98) returned 0x2 [0211.546] CoTaskMemFree (pv=0x52751d0) [0211.546] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.546] IUnknown:AddRef (This=0x5282a98) returned 0x3 [0211.546] IWbemClassObject:Get (in: This=0x5282a98, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.547] IWbemClassObject:Get (in: This=0x5282a98, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.547] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x84 [0211.547] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x84 [0211.548] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0211.548] SetEvent (hEvent=0x2b8) returned 1 [0211.548] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3b8, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.552] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.552] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277380, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x5277380) returned 0x0 [0211.552] WbemDefPath:IUnknown:AddRef (This=0x5277380) returned 0x3 [0211.552] WbemDefPath:IUnknown:Release (This=0x5277380) returned 0x2 [0211.553] WbemDefPath:IWbemPath:SetText (This=0x5277380, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x0 [0211.553] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.553] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.553] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.553] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.553] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.553] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.553] IWbemClassObject:Get (in: This=0x5282a98, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250a6cc*=0, plFlavor=0x250a6d0*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250a6cc*=11, plFlavor=0x250a6d0*=0) returned 0x0 [0211.554] IWbemClassObject:Get (in: This=0x5282a98, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250a6cc*=11, plFlavor=0x250a6d0*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250a6cc*=11, plFlavor=0x250a6d0*=0) returned 0x0 [0211.554] IUnknown:Release (This=0x5282a98) returned 0x2 [0211.554] CoTaskMemAlloc (cb=0x4) returned 0x5275220 [0211.555] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x5275220, puReturned=0x2502d3c | out: apObjects=0x5275220*=0x5282c30, puReturned=0x2502d3c*=0x1) returned 0x0 [0211.556] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e33c | out: ppvObject=0x34e33c*=0x5282c30) returned 0x0 [0211.557] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e2f0 | out: ppvObject=0x34e2f0*=0x0) returned 0x80004002 [0211.557] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e118 | out: ppvObject=0x34e118*=0x0) returned 0x80004002 [0211.557] IUnknown:AddRef (This=0x5282c30) returned 0x3 [0211.557] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dc4c | out: ppvObject=0x34dc4c*=0x0) returned 0x80004002 [0211.557] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34dbfc | out: ppvObject=0x34dbfc*=0x0) returned 0x80004002 [0211.557] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34dc08 | out: ppvObject=0x34dc08*=0x5282c34) returned 0x0 [0211.557] IMarshal:GetUnmarshalClass (in: This=0x5282c34, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34dc10 | out: pCid=0x34dc10*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0211.557] IUnknown:Release (This=0x5282c34) returned 0x3 [0211.558] CoGetContextToken (in: pToken=0x34dc68 | out: pToken=0x34dc68) returned 0x0 [0211.558] CoGetContextToken (in: pToken=0x34e07c | out: pToken=0x34e07c) returned 0x0 [0211.558] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e0fc | out: ppvObject=0x34e0fc*=0x0) returned 0x80004002 [0211.558] IUnknown:Release (This=0x5282c30) returned 0x2 [0211.558] CoGetContextToken (in: pToken=0x34e664 | out: pToken=0x34e664) returned 0x0 [0211.558] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0211.558] IUnknown:QueryInterface (in: This=0x5282c30, riid=0x34e694*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e690 | out: ppvObject=0x34e690*=0x5282c30) returned 0x0 [0211.558] IUnknown:AddRef (This=0x5282c30) returned 0x4 [0211.558] IUnknown:Release (This=0x5282c30) returned 0x3 [0211.558] IUnknown:Release (This=0x5282c30) returned 0x2 [0211.558] CoTaskMemFree (pv=0x5275220) [0211.558] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0211.558] IUnknown:AddRef (This=0x5282c30) returned 0x3 [0211.559] IWbemClassObject:Get (in: This=0x5282c30, wszName="__GENUS", lFlags=0, pVal=0x34ecd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed54*=0, plFlavor=0x34ed50*=0 | out: pVal=0x34ecd4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ed54*=3, plFlavor=0x34ed50*=64) returned 0x0 [0211.559] IWbemClassObject:Get (in: This=0x5282c30, wszName="__PATH", lFlags=0, pVal=0x34ecb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ed3c*=0, plFlavor=0x34ed38*=0 | out: pVal=0x34ecb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14", varVal2=0x0), pType=0x34ed3c*=8, plFlavor=0x34ed38*=64) returned 0x0 [0211.559] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14") returned 0x84 [0211.559] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14") returned 0x84 [0211.560] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3bc [0211.560] SetEvent (hEvent=0x2b8) returned 1 [0211.560] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec90*=0x3bc, lpdwindex=0x34eab4 | out: lpdwindex=0x34eab4) returned 0x0 [0211.564] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0211.564] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0211.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x52773f0, riid=0x34eb94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb90 | out: ppvObject=0x34eb90*=0x52773f0) returned 0x0 [0211.565] WbemDefPath:IUnknown:AddRef (This=0x52773f0) returned 0x3 [0211.565] WbemDefPath:IUnknown:Release (This=0x52773f0) returned 0x2 [0211.565] WbemDefPath:IWbemPath:SetText (This=0x52773f0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14") returned 0x0 [0211.565] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ed10 | out: puCount=0x34ed10*=0x2) returned 0x0 [0211.565] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x34ed0c*=0xf, pszText=0x0) returned 0x0 [0211.565] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.565] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.565] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.565] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.565] IWbemClassObject:Get (in: This=0x5282c30, wszName="IPEnabled", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250af4c*=0, plFlavor=0x250af50*=0 | out: pVal=0x34ecd8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x250af4c*=11, plFlavor=0x250af50*=0) returned 0x0 [0211.566] IWbemClassObject:Get (in: This=0x5282c30, wszName="IPEnabled", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250af4c*=11, plFlavor=0x250af50*=0 | out: pVal=0x34ece0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x250af4c*=11, plFlavor=0x250af50*=0) returned 0x0 [0211.579] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x34ecdc | out: puCount=0x34ecdc*=0x2) returned 0x0 [0211.579] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0x0, pszText=0x0 | out: puBuffLength=0x34ecd8*=0xf, pszText=0x0) returned 0x0 [0211.579] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=4, puBuffLength=0x34ecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.580] IWbemClassObject:Get (in: This=0x5282c30, wszName="MacAddress", lFlags=0, pVal=0x34ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250afe8*=0, plFlavor=0x250afec*=0 | out: pVal=0x34ecd8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:25:60:FD:B5:57", varVal2=0x0), pType=0x250afe8*=8, plFlavor=0x250afec*=0) returned 0x0 [0211.580] SysStringByteLen (bstr="00:25:60:FD:B5:57") returned 0x22 [0211.580] SysStringByteLen (bstr="00:25:60:FD:B5:57") returned 0x22 [0211.580] IWbemClassObject:Get (in: This=0x5282c30, wszName="MacAddress", lFlags=0, pVal=0x34ece0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x250afe8*=8, plFlavor=0x250afec*=0 | out: pVal=0x34ece0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:25:60:FD:B5:57", varVal2=0x0), pType=0x250afe8*=8, plFlavor=0x250afec*=0) returned 0x0 [0211.580] SysStringByteLen (bstr="00:25:60:FD:B5:57") returned 0x22 [0211.580] SysStringByteLen (bstr="00:25:60:FD:B5:57") returned 0x22 [0211.580] IUnknown:Release (This=0x5282c30) returned 0x2 [0211.581] CoTaskMemAlloc (cb=0x4) returned 0x5275270 [0211.581] IEnumWbemClassObject:Next (in: This=0x1fadc8, lTimeout=-1, uCount=0x1, apObjects=0x5275270, puReturned=0x2502d3c | out: apObjects=0x5275270*=0x0, puReturned=0x2502d3c*=0x0) returned 0x1 [0211.582] CoTaskMemFree (pv=0x5275270) [0211.582] CoGetContextToken (in: pToken=0x34ec08 | out: pToken=0x34ec08) returned 0x0 [0211.582] IUnknown:Release (This=0x1fadc8) returned 0x1 [0211.582] IUnknown:Release (This=0x1fadc8) returned 0x0 [0211.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e804, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0211.642] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x34eb94, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0211.660] GetUserNameW (in: lpBuffer=0x34eb44, pcbBuffer=0x250c064 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x250c064) returned 1 [0211.678] GetComputerNameW (in: lpBuffer=0x34eb44, nSize=0x250c4d8 | out: lpBuffer="Q9IATRKPRH", nSize=0x250c4d8) returned 1 [0211.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x34e770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0211.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x34e6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0211.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x34e68c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0211.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x34e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0211.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e930) returned 1 [0211.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x34ebf4 | out: lpFileInformation=0x34ebf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0211.723] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e92c) returned 1 [0211.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x34e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0211.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34eb54) returned 1 [0211.725] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3c4 [0211.725] GetFileType (hFile=0x3c4) returned 0x1 [0211.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34eb50) returned 1 [0211.725] GetFileType (hFile=0x3c4) returned 0x1 [0211.732] GetFileSize (in: hFile=0x3c4, lpFileSizeHigh=0x34eb80 | out: lpFileSizeHigh=0x34eb80*=0x0) returned 0x8c8e [0211.733] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34eb3c, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34eb3c*=0x1000, lpOverlapped=0x0) returned 1 [0211.739] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34eaf0, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34eaf0*=0x1000, lpOverlapped=0x0) returned 1 [0211.739] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34ea6c, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34ea6c*=0x1000, lpOverlapped=0x0) returned 1 [0211.739] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34ea6c, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34ea6c*=0x1000, lpOverlapped=0x0) returned 1 [0211.740] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34ea6c, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34ea6c*=0x1000, lpOverlapped=0x0) returned 1 [0211.740] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34ea6c, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34ea6c*=0x1000, lpOverlapped=0x0) returned 1 [0211.740] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34eaec, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34eaec*=0x1000, lpOverlapped=0x0) returned 1 [0211.741] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34ea6c, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34ea6c*=0x1000, lpOverlapped=0x0) returned 1 [0211.741] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34ea6c, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34ea6c*=0xc8e, lpOverlapped=0x0) returned 1 [0211.741] ReadFile (in: hFile=0x3c4, lpBuffer=0x250d8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34eb18, lpOverlapped=0x0 | out: lpBuffer=0x250d8bc*, lpNumberOfBytesRead=0x34eb18*=0x0, lpOverlapped=0x0) returned 1 [0211.742] CloseHandle (hObject=0x3c4) returned 1 [0211.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x34e688, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0211.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x34e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0211.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e92c) returned 1 [0211.743] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x34ebf0 | out: lpFileInformation=0x34ebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6823800, ftCreationTime.dwHighDateTime=0x1cd5d46, ftLastAccessTime.dwLowDateTime=0x70169cf0, ftLastAccessTime.dwHighDateTime=0x1d706ad, ftLastWriteTime.dwLowDateTime=0xe6823800, ftLastWriteTime.dwHighDateTime=0x1cd5d46, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0211.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e928) returned 1 [0211.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x34e638, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0211.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34eb50) returned 1 [0211.744] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3c4 [0211.744] GetFileType (hFile=0x3c4) returned 0x1 [0211.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34eb4c) returned 1 [0211.744] GetFileType (hFile=0x3c4) returned 0x1 [0211.745] GetFileSize (in: hFile=0x3c4, lpFileSizeHigh=0x34eb7c | out: lpFileSizeHigh=0x34eb7c*=0x0) returned 0xb6 [0211.745] ReadFile (in: hFile=0x3c4, lpBuffer=0x2514220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34eb38, lpOverlapped=0x0 | out: lpBuffer=0x2514220*, lpNumberOfBytesRead=0x34eb38*=0xb6, lpOverlapped=0x0) returned 1 [0211.746] ReadFile (in: hFile=0x3c4, lpBuffer=0x2514220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x34eb14, lpOverlapped=0x0 | out: lpBuffer=0x2514220*, lpNumberOfBytesRead=0x34eb14*=0x0, lpOverlapped=0x0) returned 1 [0211.747] CloseHandle (hObject=0x3c4) returned 1 [0211.762] EtwEventRegister () returned 0x0 [0212.050] GetTimeZoneInformation (in: lpTimeZoneInformation=0x34eba0 | out: lpTimeZoneInformation=0x34eba0) returned 0x2 [0212.073] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x34e9fc | out: pTimeZoneInformation=0x34e9fc) returned 0x2 [0212.075] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x34eae0 | out: phkResult=0x34eae0*=0x410) returned 0x0 [0212.076] RegQueryValueExW (in: hKey=0x410, lpValueName="TZI", lpReserved=0x0, lpType=0x34eafc, lpData=0x0, lpcbData=0x34eaf8*=0x0 | out: lpType=0x34eafc*=0x3, lpData=0x0, lpcbData=0x34eaf8*=0x2c) returned 0x0 [0212.076] RegQueryValueExW (in: hKey=0x410, lpValueName="TZI", lpReserved=0x0, lpType=0x34eafc, lpData=0x251fa08, lpcbData=0x34eaf8*=0x2c | out: lpType=0x34eafc*=0x3, lpData=0x251fa08*, lpcbData=0x34eaf8*=0x2c) returned 0x0 [0212.077] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e934 | out: phkResult=0x34e934*=0x0) returned 0x2 [0212.077] RegQueryValueExW (in: hKey=0x410, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x34ead4, lpData=0x0, lpcbData=0x34ead0*=0x0 | out: lpType=0x34ead4*=0x1, lpData=0x0, lpcbData=0x34ead0*=0x20) returned 0x0 [0212.077] RegQueryValueExW (in: hKey=0x410, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x34ead4, lpData=0x251fe2c, lpcbData=0x34ead0*=0x20 | out: lpType=0x34ead4*=0x1, lpData="@tzres.dll,-320", lpcbData=0x34ead0*=0x20) returned 0x0 [0212.078] RegQueryValueExW (in: hKey=0x410, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x34ead4, lpData=0x0, lpcbData=0x34ead0*=0x0 | out: lpType=0x34ead4*=0x1, lpData=0x0, lpcbData=0x34ead0*=0x20) returned 0x0 [0212.078] RegQueryValueExW (in: hKey=0x410, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x34ead4, lpData=0x251fe84, lpcbData=0x34ead0*=0x20 | out: lpType=0x34ead4*=0x1, lpData="@tzres.dll,-322", lpcbData=0x34ead0*=0x20) returned 0x0 [0212.078] RegQueryValueExW (in: hKey=0x410, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x34ead4, lpData=0x0, lpcbData=0x34ead0*=0x0 | out: lpType=0x34ead4*=0x1, lpData=0x0, lpcbData=0x34ead0*=0x20) returned 0x0 [0212.078] RegQueryValueExW (in: hKey=0x410, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x34ead4, lpData=0x251fedc, lpcbData=0x34ead0*=0x20 | out: lpType=0x34ead4*=0x1, lpData="@tzres.dll,-321", lpcbData=0x34ead0*=0x20) returned 0x0 [0212.084] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0212.085] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0212.087] CoTaskMemFree (pv=0x249080) [0212.087] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0212.087] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x34eaf0, pwszFileMUIPath=0x249080, pcchFileMUIPath=0x34eaf4, pululEnumerator=0x34eae8 | out: pwszLanguage=0x0, pcchLanguage=0x34eaf0, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x34eaf4, pululEnumerator=0x34eae8) returned 1 [0212.091] CoTaskMemFree (pv=0x0) [0212.091] CoTaskMemFree (pv=0x249080) [0212.092] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x690001 [0212.100] CoTaskMemAlloc (cb=0x3ec) returned 0x249080 [0212.100] LoadStringW (in: hInstance=0x690001, uID=0x140, lpBuffer=0x249080, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0212.100] CoTaskMemFree (pv=0x249080) [0212.100] FreeLibrary (hLibModule=0x690001) returned 1 [0212.107] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0212.107] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0212.107] CoTaskMemFree (pv=0x249080) [0212.107] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0212.107] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x34eaf0, pwszFileMUIPath=0x249080, pcchFileMUIPath=0x34eaf4, pululEnumerator=0x34eae8 | out: pwszLanguage=0x0, pcchLanguage=0x34eaf0, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x34eaf4, pululEnumerator=0x34eae8) returned 1 [0212.110] CoTaskMemFree (pv=0x0) [0212.110] CoTaskMemFree (pv=0x249080) [0212.110] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x690001 [0212.113] CoTaskMemAlloc (cb=0x3ec) returned 0x249080 [0212.113] LoadStringW (in: hInstance=0x690001, uID=0x142, lpBuffer=0x249080, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0212.114] CoTaskMemFree (pv=0x249080) [0212.114] FreeLibrary (hLibModule=0x690001) returned 1 [0212.115] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0212.115] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0212.115] CoTaskMemFree (pv=0x249080) [0212.115] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0212.115] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x34eaf0, pwszFileMUIPath=0x249080, pcchFileMUIPath=0x34eaf4, pululEnumerator=0x34eae8 | out: pwszLanguage=0x0, pcchLanguage=0x34eaf0, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x34eaf4, pululEnumerator=0x34eae8) returned 1 [0212.118] CoTaskMemFree (pv=0x0) [0212.118] CoTaskMemFree (pv=0x249080) [0212.118] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x690001 [0212.121] CoTaskMemAlloc (cb=0x3ec) returned 0x249080 [0212.121] LoadStringW (in: hInstance=0x690001, uID=0x141, lpBuffer=0x249080, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0212.121] CoTaskMemFree (pv=0x249080) [0212.121] FreeLibrary (hLibModule=0x690001) returned 1 [0212.122] RegCloseKey (hKey=0x410) returned 0x0 [0212.255] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x34ed4c | out: phkResult=0x34ed4c*=0x410) returned 0x0 [0212.261] RegDeleteValueW (hKey=0x410, lpValueName="Acrobat") returned 0x2 [0212.345] CoTaskMemAlloc (cb=0x20c) returned 0x24fd88 [0212.345] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x24fd88, nSize=0x104 | out: lpBuffer="") returned 0x22 [0212.345] CoTaskMemFree (pv=0x24fd88) [0212.348] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x34e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", lpFilePart=0x0) returned 0x2b [0212.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34ea58) returned 1 [0212.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0x34ed1c | out: lpFileInformation=0x34ed1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34ea54) returned 1 [0212.348] CoTaskMemAlloc (cb=0x20c) returned 0x24fd88 [0212.348] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x24fd88, nSize=0x104 | out: lpBuffer="") returned 0x22 [0212.349] CoTaskMemFree (pv=0x24fd88) [0212.349] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x34e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", lpFilePart=0x0) returned 0x2b [0212.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e9e8) returned 1 [0212.349] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0x34ecac | out: lpFileInformation=0x34ecac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e9e4) returned 1 [0212.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e9e8) returned 1 [0212.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0x34ecac | out: lpFileInformation=0x34ecac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e9e4) returned 1 [0212.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e9e8) returned 1 [0212.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x34ecac | out: lpFileInformation=0x34ecac*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xb2913890, ftLastAccessTime.dwHighDateTime=0x1d87cc9, ftLastWriteTime.dwLowDateTime=0xb2913890, ftLastWriteTime.dwHighDateTime=0x1d87cc9, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0212.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e9e4) returned 1 [0212.354] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), lpSecurityAttributes=0x0) returned 1 [0212.357] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x34e824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0212.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34ea64) returned 1 [0212.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), fInfoLevelId=0x0, lpFileInformation=0x34ed28 | out: lpFileInformation=0x34ed28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34ea60) returned 1 [0212.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0212.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34ea64) returned 1 [0212.357] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x34ed28 | out: lpFileInformation=0x34ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23456500, ftCreationTime.dwHighDateTime=0x1d4e503, ftLastAccessTime.dwLowDateTime=0xb9e9cb30, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0xa098)) returned 1 [0212.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34ea60) returned 1 [0212.357] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x34e824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0212.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34ea64) returned 1 [0212.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), fInfoLevelId=0x0, lpFileInformation=0x34ed28 | out: lpFileInformation=0x34ed28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34ea60) returned 1 [0212.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x34e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0212.358] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x34e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0212.358] CopyFileW (lpExistingFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), bFailIfExists=0) returned 1 [0212.371] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x34e834, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0212.371] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", dwFileAttributes=0x6) returned 1 [0212.372] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x34ed18 | out: phkResult=0x34ed18*=0x41c) returned 0x0 [0212.374] RegQueryValueExW (in: hKey=0x41c, lpValueName="Acrobat", lpReserved=0x0, lpType=0x34ed0c, lpData=0x0, lpcbData=0x34ed08*=0x0 | out: lpType=0x34ed0c*=0x0, lpData=0x0, lpcbData=0x34ed08*=0x0) returned 0x2 [0212.375] RegSetValueExW (in: hKey=0x41c, lpValueName="Acrobat", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", cbData=0x6e | out: lpData="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe") returned 0x0 [0212.379] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x34ed18 | out: phkResult=0x34ed18*=0x0) returned 0x2 [0212.383] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x34e804, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0212.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34ea44) returned 1 [0212.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), fInfoLevelId=0x0, lpFileInformation=0x34ed08 | out: lpFileInformation=0x34ed08*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x646099e0, ftCreationTime.dwHighDateTime=0x1d8a136, ftLastAccessTime.dwLowDateTime=0x646099e0, ftLastAccessTime.dwHighDateTime=0x1d8a136, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0xa098)) returned 1 [0212.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34ea40) returned 1 [0212.419] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe:zone.identifier")) returned 0 [0212.662] CoTaskMemAlloc (cb=0x20c) returned 0x24fd88 [0212.662] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x24fd88 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0212.666] CoTaskMemFree (pv=0x24fd88) [0212.666] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0212.672] CoTaskMemAlloc (cb=0x20c) returned 0x24fd88 [0212.672] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x24fd88 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0212.672] CoTaskMemFree (pv=0x24fd88) [0212.672] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0212.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0212.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.934] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0212.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.935] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0212.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.935] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0212.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.936] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0212.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.936] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0212.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.937] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0212.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.937] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0212.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.937] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0212.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x30 [0212.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0212.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0212.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0212.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0212.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.940] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0212.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.941] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0212.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.941] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0212.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.942] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0212.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.942] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0212.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.943] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0212.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.943] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0212.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.944] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x3e [0212.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.944] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0212.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.945] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0212.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.945] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0212.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.946] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0212.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0212.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0212.968] CoTaskMemAlloc (cb=0x20c) returned 0x24fd88 [0212.968] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x24fd88, nSize=0x104 | out: lpBuffer="") returned 0x22 [0212.968] CoTaskMemFree (pv=0x24fd88) [0213.151] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b [0213.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0213.152] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0213.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0213.281] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b [0213.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0213.281] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0213.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0213.394] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.394] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0213.394] CoTaskMemFree (pv=0x249080) [0213.394] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0213.398] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", nBufferLength=0x105, lpBuffer=0x34e45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", lpFilePart=0x0) returned 0x4a [0213.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e69c) returned 1 [0213.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mysql\\workbench\\workbench_user_data.dat"), fInfoLevelId=0x0, lpFileInformation=0x34e960 | out: lpFileInformation=0x34e960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e698) returned 1 [0213.469] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.469] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0213.469] CoTaskMemFree (pv=0x249080) [0213.469] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0213.473] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x34e444, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x45 [0213.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e684) returned 1 [0213.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x34e948 | out: lpFileInformation=0x34e948*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e680) returned 1 [0213.492] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37 [0213.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0213.492] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0213.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0213.501] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37 [0213.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0213.501] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0213.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0213.524] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f [0213.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0213.525] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0213.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0213.532] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f [0213.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0213.532] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0213.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0213.628] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\DownloadManager\\Passwords", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e92c | out: phkResult=0x34e92c*=0x0) returned 0x2 [0213.697] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.697] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0213.697] CoTaskMemFree (pv=0x249080) [0213.697] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0213.704] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x34e440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3c [0213.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e67c) returned 1 [0213.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e940 | out: lpFileInformation=0x34e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e678) returned 1 [0213.705] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x34e448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x55 [0213.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e688) returned 1 [0213.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x34e94c | out: lpFileInformation=0x34e94c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e684) returned 1 [0213.746] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.746] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0213.746] CoTaskMemFree (pv=0x249080) [0213.746] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0213.750] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.750] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x249080 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0213.750] CoTaskMemFree (pv=0x249080) [0213.750] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0213.759] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x34e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2c [0213.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e688) returned 1 [0213.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x34e94c | out: lpFileInformation=0x34e94c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e684) returned 1 [0213.852] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.852] GetEnvironmentVariableW (in: lpName="Programfiles(x86)", lpBuffer=0x249080, nSize=0x104 | out: lpBuffer="") returned 0x16 [0213.852] CoTaskMemFree (pv=0x249080) [0213.856] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.856] GetEnvironmentVariableW (in: lpName="programfiles(x86)", lpBuffer=0x249080, nSize=0x104 | out: lpBuffer="") returned 0x16 [0213.856] CoTaskMemFree (pv=0x249080) [0213.861] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script", nBufferLength=0x105, lpBuffer=0x34e418, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\jDownloader\\config\\database.script", lpFilePart=0x0) returned 0x39 [0213.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e658) returned 1 [0213.861] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script" (normalized: "c:\\program files (x86)\\jdownloader\\config\\database.script"), fInfoLevelId=0x0, lpFileInformation=0x34e91c | out: lpFileInformation=0x34e91c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e654) returned 1 [0213.962] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.962] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x249080, nSize=0x104 | out: lpBuffer="") returned 0x22 [0213.962] CoTaskMemFree (pv=0x249080) [0213.966] CoTaskMemAlloc (cb=0x20c) returned 0x249080 [0213.966] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x249080, nSize=0x104 | out: lpBuffer="") returned 0x22 [0213.966] CoTaskMemFree (pv=0x249080) [0213.973] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", nBufferLength=0x105, lpBuffer=0x34e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", lpFilePart=0x0) returned 0x2f [0213.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e658) returned 1 [0213.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x34e91c | out: lpFileInformation=0x34e91c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e654) returned 1 [0213.976] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", nBufferLength=0x105, lpBuffer=0x34e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", lpFilePart=0x0) returned 0x30 [0213.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e658) returned 1 [0213.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi+\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x34e91c | out: lpFileInformation=0x34e91c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e654) returned 1 [0214.019] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\FTPWare\\COREFTP\\Sites", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e94c | out: phkResult=0x34e94c*=0x0) returned 0x2 [0214.039] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41 [0214.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0214.039] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0214.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0214.048] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41 [0214.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0214.049] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0214.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0214.129] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x0) returned 0x2 [0214.133] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x0) returned 0x2 [0214.136] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x0) returned 0x2 [0214.140] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x418) returned 0x0 [0214.141] RegQueryInfoKeyW (in: hKey=0x418, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x34e904, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x34e900, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x34e904*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x34e900*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0214.141] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x0, lpName=0x254b4d0, lpcchName=0x34e920, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x34e920, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0214.141] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x1, lpName=0x254b4d0, lpcchName=0x34e920, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x34e920, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0214.141] RegEnumKeyExW (in: hKey=0x418, dwIndex=0x2, lpName=0x254b4d0, lpcchName=0x34e920, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x34e920, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0214.142] RegOpenKeyExW (in: hKey=0x418, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x420) returned 0x0 [0214.147] RegQueryValueExW (in: hKey=0x420, lpValueName="Email", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.151] RegQueryValueExW (in: hKey=0x420, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.155] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.158] RegQueryValueExW (in: hKey=0x420, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.161] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.161] RegCloseKey (hKey=0x420) returned 0x0 [0214.161] RegOpenKeyExW (in: hKey=0x418, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x420) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="Email", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x1, lpData=0x0, lpcbData=0x34e8f8*=0x1e) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="Email", lpReserved=0x0, lpType=0x34e8fc, lpData=0x254bac4, lpcbData=0x34e8f8*=0x1e | out: lpType=0x34e8fc*=0x1, lpData="franc@gdllo.de", lpcbData=0x34e8f8*=0x1e) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x3, lpData=0x0, lpcbData=0x34e8f8*=0x111) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x254bb1c, lpcbData=0x34e8f8*=0x111 | out: lpType=0x34e8fc*=0x3, lpData=0x254bb1c*, lpcbData=0x34e8f8*=0x111) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x3, lpData=0x0, lpcbData=0x34e8f8*=0x111) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x254bc70, lpcbData=0x34e8f8*=0x111 | out: lpType=0x34e8fc*=0x3, lpData=0x254bc70*, lpcbData=0x34e8f8*=0x111) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x3, lpData=0x0, lpcbData=0x34e8f8*=0x111) returned 0x0 [0214.162] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x254bd90, lpcbData=0x34e8f8*=0x111 | out: lpType=0x34e8fc*=0x3, lpData=0x254bd90*, lpcbData=0x34e8f8*=0x111) returned 0x0 [0214.321] CryptUnprotectData (in: pDataIn=0x34e8e4, ppszDataDescr=0x0, pOptionalEntropy=0x34e8dc, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x34e8ec | out: ppszDataDescr=0x0, pDataOut=0x34e8ec) returned 1 [0214.389] LocalFree (hMem=0x52960a8) returned 0x0 [0214.389] RegQueryValueExW (in: hKey=0x420, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.389] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.389] RegQueryValueExW (in: hKey=0x420, lpValueName="Email", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x1, lpData=0x0, lpcbData=0x34e8f8*=0x1e) returned 0x0 [0214.389] RegQueryValueExW (in: hKey=0x420, lpValueName="Email", lpReserved=0x0, lpType=0x34e8fc, lpData=0x254c088, lpcbData=0x34e8f8*=0x1e | out: lpType=0x34e8fc*=0x1, lpData="franc@gdllo.de", lpcbData=0x34e8f8*=0x1e) returned 0x0 [0214.394] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x1, lpData=0x0, lpcbData=0x34e8f8*=0x1c) returned 0x0 [0214.394] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x34e8fc, lpData=0x254c104, lpcbData=0x34e8f8*=0x1c | out: lpType=0x34e8fc*=0x1, lpData="smtp.gdllo.de", lpcbData=0x34e8f8*=0x1c) returned 0x0 [0214.394] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x1, lpData=0x0, lpcbData=0x34e8f8*=0x1c) returned 0x0 [0214.394] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x34e8fc, lpData=0x254c154, lpcbData=0x34e8f8*=0x1c | out: lpType=0x34e8fc*=0x1, lpData="smtp.gdllo.de", lpcbData=0x34e8f8*=0x1c) returned 0x0 [0214.403] RegCloseKey (hKey=0x420) returned 0x0 [0214.403] RegOpenKeyExW (in: hKey=0x418, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e8dc | out: phkResult=0x34e8dc*=0x420) returned 0x0 [0214.403] RegQueryValueExW (in: hKey=0x420, lpValueName="Email", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.403] RegQueryValueExW (in: hKey=0x420, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.404] RegQueryValueExW (in: hKey=0x420, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.404] RegQueryValueExW (in: hKey=0x420, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.404] RegQueryValueExW (in: hKey=0x420, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x34e8fc, lpData=0x0, lpcbData=0x34e8f8*=0x0 | out: lpType=0x34e8fc*=0x0, lpData=0x0, lpcbData=0x34e8f8*=0x0) returned 0x2 [0214.404] RegCloseKey (hKey=0x420) returned 0x0 [0214.458] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0214.458] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0214.458] CoTaskMemFree (pv=0x5281c40) [0214.458] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0214.461] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x34e444, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x41 [0214.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e684) returned 1 [0214.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x34e948 | out: lpFileInformation=0x34e948*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0214.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e680) returned 1 [0214.527] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0214.527] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x2 [0214.528] CoTaskMemFree (pv=0x5281c40) [0214.531] GetFullPathNameW (in: lpFileName="C:\\cftp\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x34e45c, lpFilePart=0x0 | out: lpBuffer="C:\\cftp\\Ftplist.txt", lpFilePart=0x0) returned 0x13 [0214.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e69c) returned 1 [0214.531] GetFileAttributesExW (in: lpFileName="C:\\cftp\\Ftplist.txt" (normalized: "c:\\cftp\\ftplist.txt"), fInfoLevelId=0x0, lpFileInformation=0x34e960 | out: lpFileInformation=0x34e960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0214.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e698) returned 1 [0214.634] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0214.634] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0214.634] CoTaskMemFree (pv=0x5281c40) [0214.634] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0214.638] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x34e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x28 [0214.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e6c0) returned 1 [0214.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x254d4d8 | out: lpFileInformation=0x254d4d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0214.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e6bc) returned 1 [0214.643] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0214.661] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e [0214.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0214.661] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0214.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0214.667] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e [0214.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0214.668] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0214.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0214.773] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0214.774] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\ProgramData") returned 0x0 [0214.775] CoTaskMemFree (pv=0x5281c40) [0214.776] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x34e324, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0214.779] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0214.779] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0214.780] CoTaskMemFree (pv=0x5281c40) [0214.780] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0214.780] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\FlashFXP\\", nBufferLength=0x105, lpBuffer=0x34e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\FlashFXP\\", lpFilePart=0x0) returned 0x18 [0214.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5f0) returned 1 [0214.780] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\FlashFXP\\" (normalized: "c:\\programdata\\flashfxp"), fInfoLevelId=0x0, lpFileInformation=0x34e8b4 | out: lpFileInformation=0x34e8b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0214.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5ec) returned 1 [0214.780] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FlashFXP\\", nBufferLength=0x105, lpBuffer=0x34e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FlashFXP\\", lpFilePart=0x0) returned 0x2c [0214.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5f0) returned 1 [0214.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FlashFXP\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flashfxp"), fInfoLevelId=0x0, lpFileInformation=0x34e8b4 | out: lpFileInformation=0x34e8b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0214.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5ec) returned 1 [0214.950] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e918 | out: phkResult=0x34e918*=0x0) returned 0x2 [0215.019] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0215.019] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0215.019] CoTaskMemFree (pv=0x5281c40) [0215.019] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e384, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0215.030] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x3d [0215.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e7fc) returned 1 [0215.030] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0215.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d618) returned 1 [0215.172] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0215.172] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0215.172] CoTaskMemFree (pv=0x5281c40) [0215.172] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0215.178] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x34e24c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0215.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e488) returned 1 [0215.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e74c | out: lpFileInformation=0x34e74c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0215.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e484) returned 1 [0215.355] VaultEnumerateVaults () returned 0x0 [0216.171] VaultOpenVault () returned 0x0 [0216.185] VaultEnumerateItems () returned 0x0 [0216.186] VaultOpenVault () returned 0x0 [0216.187] VaultEnumerateItems () returned 0x0 [0216.252] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x34e840, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0216.252] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x34e840, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0216.260] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.260] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.260] CoTaskMemFree (pv=0x5281c40) [0216.264] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x34e45c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Private Internet Access\\data", lpFilePart=0x0) returned 0x2d [0216.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e698) returned 1 [0216.264] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data" (normalized: "c:\\program files\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x34e95c | out: lpFileInformation=0x34e95c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e694) returned 1 [0216.265] GetFullPathNameW (in: lpFileName="\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x34e45c, lpFilePart=0x0 | out: lpBuffer="C:\\Private Internet Access\\data", lpFilePart=0x0) returned 0x1f [0216.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e698) returned 1 [0216.266] GetFileAttributesExW (in: lpFileName="C:\\Private Internet Access\\data" (normalized: "c:\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x34e95c | out: lpFileInformation=0x34e95c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e694) returned 1 [0216.283] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e [0216.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0216.284] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0216.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0216.291] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e [0216.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0216.292] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0216.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0216.336] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\OpenVPN-GUI\\configs", ulOptions=0x0, samDesired=0x2001f, phkResult=0x34e94c | out: phkResult=0x34e94c*=0x0) returned 0x2 [0216.363] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.363] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0216.367] CoTaskMemFree (pv=0x5281c40) [0216.367] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x34e3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0216.374] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.374] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0216.374] CoTaskMemFree (pv=0x5281c40) [0216.374] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0216.409] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x34e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e [0216.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e67c) returned 1 [0216.409] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x34e940 | out: lpFileInformation=0x34e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e678) returned 1 [0216.426] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.426] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0216.426] CoTaskMemFree (pv=0x5281c40) [0216.426] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0216.430] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x34e484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x38 [0216.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e6c4) returned 1 [0216.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x34e988 | out: lpFileInformation=0x34e988*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e6c0) returned 1 [0216.521] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.522] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0216.522] CoTaskMemFree (pv=0x5281c40) [0216.522] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0216.525] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", nBufferLength=0x105, lpBuffer=0x34e454, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", lpFilePart=0x0) returned 0x38 [0216.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e694) returned 1 [0216.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ftpgetter\\servers.xml"), fInfoLevelId=0x0, lpFileInformation=0x34e958 | out: lpFileInformation=0x34e958*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e690) returned 1 [0216.544] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38 [0216.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0216.545] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0216.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0216.552] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38 [0216.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0216.553] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0216.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0216.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.734] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.735] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.737] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.738] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.738] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.739] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.739] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.740] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e860 | out: phkResult=0x34e860*=0x0) returned 0x2 [0216.745] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.745] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.745] CoTaskMemFree (pv=0x5281c40) [0216.753] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.753] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.754] CoTaskMemFree (pv=0x5281c40) [0216.760] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.760] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.760] CoTaskMemFree (pv=0x5281c40) [0216.761] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.761] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.761] CoTaskMemFree (pv=0x5281c40) [0216.761] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.761] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.761] CoTaskMemFree (pv=0x5281c40) [0216.764] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.764] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.764] CoTaskMemFree (pv=0x5281c40) [0216.764] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.764] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.764] CoTaskMemFree (pv=0x5281c40) [0216.764] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.764] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x16 [0216.764] CoTaskMemFree (pv=0x5281c40) [0216.764] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0216.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.764] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.767] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0216.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.767] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.767] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0216.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.767] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.768] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0216.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.768] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.768] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0216.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.768] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.768] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0216.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.768] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.769] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0216.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.769] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.769] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x34e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0216.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5ac) returned 1 [0216.769] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e870 | out: lpFileInformation=0x34e870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5a8) returned 1 [0216.844] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.844] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x22 [0216.844] CoTaskMemFree (pv=0x5281c40) [0216.850] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", nBufferLength=0x105, lpBuffer=0x34e40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", lpFilePart=0x0) returned 0x43 [0216.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e64c) returned 1 [0216.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ipswitch\\ws_ftp\\sites\\ws_ftp.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e910 | out: lpFileInformation=0x34e910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e648) returned 1 [0216.968] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e7d0 | out: phkResult=0x34e7d0*=0x0) returned 0x2 [0216.977] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e7d0 | out: phkResult=0x34e7d0*=0x0) returned 0x2 [0216.982] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x34e314, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb [0216.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e550) returned 1 [0216.982] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x34e814 | out: lpFileInformation=0x34e814*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e54c) returned 1 [0216.991] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x34e314, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8 [0216.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e550) returned 1 [0216.991] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x34e814 | out: lpFileInformation=0x34e814*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e54c) returned 1 [0216.992] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.992] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0216.992] CoTaskMemFree (pv=0x5281c40) [0216.993] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e288, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0216.999] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x34e314, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x49 [0216.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e550) returned 1 [0216.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x34e814 | out: lpFileInformation=0x34e814*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0216.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e54c) returned 1 [0216.999] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0216.999] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0217.000] CoTaskMemFree (pv=0x5281c40) [0217.000] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e288, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0217.003] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x34e314, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4f [0217.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e550) returned 1 [0217.004] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x34e814 | out: lpFileInformation=0x34e814*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0217.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e54c) returned 1 [0217.023] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40 [0217.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.024] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.033] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40 [0217.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.035] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.079] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.079] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x2 [0217.079] CoTaskMemFree (pv=0x5281c40) [0217.083] GetFullPathNameW (in: lpFileName="C:\\FTP Navigator\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x34e304, lpFilePart=0x0 | out: lpBuffer="C:\\FTP Navigator\\Ftplist.txt", lpFilePart=0x0) returned 0x1c [0217.084] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e81c) returned 1 [0217.084] CreateFileW (lpFileName="C:\\FTP Navigator\\Ftplist.txt" (normalized: "c:\\ftp navigator\\ftplist.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.159] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x3d [0217.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e7ec) returned 1 [0217.159] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d608) returned 1 [0217.281] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.281] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0217.283] CoTaskMemFree (pv=0x5281c40) [0217.283] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0217.286] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x34e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37 [0217.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e674) returned 1 [0217.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x34e938 | out: lpFileInformation=0x34e938*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0217.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e670) returned 1 [0217.286] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.286] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0217.287] CoTaskMemFree (pv=0x5281c40) [0217.287] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0217.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e934) returned 1 [0217.288] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x34e414, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37 [0217.289] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x34e6e4 | out: lpFindFileData=0x34e6e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x204b78 [0217.291] FindNextFileW (in: hFindFile=0x204b78, lpFindFileData=0x34e6ec | out: lpFindFileData=0x34e6ec*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0217.291] FindNextFileW (in: hFindFile=0x204b78, lpFindFileData=0x34e6ec | out: lpFindFileData=0x34e6ec*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0217.291] FindClose (in: hFindFile=0x204b78 | out: hFindFile=0x204b78) returned 1 [0217.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e6a4) returned 1 [0217.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e904) returned 1 [0217.293] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.293] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0217.293] CoTaskMemFree (pv=0x5281c40) [0217.293] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0217.293] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x34e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39 [0217.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e674) returned 1 [0217.293] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x34e938 | out: lpFileInformation=0x34e938*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0217.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e670) returned 1 [0217.293] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.293] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0217.293] CoTaskMemFree (pv=0x5281c40) [0217.293] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0217.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e934) returned 1 [0217.294] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x34e414, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39 [0217.294] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x34e6e4 | out: lpFindFileData=0x34e6e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x204b78 [0217.294] FindNextFileW (in: hFindFile=0x204b78, lpFindFileData=0x34e6ec | out: lpFindFileData=0x34e6ec*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0217.294] FindNextFileW (in: hFindFile=0x204b78, lpFindFileData=0x34e6ec | out: lpFindFileData=0x34e6ec*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0217.294] FindClose (in: hFindFile=0x204b78 | out: hFindFile=0x204b78) returned 1 [0217.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e6a4) returned 1 [0217.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e904) returned 1 [0217.354] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e900 | out: phkResult=0x34e900*=0x0) returned 0x2 [0217.357] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x34e444, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Folder.lst", lpFilePart=0x0) returned 0x25 [0217.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e684) returned 1 [0217.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Folder.lst" (normalized: "c:\\users\\keecfmwgj\\desktop\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x34e948 | out: lpFileInformation=0x34e948*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0217.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e680) returned 1 [0217.385] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.385] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0217.385] CoTaskMemFree (pv=0x5281c40) [0217.385] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0217.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e94c) returned 1 [0217.394] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x34e42c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2b [0217.394] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucbrowser\\*"), lpFindFileData=0x34e6fc | out: lpFindFileData=0x34e6fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0217.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e6bc) returned 1 [0217.407] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.407] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0217.407] CoTaskMemFree (pv=0x5281c40) [0217.407] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x34e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0217.415] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x34e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x39 [0217.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e638) returned 1 [0217.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x34e8fc | out: lpFileInformation=0x34e8fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0217.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e634) returned 1 [0217.501] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.501] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x22 [0217.501] CoTaskMemFree (pv=0x5281c40) [0217.504] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x34e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2b [0217.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e674) returned 1 [0217.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x34e938 | out: lpFileInformation=0x34e938*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0217.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e670) returned 1 [0217.565] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e93c | out: phkResult=0x34e93c*=0x0) returned 0x2 [0217.587] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45 [0217.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.588] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.594] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45 [0217.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.595] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.731] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e928 | out: phkResult=0x34e928*=0x0) returned 0x2 [0217.748] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f [0217.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.748] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.755] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f [0217.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.756] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.780] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.780] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x22 [0217.780] CoTaskMemFree (pv=0x5281c40) [0217.783] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.784] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x22 [0217.784] CoTaskMemFree (pv=0x5281c40) [0217.791] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", nBufferLength=0x105, lpBuffer=0x34e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFilePart=0x0) returned 0x54 [0217.791] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x34e380, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e [0217.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e86c) returned 1 [0217.792] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x34e34c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e [0217.792] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\smartftp\\client 2.0\\favorites\\quick connect\\*.xml"), lpFindFileData=0x34e61c | out: lpFindFileData=0x34e61c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0217.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5dc) returned 1 [0217.814] SetErrorInfo (dwReserved=0x0, perrinfo=0x5298ec4) returned 0x0 [0217.815] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x34e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x4f [0217.867] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.867] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x22 [0217.867] CoTaskMemFree (pv=0x5281c40) [0217.871] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x34e310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x3e [0217.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e828) returned 1 [0217.872] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d648) returned 1 [0217.962] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0217.962] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5281c40 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0217.963] CoTaskMemFree (pv=0x5281c40) [0217.963] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x34e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0217.965] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x34e374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x2d [0217.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5b0) returned 1 [0217.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x34e874 | out: lpFileInformation=0x34e874*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0217.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5ac) returned 1 [0217.968] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x34e37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x35 [0217.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e5bc) returned 1 [0217.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x34e880 | out: lpFileInformation=0x34e880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0217.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e5b8) returned 1 [0217.981] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38 [0217.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.982] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0217.987] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x34e300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38 [0217.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e818) returned 1 [0217.988] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0217.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34d638) returned 1 [0218.055] CoTaskMemAlloc (cb=0x20c) returned 0x5281c40 [0218.055] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5281c40, nSize=0x104 | out: lpBuffer="") returned 0x22 [0218.055] CoTaskMemFree (pv=0x5281c40) [0218.059] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x34e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x38 [0218.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x34e65c) returned 1 [0218.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x34e920 | out: lpFileInformation=0x34e920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0218.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x34e658) returned 1 [0218.101] GetUserNameW (in: lpBuffer=0x34ea9c, pcbBuffer=0x2575b9c | out: lpBuffer="kEecfMwgj", pcbBuffer=0x2575b9c) returned 1 [0218.103] GetComputerNameW (in: lpBuffer=0x34ea9c, nSize=0x257605c | out: lpBuffer="Q9IATRKPRH", nSize=0x257605c) returned 1 [0218.144] GetUserNameW (in: lpBuffer=0x34ea8c, pcbBuffer=0x2576930 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x2576930) returned 1 [0218.148] GetComputerNameW (in: lpBuffer=0x34ea8c, nSize=0x2576dc0 | out: lpBuffer="Q9IATRKPRH", nSize=0x2576dc0) returned 1 [0218.155] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438 [0218.155] SetEvent (hEvent=0x2b8) returned 1 [0218.156] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ec0c*=0x438, lpdwindex=0x34ea30 | out: lpdwindex=0x34ea30) returned 0x0 [0218.163] CoGetContextToken (in: pToken=0x34eae4 | out: pToken=0x34eae4) returned 0x0 [0218.163] CoGetContextToken (in: pToken=0x34ea44 | out: pToken=0x34ea44) returned 0x0 [0218.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x52774d0, riid=0x34eb14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eb10 | out: ppvObject=0x34eb10*=0x52774d0) returned 0x0 [0218.163] WbemDefPath:IUnknown:AddRef (This=0x52774d0) returned 0x3 [0218.163] WbemDefPath:IUnknown:Release (This=0x52774d0) returned 0x2 [0218.163] WbemDefPath:IWbemPath:SetText (This=0x52774d0, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0218.163] WbemDefPath:IWbemPath:GetInfo (in: This=0x52774d0, uRequestedInfo=0x0, puResponse=0x34ecb8 | out: puResponse=0x34ecb8*=0xc15) returned 0x0 [0218.163] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x52774d0, puCount=0x34ecb0 | out: puCount=0x34ecb0*=0x0) returned 0x0 [0218.166] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec88 | out: puCount=0x34ec88*=0x2) returned 0x0 [0218.166] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec84*=0x0, pszText=0x0 | out: puBuffLength=0x34ec84*=0xf, pszText=0x0) returned 0x0 [0218.166] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec84*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec84*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.188] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34eb20*=0x44c, lpdwindex=0x34e9d8 | out: lpdwindex=0x34e9d8) returned 0x0 [0218.225] CoGetContextToken (in: pToken=0x34e9d4 | out: pToken=0x34e9d4) returned 0x0 [0218.225] CoGetContextToken (in: pToken=0x34e934 | out: pToken=0x34e934) returned 0x0 [0218.225] CoGetContextToken (in: pToken=0x34e934 | out: pToken=0x34e934) returned 0x0 [0218.225] CoGetContextToken (in: pToken=0x34e8d4 | out: pToken=0x34e8d4) returned 0x0 [0218.225] IUnknown:QueryInterface (in: This=0x1a29f0, riid=0x71668ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e8ac | out: ppvObject=0x34e8ac*=0x1a2a00) returned 0x0 [0218.225] CObjectContext::ContextCallback () returned 0x0 [0218.228] IUnknown:Release (This=0x1a2a00) returned 0x1 [0218.228] CoUnmarshalInterface (in: pStm=0x5284d90, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34e928 | out: ppv=0x34e928*=0x2013fc) returned 0x0 [0218.228] CoMarshalInterface (pStm=0x5284d90, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x2013fc, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0218.228] WbemLocator:IUnknown:QueryInterface (in: This=0x2013fc, riid=0x34ea04*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x34ea00 | out: ppvObject=0x34ea00*=0x5293c48) returned 0x0 [0218.229] WbemLocator:IUnknown:Release (This=0x2013fc) returned 0x1 [0218.229] IWbemServices:ExecQuery (in: This=0x5293c48, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x34ebe8 | out: ppEnum=0x34ebe8*=0x1fae90) returned 0x0 [0218.251] IUnknown:QueryInterface (in: This=0x1fae90, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea38 | out: ppvObject=0x34ea38*=0x1fae94) returned 0x0 [0218.251] IClientSecurity:QueryBlanket (in: This=0x1fae94, pProxy=0x1fae90, pAuthnSvc=0x34ea88, pAuthzSvc=0x34ea84, pServerPrincName=0x34ea7c, pAuthnLevel=0x34ea80, pImpLevel=0x34ea70, pAuthInfo=0x34ea74, pCapabilites=0x34ea78 | out: pAuthnSvc=0x34ea88*=0xa, pAuthzSvc=0x34ea84*=0x0, pServerPrincName=0x34ea7c, pAuthnLevel=0x34ea80*=0x6, pImpLevel=0x34ea70*=0x2, pAuthInfo=0x34ea74, pCapabilites=0x34ea78*=0x1) returned 0x0 [0218.251] IUnknown:Release (This=0x1fae94) returned 0x1 [0218.252] IUnknown:QueryInterface (in: This=0x1fae90, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea2c | out: ppvObject=0x34ea2c*=0x2014ec) returned 0x0 [0218.252] IUnknown:QueryInterface (in: This=0x1fae90, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea18 | out: ppvObject=0x34ea18*=0x1fae94) returned 0x0 [0218.252] IClientSecurity:SetBlanket (This=0x1fae94, pProxy=0x1fae90, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0218.271] IUnknown:Release (This=0x1fae94) returned 0x2 [0218.271] WbemLocator:IUnknown:Release (This=0x2014ec) returned 0x1 [0218.272] CoTaskMemFree (pv=0x5295828) [0218.272] IUnknown:AddRef (This=0x1fae90) returned 0x2 [0218.272] CoGetContextToken (in: pToken=0x34df58 | out: pToken=0x34df58) returned 0x0 [0218.273] CoGetContextToken (in: pToken=0x34e36c | out: pToken=0x34e36c) returned 0x0 [0218.273] IUnknown:QueryInterface (in: This=0x1fae90, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e304 | out: ppvObject=0x34e304*=0x2014d4) returned 0x0 [0218.273] WbemLocator:IRpcOptions:Query (in: This=0x2014d4, pPrx=0x529aec0, dwProperty=2, pdwValue=0x34e3f8 | out: pdwValue=0x34e3f8) returned 0x80004002 [0218.273] WbemLocator:IUnknown:Release (This=0x2014d4) returned 0x2 [0218.273] CoGetContextToken (in: pToken=0x34e93c | out: pToken=0x34e93c) returned 0x0 [0218.273] CoGetContextToken (in: pToken=0x34e89c | out: pToken=0x34e89c) returned 0x0 [0218.273] IUnknown:QueryInterface (in: This=0x1fae90, riid=0x34e96c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e838 | out: ppvObject=0x34e838*=0x1fae90) returned 0x0 [0218.274] IUnknown:Release (This=0x1fae90) returned 0x2 [0218.274] WbemLocator:IUnknown:Release (This=0x5293c48) returned 0x0 [0218.274] SysStringLen (param_1=0x0) returned 0x0 [0218.275] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec34 | out: puCount=0x34ec34*=0x2) returned 0x0 [0218.275] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec30*=0x0, pszText=0x0 | out: puBuffLength=0x34ec30*=0xf, pszText=0x0) returned 0x0 [0218.275] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec30*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec30*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.275] CoGetContextToken (in: pToken=0x34ea7c | out: pToken=0x34ea7c) returned 0x0 [0218.275] IEnumWbemClassObject:Clone (in: This=0x1fae90, ppEnum=0x34ec30 | out: ppEnum=0x34ec30*=0x1faf58) returned 0x0 [0218.277] IUnknown:QueryInterface (in: This=0x1faf58, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eaec | out: ppvObject=0x34eaec*=0x1faf5c) returned 0x0 [0218.277] IClientSecurity:QueryBlanket (in: This=0x1faf5c, pProxy=0x1faf58, pAuthnSvc=0x34eb3c, pAuthzSvc=0x34eb38, pServerPrincName=0x34eb30, pAuthnLevel=0x34eb34, pImpLevel=0x34eb24, pAuthInfo=0x34eb28, pCapabilites=0x34eb2c | out: pAuthnSvc=0x34eb3c*=0xa, pAuthzSvc=0x34eb38*=0x0, pServerPrincName=0x34eb30, pAuthnLevel=0x34eb34*=0x6, pImpLevel=0x34eb24*=0x2, pAuthInfo=0x34eb28, pCapabilites=0x34eb2c*=0x1) returned 0x0 [0218.277] IUnknown:Release (This=0x1faf5c) returned 0x1 [0218.277] IUnknown:QueryInterface (in: This=0x1faf58, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eae0 | out: ppvObject=0x34eae0*=0x2013fc) returned 0x0 [0218.277] IUnknown:QueryInterface (in: This=0x1faf58, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eacc | out: ppvObject=0x34eacc*=0x1faf5c) returned 0x0 [0218.277] IClientSecurity:SetBlanket (This=0x1faf5c, pProxy=0x1faf58, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0218.280] IUnknown:Release (This=0x1faf5c) returned 0x2 [0218.280] WbemLocator:IUnknown:Release (This=0x2013fc) returned 0x1 [0218.280] CoTaskMemFree (pv=0x5295798) [0218.280] IUnknown:AddRef (This=0x1faf58) returned 0x2 [0218.281] CoGetContextToken (in: pToken=0x34dffc | out: pToken=0x34dffc) returned 0x0 [0218.281] CoGetContextToken (in: pToken=0x34e40c | out: pToken=0x34e40c) returned 0x0 [0218.281] IUnknown:QueryInterface (in: This=0x1faf58, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e3a8 | out: ppvObject=0x34e3a8*=0x2013e4) returned 0x0 [0218.281] WbemLocator:IRpcOptions:Query (in: This=0x2013e4, pPrx=0x529af38, dwProperty=2, pdwValue=0x34e49c | out: pdwValue=0x34e49c) returned 0x80004002 [0218.282] WbemLocator:IUnknown:Release (This=0x2013e4) returned 0x2 [0218.282] CoGetContextToken (in: pToken=0x34e9dc | out: pToken=0x34e9dc) returned 0x0 [0218.282] CoGetContextToken (in: pToken=0x34e93c | out: pToken=0x34e93c) returned 0x0 [0218.282] IUnknown:QueryInterface (in: This=0x1faf58, riid=0x34ea0c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e8d8 | out: ppvObject=0x34e8d8*=0x1faf58) returned 0x0 [0218.282] IUnknown:Release (This=0x1faf58) returned 0x2 [0218.282] SysStringLen (param_1=0x0) returned 0x0 [0218.282] IEnumWbemClassObject:Reset (This=0x1faf58) returned 0x0 [0218.284] CoTaskMemAlloc (cb=0x4) returned 0x5275490 [0218.284] IEnumWbemClassObject:Next (in: This=0x1faf58, lTimeout=-1, uCount=0x1, apObjects=0x5275490, puReturned=0x25782e4 | out: apObjects=0x5275490*=0x5282dc8, puReturned=0x25782e4*=0x1) returned 0x0 [0218.291] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e284 | out: ppvObject=0x34e284*=0x5282dc8) returned 0x0 [0218.291] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e238 | out: ppvObject=0x34e238*=0x0) returned 0x80004002 [0218.291] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e060 | out: ppvObject=0x34e060*=0x0) returned 0x80004002 [0218.291] IUnknown:AddRef (This=0x5282dc8) returned 0x3 [0218.291] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34db94 | out: ppvObject=0x34db94*=0x0) returned 0x80004002 [0218.291] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34db44 | out: ppvObject=0x34db44*=0x0) returned 0x80004002 [0218.292] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34db50 | out: ppvObject=0x34db50*=0x5282dcc) returned 0x0 [0218.292] IMarshal:GetUnmarshalClass (in: This=0x5282dcc, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34db58 | out: pCid=0x34db58*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0218.292] IUnknown:Release (This=0x5282dcc) returned 0x3 [0218.292] CoGetContextToken (in: pToken=0x34dbb0 | out: pToken=0x34dbb0) returned 0x0 [0218.292] CoGetContextToken (in: pToken=0x34dfc4 | out: pToken=0x34dfc4) returned 0x0 [0218.292] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e044 | out: ppvObject=0x34e044*=0x0) returned 0x80004002 [0218.292] IUnknown:Release (This=0x5282dc8) returned 0x2 [0218.292] CoGetContextToken (in: pToken=0x34e5b4 | out: pToken=0x34e5b4) returned 0x0 [0218.292] CoGetContextToken (in: pToken=0x34e514 | out: pToken=0x34e514) returned 0x0 [0218.292] IUnknown:QueryInterface (in: This=0x5282dc8, riid=0x34e5e4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e5e0 | out: ppvObject=0x34e5e0*=0x5282dc8) returned 0x0 [0218.292] IUnknown:AddRef (This=0x5282dc8) returned 0x4 [0218.292] IUnknown:Release (This=0x5282dc8) returned 0x3 [0218.292] IUnknown:Release (This=0x5282dc8) returned 0x2 [0218.293] CoTaskMemFree (pv=0x5275490) [0218.293] CoGetContextToken (in: pToken=0x34e924 | out: pToken=0x34e924) returned 0x0 [0218.293] IUnknown:AddRef (This=0x5282dc8) returned 0x3 [0218.293] CoTaskMemAlloc (cb=0x4) returned 0x5275490 [0218.293] IEnumWbemClassObject:Next (in: This=0x1faf58, lTimeout=-1, uCount=0x1, apObjects=0x5275490, puReturned=0x25782e4 | out: apObjects=0x5275490*=0x0, puReturned=0x25782e4*=0x0) returned 0x1 [0218.296] CoTaskMemFree (pv=0x5275490) [0218.296] CoGetContextToken (in: pToken=0x34ea8c | out: pToken=0x34ea8c) returned 0x0 [0218.296] IEnumWbemClassObject:Clone (in: This=0x1fae90, ppEnum=0x34ec40 | out: ppEnum=0x34ec40*=0x1fb020) returned 0x0 [0218.297] IUnknown:QueryInterface (in: This=0x1fb020, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eafc | out: ppvObject=0x34eafc*=0x1fb024) returned 0x0 [0218.298] IClientSecurity:QueryBlanket (in: This=0x1fb024, pProxy=0x1fb020, pAuthnSvc=0x34eb4c, pAuthzSvc=0x34eb48, pServerPrincName=0x34eb40, pAuthnLevel=0x34eb44, pImpLevel=0x34eb34, pAuthInfo=0x34eb38, pCapabilites=0x34eb3c | out: pAuthnSvc=0x34eb4c*=0xa, pAuthzSvc=0x34eb48*=0x0, pServerPrincName=0x34eb40, pAuthnLevel=0x34eb44*=0x6, pImpLevel=0x34eb34*=0x2, pAuthInfo=0x34eb38, pCapabilites=0x34eb3c*=0x1) returned 0x0 [0218.298] IUnknown:Release (This=0x1fb024) returned 0x1 [0218.298] IUnknown:QueryInterface (in: This=0x1fb020, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eaf0 | out: ppvObject=0x34eaf0*=0x2017bc) returned 0x0 [0218.298] IUnknown:QueryInterface (in: This=0x1fb020, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eadc | out: ppvObject=0x34eadc*=0x1fb024) returned 0x0 [0218.298] IClientSecurity:SetBlanket (This=0x1fb024, pProxy=0x1fb020, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0218.301] IUnknown:Release (This=0x1fb024) returned 0x2 [0218.301] WbemLocator:IUnknown:Release (This=0x2017bc) returned 0x1 [0218.301] CoTaskMemFree (pv=0x5295948) [0218.301] IUnknown:AddRef (This=0x1fb020) returned 0x2 [0218.302] CoGetContextToken (in: pToken=0x34e00c | out: pToken=0x34e00c) returned 0x0 [0218.302] CoGetContextToken (in: pToken=0x34e41c | out: pToken=0x34e41c) returned 0x0 [0218.302] IUnknown:QueryInterface (in: This=0x1fb020, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e3b8 | out: ppvObject=0x34e3b8*=0x2017a4) returned 0x0 [0218.302] WbemLocator:IRpcOptions:Query (in: This=0x2017a4, pPrx=0x529aff8, dwProperty=2, pdwValue=0x34e4ac | out: pdwValue=0x34e4ac) returned 0x80004002 [0218.303] WbemLocator:IUnknown:Release (This=0x2017a4) returned 0x2 [0218.303] CoGetContextToken (in: pToken=0x34e9ec | out: pToken=0x34e9ec) returned 0x0 [0218.303] CoGetContextToken (in: pToken=0x34e94c | out: pToken=0x34e94c) returned 0x0 [0218.303] IUnknown:QueryInterface (in: This=0x1fb020, riid=0x34ea1c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e8e8 | out: ppvObject=0x34e8e8*=0x1fb020) returned 0x0 [0218.303] IUnknown:Release (This=0x1fb020) returned 0x2 [0218.303] SysStringLen (param_1=0x0) returned 0x0 [0218.303] IEnumWbemClassObject:Reset (This=0x1fb020) returned 0x0 [0218.305] CoTaskMemAlloc (cb=0x4) returned 0x52754c0 [0218.305] IEnumWbemClassObject:Next (in: This=0x1fb020, lTimeout=-1, uCount=0x1, apObjects=0x52754c0, puReturned=0x25783c8 | out: apObjects=0x52754c0*=0x52830f8, puReturned=0x25783c8*=0x1) returned 0x0 [0218.309] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e294 | out: ppvObject=0x34e294*=0x52830f8) returned 0x0 [0218.309] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e248 | out: ppvObject=0x34e248*=0x0) returned 0x80004002 [0218.309] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e070 | out: ppvObject=0x34e070*=0x0) returned 0x80004002 [0218.310] IUnknown:AddRef (This=0x52830f8) returned 0x3 [0218.310] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dba4 | out: ppvObject=0x34dba4*=0x0) returned 0x80004002 [0218.310] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34db54 | out: ppvObject=0x34db54*=0x0) returned 0x80004002 [0218.310] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34db60 | out: ppvObject=0x34db60*=0x52830fc) returned 0x0 [0218.310] IMarshal:GetUnmarshalClass (in: This=0x52830fc, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34db68 | out: pCid=0x34db68*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0218.310] IUnknown:Release (This=0x52830fc) returned 0x3 [0218.310] CoGetContextToken (in: pToken=0x34dbc0 | out: pToken=0x34dbc0) returned 0x0 [0218.310] CoGetContextToken (in: pToken=0x34dfd4 | out: pToken=0x34dfd4) returned 0x0 [0218.310] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e054 | out: ppvObject=0x34e054*=0x0) returned 0x80004002 [0218.311] IUnknown:Release (This=0x52830f8) returned 0x2 [0218.311] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0218.311] CoGetContextToken (in: pToken=0x34e524 | out: pToken=0x34e524) returned 0x0 [0218.311] IUnknown:QueryInterface (in: This=0x52830f8, riid=0x34e5f4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e5f0 | out: ppvObject=0x34e5f0*=0x52830f8) returned 0x0 [0218.311] IUnknown:AddRef (This=0x52830f8) returned 0x4 [0218.311] IUnknown:Release (This=0x52830f8) returned 0x3 [0218.311] IUnknown:Release (This=0x52830f8) returned 0x2 [0218.311] CoTaskMemFree (pv=0x52754c0) [0218.311] CoGetContextToken (in: pToken=0x34e934 | out: pToken=0x34e934) returned 0x0 [0218.311] IUnknown:AddRef (This=0x52830f8) returned 0x3 [0218.312] IWbemClassObject:Get (in: This=0x52830f8, wszName="__GENUS", lFlags=0, pVal=0x34ec30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ecb0*=0, plFlavor=0x34ecac*=0 | out: pVal=0x34ec30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ecb0*=3, plFlavor=0x34ecac*=64) returned 0x0 [0218.313] IWbemClassObject:Get (in: This=0x52830f8, wszName="__PATH", lFlags=0, pVal=0x34ec14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ec98*=0, plFlavor=0x34ec94*=0 | out: pVal=0x34ec14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"", varVal2=0x0), pType=0x34ec98*=8, plFlavor=0x34ec94*=64) returned 0x0 [0218.313] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0218.313] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0218.313] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450 [0218.314] SetEvent (hEvent=0x2b8) returned 1 [0218.314] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ebec*=0x450, lpdwindex=0x34ea10 | out: lpdwindex=0x34ea10) returned 0x0 [0218.318] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0218.318] CoGetContextToken (in: pToken=0x34ea24 | out: pToken=0x34ea24) returned 0x0 [0218.318] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277540, riid=0x34eaf4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eaf0 | out: ppvObject=0x34eaf0*=0x5277540) returned 0x0 [0218.318] WbemDefPath:IUnknown:AddRef (This=0x5277540) returned 0x3 [0218.318] WbemDefPath:IUnknown:Release (This=0x5277540) returned 0x2 [0218.318] WbemDefPath:IWbemPath:SetText (This=0x5277540, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x0 [0218.318] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec6c | out: puCount=0x34ec6c*=0x2) returned 0x0 [0218.318] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec68*=0x0, pszText=0x0 | out: puBuffLength=0x34ec68*=0xf, pszText=0x0) returned 0x0 [0218.318] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.318] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec60 | out: puCount=0x34ec60*=0x2) returned 0x0 [0218.318] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec5c*=0x0, pszText=0x0 | out: puBuffLength=0x34ec5c*=0xf, pszText=0x0) returned 0x0 [0218.319] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec5c*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec5c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.319] IWbemClassObject:Get (in: This=0x52830f8, wszName="Name", lFlags=0, pVal=0x34ec5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578c34*=0, plFlavor=0x2578c38*=0 | out: pVal=0x34ec5c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2578c34*=8, plFlavor=0x2578c38*=0) returned 0x0 [0218.319] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0218.319] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0218.319] IWbemClassObject:Get (in: This=0x52830f8, wszName="Name", lFlags=0, pVal=0x34ec64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578c34*=8, plFlavor=0x2578c38*=0 | out: pVal=0x34ec64*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2578c34*=8, plFlavor=0x2578c38*=0) returned 0x0 [0218.319] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0218.319] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0218.363] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec78 | out: puCount=0x34ec78*=0x2) returned 0x0 [0218.363] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec74*=0x0, pszText=0x0 | out: puBuffLength=0x34ec74*=0xf, pszText=0x0) returned 0x0 [0218.363] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec74*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec74*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.376] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34eb20*=0x464, lpdwindex=0x34e9d8 | out: lpdwindex=0x34e9d8) returned 0x0 [0218.391] CoGetContextToken (in: pToken=0x34e9e4 | out: pToken=0x34e9e4) returned 0x0 [0218.391] CoGetContextToken (in: pToken=0x34e944 | out: pToken=0x34e944) returned 0x0 [0218.391] CoGetContextToken (in: pToken=0x34e944 | out: pToken=0x34e944) returned 0x0 [0218.391] CoGetContextToken (in: pToken=0x34e8e4 | out: pToken=0x34e8e4) returned 0x0 [0218.391] IUnknown:QueryInterface (in: This=0x1a29f0, riid=0x71668ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e8bc | out: ppvObject=0x34e8bc*=0x1a2a00) returned 0x0 [0218.391] CObjectContext::ContextCallback () returned 0x0 [0218.394] IUnknown:Release (This=0x1a2a00) returned 0x1 [0218.394] CoUnmarshalInterface (in: pStm=0x5284e10, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x34e938 | out: ppv=0x34e938*=0x201b7c) returned 0x0 [0218.394] CoMarshalInterface (pStm=0x5284e10, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x201b7c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0218.394] WbemLocator:IUnknown:QueryInterface (in: This=0x201b7c, riid=0x34ea14*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x34ea10 | out: ppvObject=0x34ea10*=0x5293dd8) returned 0x0 [0218.396] WbemLocator:IUnknown:Release (This=0x201b7c) returned 0x1 [0218.396] IWbemServices:ExecQuery (in: This=0x5293dd8, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x34ebe8 | out: ppEnum=0x34ebe8*=0x1fb1b0) returned 0x0 [0218.412] IUnknown:QueryInterface (in: This=0x1fb1b0, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea44 | out: ppvObject=0x34ea44*=0x1fb1b4) returned 0x0 [0218.412] IClientSecurity:QueryBlanket (in: This=0x1fb1b4, pProxy=0x1fb1b0, pAuthnSvc=0x34ea94, pAuthzSvc=0x34ea90, pServerPrincName=0x34ea88, pAuthnLevel=0x34ea8c, pImpLevel=0x34ea7c, pAuthInfo=0x34ea80, pCapabilites=0x34ea84 | out: pAuthnSvc=0x34ea94*=0xa, pAuthzSvc=0x34ea90*=0x0, pServerPrincName=0x34ea88, pAuthnLevel=0x34ea8c*=0x6, pImpLevel=0x34ea7c*=0x2, pAuthInfo=0x34ea80, pCapabilites=0x34ea84*=0x1) returned 0x0 [0218.412] IUnknown:Release (This=0x1fb1b4) returned 0x1 [0218.412] IUnknown:QueryInterface (in: This=0x1fb1b0, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea38 | out: ppvObject=0x34ea38*=0x201c6c) returned 0x0 [0218.412] IUnknown:QueryInterface (in: This=0x1fb1b0, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34ea24 | out: ppvObject=0x34ea24*=0x1fb1b4) returned 0x0 [0218.412] IClientSecurity:SetBlanket (This=0x1fb1b4, pProxy=0x1fb1b0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0218.513] IUnknown:Release (This=0x1fb1b4) returned 0x2 [0218.513] WbemLocator:IUnknown:Release (This=0x201c6c) returned 0x1 [0218.513] CoTaskMemFree (pv=0x5295a68) [0218.513] IUnknown:AddRef (This=0x1fb1b0) returned 0x2 [0218.513] CoGetContextToken (in: pToken=0x34df64 | out: pToken=0x34df64) returned 0x0 [0218.514] CoGetContextToken (in: pToken=0x34e374 | out: pToken=0x34e374) returned 0x0 [0218.514] IUnknown:QueryInterface (in: This=0x1fb1b0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e310 | out: ppvObject=0x34e310*=0x201c54) returned 0x0 [0218.514] WbemLocator:IRpcOptions:Query (in: This=0x201c54, pPrx=0x529b298, dwProperty=2, pdwValue=0x34e404 | out: pdwValue=0x34e404) returned 0x80004002 [0218.514] WbemLocator:IUnknown:Release (This=0x201c54) returned 0x2 [0218.514] CoGetContextToken (in: pToken=0x34e944 | out: pToken=0x34e944) returned 0x0 [0218.514] CoGetContextToken (in: pToken=0x34e8a4 | out: pToken=0x34e8a4) returned 0x0 [0218.514] IUnknown:QueryInterface (in: This=0x1fb1b0, riid=0x34e974*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e840 | out: ppvObject=0x34e840*=0x1fb1b0) returned 0x0 [0218.515] IUnknown:Release (This=0x1fb1b0) returned 0x2 [0218.515] WbemLocator:IUnknown:Release (This=0x5293dd8) returned 0x0 [0218.515] SysStringLen (param_1=0x0) returned 0x0 [0218.515] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec34 | out: puCount=0x34ec34*=0x2) returned 0x0 [0218.516] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec30*=0x0, pszText=0x0 | out: puBuffLength=0x34ec30*=0xf, pszText=0x0) returned 0x0 [0218.516] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec30*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec30*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.516] CoGetContextToken (in: pToken=0x34ea8c | out: pToken=0x34ea8c) returned 0x0 [0218.516] IEnumWbemClassObject:Clone (in: This=0x1fb1b0, ppEnum=0x34ec40 | out: ppEnum=0x34ec40*=0x1fb278) returned 0x0 [0218.653] IUnknown:QueryInterface (in: This=0x1fb278, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eafc | out: ppvObject=0x34eafc*=0x1fb27c) returned 0x0 [0218.653] IClientSecurity:QueryBlanket (in: This=0x1fb27c, pProxy=0x1fb278, pAuthnSvc=0x34eb4c, pAuthzSvc=0x34eb48, pServerPrincName=0x34eb40, pAuthnLevel=0x34eb44, pImpLevel=0x34eb34, pAuthInfo=0x34eb38, pCapabilites=0x34eb3c | out: pAuthnSvc=0x34eb4c*=0xa, pAuthzSvc=0x34eb48*=0x0, pServerPrincName=0x34eb40, pAuthnLevel=0x34eb44*=0x6, pImpLevel=0x34eb34*=0x2, pAuthInfo=0x34eb38, pCapabilites=0x34eb3c*=0x1) returned 0x0 [0218.653] IUnknown:Release (This=0x1fb27c) returned 0x1 [0218.653] IUnknown:QueryInterface (in: This=0x1fb278, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eaf0 | out: ppvObject=0x34eaf0*=0x201b7c) returned 0x0 [0218.653] IUnknown:QueryInterface (in: This=0x1fb278, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34eadc | out: ppvObject=0x34eadc*=0x1fb27c) returned 0x0 [0218.653] IClientSecurity:SetBlanket (This=0x1fb27c, pProxy=0x1fb278, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0218.840] IUnknown:Release (This=0x1fb27c) returned 0x2 [0218.840] WbemLocator:IUnknown:Release (This=0x201b7c) returned 0x1 [0218.840] CoTaskMemFree (pv=0x5295978) [0218.840] IUnknown:AddRef (This=0x1fb278) returned 0x2 [0218.841] CoGetContextToken (in: pToken=0x34e00c | out: pToken=0x34e00c) returned 0x0 [0218.841] CoGetContextToken (in: pToken=0x34e41c | out: pToken=0x34e41c) returned 0x0 [0218.841] IUnknown:QueryInterface (in: This=0x1fb278, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e3b8 | out: ppvObject=0x34e3b8*=0x201b64) returned 0x0 [0218.841] WbemLocator:IRpcOptions:Query (in: This=0x201b64, pPrx=0x529b310, dwProperty=2, pdwValue=0x34e4ac | out: pdwValue=0x34e4ac) returned 0x80004002 [0218.841] WbemLocator:IUnknown:Release (This=0x201b64) returned 0x2 [0218.842] CoGetContextToken (in: pToken=0x34e9ec | out: pToken=0x34e9ec) returned 0x0 [0218.842] CoGetContextToken (in: pToken=0x34e94c | out: pToken=0x34e94c) returned 0x0 [0218.842] IUnknown:QueryInterface (in: This=0x1fb278, riid=0x34ea1c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x34e8e8 | out: ppvObject=0x34e8e8*=0x1fb278) returned 0x0 [0218.842] IUnknown:Release (This=0x1fb278) returned 0x2 [0218.842] SysStringLen (param_1=0x0) returned 0x0 [0218.842] IEnumWbemClassObject:Reset (This=0x1fb278) returned 0x0 [0218.928] CoTaskMemAlloc (cb=0x4) returned 0x52a1a48 [0218.928] IEnumWbemClassObject:Next (in: This=0x1fb278, lTimeout=-1, uCount=0x1, apObjects=0x52a1a48, puReturned=0x2579958 | out: apObjects=0x52a1a48*=0x5283428, puReturned=0x2579958*=0x1) returned 0x0 [0221.912] IUnknown:QueryInterface (in: This=0x5283428, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e294 | out: ppvObject=0x34e294*=0x5283428) returned 0x0 [0221.912] IUnknown:QueryInterface (in: This=0x5283428, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x34e248 | out: ppvObject=0x34e248*=0x0) returned 0x80004002 [0221.913] IUnknown:QueryInterface (in: This=0x5283428, riid=0x715b1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x34e070 | out: ppvObject=0x34e070*=0x0) returned 0x80004002 [0221.913] IUnknown:AddRef (This=0x5283428) returned 0x3 [0221.913] IUnknown:QueryInterface (in: This=0x5283428, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x34dba4 | out: ppvObject=0x34dba4*=0x0) returned 0x80004002 [0221.913] IUnknown:QueryInterface (in: This=0x5283428, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x34db54 | out: ppvObject=0x34db54*=0x0) returned 0x80004002 [0221.913] IUnknown:QueryInterface (in: This=0x5283428, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34db60 | out: ppvObject=0x34db60*=0x528342c) returned 0x0 [0221.913] IMarshal:GetUnmarshalClass (in: This=0x528342c, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x34db68 | out: pCid=0x34db68*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0221.913] IUnknown:Release (This=0x528342c) returned 0x3 [0221.913] CoGetContextToken (in: pToken=0x34dbc0 | out: pToken=0x34dbc0) returned 0x0 [0221.913] CoGetContextToken (in: pToken=0x34dfd4 | out: pToken=0x34dfd4) returned 0x0 [0221.913] IUnknown:QueryInterface (in: This=0x5283428, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x34e054 | out: ppvObject=0x34e054*=0x0) returned 0x80004002 [0221.914] IUnknown:Release (This=0x5283428) returned 0x2 [0221.914] CoGetContextToken (in: pToken=0x34e5c4 | out: pToken=0x34e5c4) returned 0x0 [0221.914] CoGetContextToken (in: pToken=0x34e524 | out: pToken=0x34e524) returned 0x0 [0221.914] IUnknown:QueryInterface (in: This=0x5283428, riid=0x34e5f4*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x34e5f0 | out: ppvObject=0x34e5f0*=0x5283428) returned 0x0 [0221.914] IUnknown:AddRef (This=0x5283428) returned 0x4 [0221.914] IUnknown:Release (This=0x5283428) returned 0x3 [0221.914] IUnknown:Release (This=0x5283428) returned 0x2 [0221.914] CoTaskMemFree (pv=0x52a1a48) [0221.914] CoGetContextToken (in: pToken=0x34e934 | out: pToken=0x34e934) returned 0x0 [0221.914] IUnknown:AddRef (This=0x5283428) returned 0x3 [0221.914] IWbemClassObject:Get (in: This=0x5283428, wszName="__GENUS", lFlags=0, pVal=0x34ec30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ecb0*=0, plFlavor=0x34ecac*=0 | out: pVal=0x34ec30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x34ecb0*=3, plFlavor=0x34ecac*=64) returned 0x0 [0221.915] IWbemClassObject:Get (in: This=0x5283428, wszName="__PATH", lFlags=0, pVal=0x34ec14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34ec98*=0, plFlavor=0x34ec94*=0 | out: pVal=0x34ec14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x34ec98*=8, plFlavor=0x34ec94*=64) returned 0x0 [0221.915] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0221.915] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0221.915] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x468 [0221.915] SetEvent (hEvent=0x2b8) returned 1 [0221.916] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x34ebec*=0x468, lpdwindex=0x34ea10 | out: lpdwindex=0x34ea10) returned 0x0 [0221.919] CoGetContextToken (in: pToken=0x34eac4 | out: pToken=0x34eac4) returned 0x0 [0221.919] CoGetContextToken (in: pToken=0x34ea24 | out: pToken=0x34ea24) returned 0x0 [0221.919] WbemDefPath:IUnknown:QueryInterface (in: This=0x52775b0, riid=0x34eaf4*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x34eaf0 | out: ppvObject=0x34eaf0*=0x52775b0) returned 0x0 [0221.919] WbemDefPath:IUnknown:AddRef (This=0x52775b0) returned 0x3 [0221.919] WbemDefPath:IUnknown:Release (This=0x52775b0) returned 0x2 [0221.919] WbemDefPath:IWbemPath:SetText (This=0x52775b0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0221.919] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec6c | out: puCount=0x34ec6c*=0x2) returned 0x0 [0221.919] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec68*=0x0, pszText=0x0 | out: puBuffLength=0x34ec68*=0xf, pszText=0x0) returned 0x0 [0221.919] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0221.936] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec3c | out: puCount=0x34ec3c*=0x2) returned 0x0 [0221.936] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec38*=0x0, pszText=0x0 | out: puBuffLength=0x34ec38*=0xf, pszText=0x0) returned 0x0 [0221.936] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec38*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec38*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0221.937] IWbemClassObject:Get (in: This=0x5283428, wszName="Name", lFlags=0, pVal=0x34ec38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257a1d4*=0, plFlavor=0x257a1d8*=0 | out: pVal=0x34ec38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x257a1d4*=8, plFlavor=0x257a1d8*=0) returned 0x0 [0221.937] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0221.937] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0221.937] IWbemClassObject:Get (in: This=0x5283428, wszName="Name", lFlags=0, pVal=0x34ec40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257a1d4*=8, plFlavor=0x257a1d8*=0 | out: pVal=0x34ec40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x257a1d4*=8, plFlavor=0x257a1d8*=0) returned 0x0 [0221.937] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0221.937] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0221.937] CoTaskMemAlloc (cb=0x4) returned 0x52a1a88 [0221.937] IEnumWbemClassObject:Next (in: This=0x1fb278, lTimeout=-1, uCount=0x1, apObjects=0x52a1a88, puReturned=0x2579958 | out: apObjects=0x52a1a88*=0x0, puReturned=0x2579958*=0x0) returned 0x1 [0221.943] CoTaskMemFree (pv=0x52a1a88) [0221.943] CoGetContextToken (in: pToken=0x34eb64 | out: pToken=0x34eb64) returned 0x0 [0221.943] IUnknown:Release (This=0x1fb278) returned 0x1 [0221.943] IUnknown:Release (This=0x1fb278) returned 0x0 [0221.949] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x34ec78 | out: puCount=0x34ec78*=0x2) returned 0x0 [0221.949] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec74*=0x0, pszText=0x0 | out: puBuffLength=0x34ec74*=0xf, pszText=0x0) returned 0x0 [0221.949] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=4, puBuffLength=0x34ec74*=0xf, pszText="00000000000000" | out: puBuffLength=0x34ec74*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0221.953] GlobalMemoryStatusEx (in: lpBuffer=0x257a410 | out: lpBuffer=0x257a410) returned 1 [0222.085] GetCurrentProcess () returned 0xffffffff [0222.085] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e884 | out: TokenHandle=0x34e884*=0x46c) returned 1 [0222.090] CloseHandle (hObject=0x46c) returned 1 [0222.091] GetCurrentProcess () returned 0xffffffff [0222.091] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e89c | out: TokenHandle=0x34e89c*=0x46c) returned 1 [0222.091] CloseHandle (hObject=0x46c) returned 1 [0222.113] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x34ebb0 | out: pFixedInfo=0x0, pOutBufLen=0x34ebb0) returned 0x6f [0222.160] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x52a5820 [0222.160] GetNetworkParams (in: pFixedInfo=0x52a5820, pOutBufLen=0x34ebb0 | out: pFixedInfo=0x52a5820, pOutBufLen=0x34ebb0) returned 0x0 [0222.179] LocalFree (hMem=0x52a5820) returned 0x0 [0222.194] SystemFunction041 (in: Memory=0x5296624, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x5296624) returned 0x0 [0222.198] SysStringLen (param_1="logs@multimetals.cfd\x08") returned 0x18 [0222.198] SystemFunction040 (in: Memory=0x52a0e8c, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x52a0e8c) returned 0x0 [0222.222] GetCurrentProcess () returned 0xffffffff [0222.222] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e7cc | out: TokenHandle=0x34e7cc*=0x47c) returned 1 [0222.223] CloseHandle (hObject=0x47c) returned 1 [0222.223] GetCurrentProcess () returned 0xffffffff [0222.223] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e7e4 | out: TokenHandle=0x34e7e4*=0x47c) returned 1 [0222.224] CloseHandle (hObject=0x47c) returned 1 [0222.227] SetEvent (hEvent=0x1e4) returned 1 [0222.252] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x34e8f0 | out: lpWSAData=0x34e8f0) returned 0 [0222.262] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4b4 [0222.281] setsockopt (s=0x4b4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0222.281] closesocket (s=0x4b4) returned 0 [0222.282] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4b4 [0222.286] setsockopt (s=0x4b4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0222.286] closesocket (s=0x4b4) returned 0 [0222.290] GetCurrentProcess () returned 0xffffffff [0222.290] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e6f0 | out: TokenHandle=0x34e6f0*=0x4b4) returned 1 [0222.298] CloseHandle (hObject=0x4b4) returned 1 [0222.298] GetCurrentProcess () returned 0xffffffff [0222.298] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e708 | out: TokenHandle=0x34e708*=0x4b4) returned 1 [0222.299] CloseHandle (hObject=0x4b4) returned 1 [0222.322] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x4b4 [0222.325] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4b8 [0222.328] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x4bc [0222.330] SetEvent (hEvent=0x1e4) returned 1 [0222.330] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x34ea20*=0x4b4, lpdwindex=0x34e8e4 | out: lpdwindex=0x34e8e4) returned 0x0 [0222.333] ReleaseMutex (hMutex=0x4bc) returned 1 [0222.335] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c0 [0222.337] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4 [0222.339] GetAddrInfoW (in: pNodeName="multimetals.cfd", pServiceName=0x0, pHints=0x34e9d4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x34e97c | out: ppResult=0x34e97c*=0x52b8380*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="multimetals.cfd", ai_addr=0x52a54d0*(sa_family=2, sin_port=0x0, sin_addr="192.185.37.183"), ai_next=0x0)) returned 0 [0222.530] FreeAddrInfoW (pAddrInfo=0x52b8380*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="multimetals.cfd", ai_addr=0x52a54d0*(sa_family=2, sin_port=0x0, sin_addr="192.185.37.183"), ai_next=0x0)) [0222.532] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc [0222.532] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d4 [0222.534] ioctlsocket (in: s=0x4cc, cmd=-2147195266, argp=0x34e9ac | out: argp=0x34e9ac) returned 0 [0222.534] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d8 [0222.535] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4dc [0222.535] ioctlsocket (in: s=0x4d8, cmd=-2147195266, argp=0x34e9ac | out: argp=0x34e9ac) returned 0 [0222.536] WSAIoctl (in: s=0x4cc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x34e994, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x34e994, lpOverlapped=0x0) returned -1 [0222.539] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x34e6c4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0222.539] WSAEventSelect (s=0x4cc, hEventObject=0x4d4, lNetworkEvents=512) returned 0 [0222.539] WSAIoctl (in: s=0x4d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x34e994, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x34e994, lpOverlapped=0x0) returned -1 [0222.539] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x34e6c4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0222.540] WSAEventSelect (s=0x4d8, hEventObject=0x4dc, lNetworkEvents=512) returned 0 [0222.540] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x34e990*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x34e990*=0x7ec) returned 0x6f [0222.551] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x52bafb0 [0222.551] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x52bafb0, SizePointer=0x34e990*=0x7ec | out: AdapterAddresses=0x52bafb0*(Alignment=0x1000000178, Length=0x178, IfIndex=0x10, Next=0x52bb27c, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x52bb1f0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x25, [2]=0x60, [3]=0xfd, [4]=0xb5, [5]=0x57, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x52bb128*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x34e990*=0x7ec) returned 0x0 [0222.568] LocalFree (hMem=0x52bafb0) returned 0x0 [0222.570] WSAConnect (in: s=0x4c0, name=0x258468c*(sa_family=2, sin_port=0x24b, sin_addr="192.185.37.183"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0222.583] closesocket (s=0x4c4) returned 0 [0222.584] setsockopt (s=0x4c0, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0222.588] recv (in: s=0x4c0, buf=0x2584780, len=256, flags=0 | out: buf=0x2584780) returned 0 [0222.606] shutdown (s=0x4c0, how=2) returned 0 [0222.606] setsockopt (s=0x4c0, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0222.606] closesocket (s=0x4c0) returned 0 [0222.667] GetCurrentProcess () returned 0xffffffff [0222.667] GetCurrentThread () returned 0xfffffffe [0222.667] GetCurrentProcess () returned 0xffffffff [0222.668] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x34edb8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34edb8*=0x4ec) returned 1 [0222.672] GetCurrentThreadId () returned 0xb2c [0222.688] GetCurrentProcess () returned 0xffffffff [0222.689] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e998 | out: TokenHandle=0x34e998*=0x4f0) returned 1 [0222.690] CloseHandle (hObject=0x4f0) returned 1 [0222.690] GetCurrentProcess () returned 0xffffffff [0222.691] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x34e9b0 | out: TokenHandle=0x34e9b0*=0x4f0) returned 1 [0222.692] CloseHandle (hObject=0x4f0) returned 1 [0222.760] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cb [0222.761] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ca [0222.766] GetSystemMetrics (nIndex=75) returned 1 [0222.781] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0222.790] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75620000 [0222.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x34ebd0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectoryq¸g\x03nÛ\x10a2DþJq\\ï4", lpUsedDefaultChar=0x0) returned 15 [0222.790] GetProcAddress (hModule=0x75620000, lpProcName="AddDllDirectory") returned 0x74dd1e91 [0222.791] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6d3f0000 [0222.838] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74f70000 [0222.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x34eb14, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x03nÛ\x10a2DþJq\\ï4", lpUsedDefaultChar=0x0) returned 14 [0222.838] GetProcAddress (hModule=0x74f70000, lpProcName="DefWindowProcW") returned 0x771825dd [0222.839] GetStockObject (i=5) returned 0x1900015 [0222.841] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0222.844] CoTaskMemAlloc (cb=0x5a) returned 0x1db850 [0222.844] RegisterClassW (lpWndClass=0x34eb04) returned 0xc12d [0222.845] CoTaskMemFree (pv=0x1db850) [0222.845] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0222.846] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.3e799b_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x60064 [0222.848] SetWindowLongW (hWnd=0x60064, nIndex=-4, dwNewLong=1998071261) returned 79893278 [0222.850] GetWindowLongW (hWnd=0x60064, nIndex=-4) returned 1998071261 [0222.851] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x34e418 | out: phkResult=0x34e418*=0x4f4) returned 0x0 [0222.852] RegQueryValueExW (in: hKey=0x4f4, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x34e438, lpData=0x0, lpcbData=0x34e434*=0x0 | out: lpType=0x34e438*=0x0, lpData=0x0, lpcbData=0x34e434*=0x0) returned 0x2 [0222.852] RegQueryValueExW (in: hKey=0x4f4, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x34e438, lpData=0x0, lpcbData=0x34e434*=0x0 | out: lpType=0x34e438*=0x0, lpData=0x0, lpcbData=0x34e434*=0x0) returned 0x2 [0222.852] RegCloseKey (hKey=0x4f4) returned 0x0 [0222.853] SetWindowLongW (hWnd=0x60064, nIndex=-4, dwNewLong=79893318) returned 1998071261 [0222.853] GetWindowLongW (hWnd=0x60064, nIndex=-4) returned 79893318 [0222.853] GetWindowLongW (hWnd=0x60064, nIndex=-16) returned 113311744 [0222.854] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc079 [0222.855] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x60064, Msg=0x24, wParam=0x0, lParam=0x34e6f0) returned 0x0 [0222.856] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc076 [0222.856] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x60064, Msg=0x81, wParam=0x0, lParam=0x34e6e4) returned 0x1 [0222.857] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x60064, Msg=0x83, wParam=0x0, lParam=0x34e6d0) returned 0x0 [0222.857] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0x60064, Msg=0x1, wParam=0x0, lParam=0x34e6e4) returned 0x0 [0222.858] GetClientRect (in: hWnd=0x60064, lpRect=0x34e44c | out: lpRect=0x34e44c) returned 1 [0222.858] GetWindowRect (in: hWnd=0x60064, lpRect=0x34e44c | out: lpRect=0x34e44c) returned 1 [0222.859] GetParent (hWnd=0x60064) returned 0x0 [0222.861] OleInitialize (pvReserved=0x0) returned 0x0 [0222.861] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x34ed34 | out: lplpMessageFilter=0x34ed34*=0x0) returned 0x0 [0222.863] PeekMessageW (in: lpMsg=0x34ed08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x34ed08) returned 0 [0222.864] PeekMessageW (in: lpMsg=0x34ed08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x34ed08) returned 0 [0222.864] WaitMessage () Thread: id = 125 os_tid = 0x284 Thread: id = 126 os_tid = 0x528 [0196.095] CoGetContextToken (in: pToken=0x456f7cc | out: pToken=0x456f7cc) returned 0x800401f0 [0196.095] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 127 os_tid = 0x758 Thread: id = 128 os_tid = 0x774 Thread: id = 129 os_tid = 0x73c Thread: id = 130 os_tid = 0x594 Thread: id = 153 os_tid = 0xcc4 [0201.098] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0201.129] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x547f2ec | out: lpiid=0x547f2ec) returned 0x0 [0201.131] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x2198c0) returned 0x0 [0201.131] WbemDefPath:IUnknown:QueryInterface (in: This=0x2198c0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0201.131] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2198c0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e99a0) returned 0x0 [0201.131] WbemDefPath:IUnknown:Release (This=0x2198c0) returned 0x0 [0201.131] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e99a0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e99a0) returned 0x0 [0201.131] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e99a0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0201.132] WbemDefPath:IUnknown:AddRef (This=0x1e99a0) returned 0x3 [0201.132] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e99a0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0201.132] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e99a0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0201.132] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e99a0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x2198a0) returned 0x0 [0201.132] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x2198a0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.132] WbemDefPath:IUnknown:Release (This=0x2198a0) returned 0x3 [0201.132] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0201.133] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0201.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e99a0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0201.133] WbemDefPath:IUnknown:Release (This=0x1e99a0) returned 0x2 [0201.134] WbemDefPath:IUnknown:Release (This=0x1e99a0) returned 0x1 [0201.135] SetEvent (hEvent=0x2b4) returned 1 [0201.145] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x2199e0) returned 0x0 [0201.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x2199e0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0201.146] WbemDefPath:IClassFactory:CreateInstance (in: This=0x2199e0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9a10) returned 0x0 [0201.146] WbemDefPath:IUnknown:Release (This=0x2199e0) returned 0x0 [0201.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a10, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9a10) returned 0x0 [0201.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a10, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0201.146] WbemDefPath:IUnknown:AddRef (This=0x1e9a10) returned 0x3 [0201.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a10, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0201.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a10, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0201.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a10, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x2199f0) returned 0x0 [0201.146] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x2199f0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.146] WbemDefPath:IUnknown:Release (This=0x2199f0) returned 0x3 [0201.146] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0201.147] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0201.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a10, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0201.147] WbemDefPath:IUnknown:Release (This=0x1e9a10) returned 0x2 [0201.147] WbemDefPath:IUnknown:Release (This=0x1e9a10) returned 0x1 [0201.147] SetEvent (hEvent=0x2e8) returned 1 [0201.149] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x219a20) returned 0x0 [0201.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x219a20, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0201.150] WbemDefPath:IClassFactory:CreateInstance (in: This=0x219a20, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9a80) returned 0x0 [0201.150] WbemDefPath:IUnknown:Release (This=0x219a20) returned 0x0 [0201.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a80, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9a80) returned 0x0 [0201.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a80, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0201.150] WbemDefPath:IUnknown:AddRef (This=0x1e9a80) returned 0x3 [0201.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a80, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0201.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a80, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0201.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a80, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x219a30) returned 0x0 [0201.150] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x219a30, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.150] WbemDefPath:IUnknown:Release (This=0x219a30) returned 0x3 [0201.150] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0201.150] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0201.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9a80, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0201.150] WbemDefPath:IUnknown:Release (This=0x1e9a80) returned 0x2 [0201.151] WbemDefPath:IUnknown:Release (This=0x1e9a80) returned 0x1 [0201.151] SetEvent (hEvent=0x2ec) returned 1 [0202.093] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x219ad0) returned 0x0 [0202.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x219ad0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0202.093] WbemDefPath:IClassFactory:CreateInstance (in: This=0x219ad0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9af0) returned 0x0 [0202.093] WbemDefPath:IUnknown:Release (This=0x219ad0) returned 0x0 [0202.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9af0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9af0) returned 0x0 [0202.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9af0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0202.094] WbemDefPath:IUnknown:AddRef (This=0x1e9af0) returned 0x3 [0202.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9af0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0202.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9af0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0202.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9af0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x219ae0) returned 0x0 [0202.094] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x219ae0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.094] WbemDefPath:IUnknown:Release (This=0x219ae0) returned 0x3 [0202.094] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0202.094] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0202.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9af0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0202.094] WbemDefPath:IUnknown:Release (This=0x1e9af0) returned 0x2 [0202.094] WbemDefPath:IUnknown:Release (This=0x1e9af0) returned 0x1 [0202.095] SetEvent (hEvent=0x33c) returned 1 [0210.766] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x219b70) returned 0x0 [0210.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x219b70, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0210.767] WbemDefPath:IClassFactory:CreateInstance (in: This=0x219b70, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9bd0) returned 0x0 [0210.767] WbemDefPath:IUnknown:Release (This=0x219b70) returned 0x0 [0210.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9bd0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9bd0) returned 0x0 [0210.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9bd0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0210.768] WbemDefPath:IUnknown:AddRef (This=0x1e9bd0) returned 0x3 [0210.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9bd0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0210.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9bd0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0210.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9bd0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x219b90) returned 0x0 [0210.768] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x219b90, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.768] WbemDefPath:IUnknown:Release (This=0x219b90) returned 0x3 [0210.768] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0210.768] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0210.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9bd0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0210.768] WbemDefPath:IUnknown:Release (This=0x1e9bd0) returned 0x2 [0210.768] WbemDefPath:IUnknown:Release (This=0x1e9bd0) returned 0x1 [0210.768] SetEvent (hEvent=0x348) returned 1 [0210.819] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x219bc0) returned 0x0 [0210.819] WbemDefPath:IUnknown:QueryInterface (in: This=0x219bc0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0210.819] WbemDefPath:IClassFactory:CreateInstance (in: This=0x219bc0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9c40) returned 0x0 [0210.819] WbemDefPath:IUnknown:Release (This=0x219bc0) returned 0x0 [0210.819] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9c40, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9c40) returned 0x0 [0210.819] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9c40, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0210.820] WbemDefPath:IUnknown:AddRef (This=0x1e9c40) returned 0x3 [0210.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9c40, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0210.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9c40, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0210.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9c40, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x219b60) returned 0x0 [0210.820] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x219b60, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.820] WbemDefPath:IUnknown:Release (This=0x219b60) returned 0x3 [0210.820] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0210.820] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0210.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9c40, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0210.821] WbemDefPath:IUnknown:Release (This=0x1e9c40) returned 0x2 [0210.821] WbemDefPath:IUnknown:Release (This=0x1e9c40) returned 0x1 [0210.821] SetEvent (hEvent=0x34c) returned 1 [0210.824] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x219b50) returned 0x0 [0210.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x219b50, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0210.825] WbemDefPath:IClassFactory:CreateInstance (in: This=0x219b50, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9cb0) returned 0x0 [0210.825] WbemDefPath:IUnknown:Release (This=0x219b50) returned 0x0 [0210.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9cb0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9cb0) returned 0x0 [0210.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9cb0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0210.825] WbemDefPath:IUnknown:AddRef (This=0x1e9cb0) returned 0x3 [0210.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9cb0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0210.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9cb0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0210.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9cb0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x219bd0) returned 0x0 [0210.826] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x219bd0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.826] WbemDefPath:IUnknown:Release (This=0x219bd0) returned 0x3 [0210.826] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0210.826] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0210.826] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9cb0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0210.826] WbemDefPath:IUnknown:Release (This=0x1e9cb0) returned 0x2 [0210.826] WbemDefPath:IUnknown:Release (This=0x1e9cb0) returned 0x1 [0210.826] SetEvent (hEvent=0x350) returned 1 [0210.949] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ead0) returned 0x0 [0210.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ead0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0210.950] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ead0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9d20) returned 0x0 [0210.950] WbemDefPath:IUnknown:Release (This=0x23ead0) returned 0x0 [0210.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d20, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9d20) returned 0x0 [0210.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d20, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0210.951] WbemDefPath:IUnknown:AddRef (This=0x1e9d20) returned 0x3 [0210.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d20, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0210.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d20, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0210.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d20, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23eb00) returned 0x0 [0210.951] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23eb00, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.951] WbemDefPath:IUnknown:Release (This=0x23eb00) returned 0x3 [0210.951] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0210.951] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0210.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d20, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0210.951] WbemDefPath:IUnknown:Release (This=0x1e9d20) returned 0x2 [0210.951] WbemDefPath:IUnknown:Release (This=0x1e9d20) returned 0x1 [0210.951] SetEvent (hEvent=0x380) returned 1 [0211.411] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23eb80) returned 0x0 [0211.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x23eb80, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.411] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23eb80, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9d90) returned 0x0 [0211.412] WbemDefPath:IUnknown:Release (This=0x23eb80) returned 0x0 [0211.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d90, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9d90) returned 0x0 [0211.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d90, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.412] WbemDefPath:IUnknown:AddRef (This=0x1e9d90) returned 0x3 [0211.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d90, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d90, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d90, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23eb90) returned 0x0 [0211.412] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23eb90, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.412] WbemDefPath:IUnknown:Release (This=0x23eb90) returned 0x3 [0211.412] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.413] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.413] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9d90, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.413] WbemDefPath:IUnknown:Release (This=0x1e9d90) returned 0x2 [0211.413] WbemDefPath:IUnknown:Release (This=0x1e9d90) returned 0x1 [0211.413] SetEvent (hEvent=0x384) returned 1 [0211.438] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ebd0) returned 0x0 [0211.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ebd0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.438] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ebd0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9e00) returned 0x0 [0211.438] WbemDefPath:IUnknown:Release (This=0x23ebd0) returned 0x0 [0211.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e00, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9e00) returned 0x0 [0211.439] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e00, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.439] WbemDefPath:IUnknown:AddRef (This=0x1e9e00) returned 0x3 [0211.439] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e00, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.439] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e00, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.439] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e00, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ebe0) returned 0x0 [0211.439] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ebe0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.439] WbemDefPath:IUnknown:Release (This=0x23ebe0) returned 0x3 [0211.439] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.439] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.439] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e00, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.439] WbemDefPath:IUnknown:Release (This=0x1e9e00) returned 0x2 [0211.439] WbemDefPath:IUnknown:Release (This=0x1e9e00) returned 0x1 [0211.440] SetEvent (hEvent=0x388) returned 1 [0211.447] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ec20) returned 0x0 [0211.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ec20, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.447] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ec20, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x1e9e70) returned 0x0 [0211.448] WbemDefPath:IUnknown:Release (This=0x23ec20) returned 0x0 [0211.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e70, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x1e9e70) returned 0x0 [0211.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e70, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.448] WbemDefPath:IUnknown:AddRef (This=0x1e9e70) returned 0x3 [0211.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e70, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e70, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e70, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ec30) returned 0x0 [0211.448] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ec30, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.448] WbemDefPath:IUnknown:Release (This=0x23ec30) returned 0x3 [0211.448] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.448] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x1e9e70, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.449] WbemDefPath:IUnknown:Release (This=0x1e9e70) returned 0x2 [0211.449] WbemDefPath:IUnknown:Release (This=0x1e9e70) returned 0x1 [0211.449] SetEvent (hEvent=0x38c) returned 1 [0211.456] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ec70) returned 0x0 [0211.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ec70, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.456] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ec70, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5276f20) returned 0x0 [0211.456] WbemDefPath:IUnknown:Release (This=0x23ec70) returned 0x0 [0211.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f20, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5276f20) returned 0x0 [0211.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f20, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.456] WbemDefPath:IUnknown:AddRef (This=0x5276f20) returned 0x3 [0211.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f20, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f20, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f20, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ec80) returned 0x0 [0211.456] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ec80, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.457] WbemDefPath:IUnknown:Release (This=0x23ec80) returned 0x3 [0211.457] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.457] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f20, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.457] WbemDefPath:IUnknown:Release (This=0x5276f20) returned 0x2 [0211.457] WbemDefPath:IUnknown:Release (This=0x5276f20) returned 0x1 [0211.457] SetEvent (hEvent=0x390) returned 1 [0211.464] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ecc0) returned 0x0 [0211.464] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ecc0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.464] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ecc0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5276f90) returned 0x0 [0211.464] WbemDefPath:IUnknown:Release (This=0x23ecc0) returned 0x0 [0211.464] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f90, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5276f90) returned 0x0 [0211.464] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f90, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.464] WbemDefPath:IUnknown:AddRef (This=0x5276f90) returned 0x3 [0211.464] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f90, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.464] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f90, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.465] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f90, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ecd0) returned 0x0 [0211.465] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ecd0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.465] WbemDefPath:IUnknown:Release (This=0x23ecd0) returned 0x3 [0211.465] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.465] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.465] WbemDefPath:IUnknown:QueryInterface (in: This=0x5276f90, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.465] WbemDefPath:IUnknown:Release (This=0x5276f90) returned 0x2 [0211.465] WbemDefPath:IUnknown:Release (This=0x5276f90) returned 0x1 [0211.465] SetEvent (hEvent=0x394) returned 1 [0211.472] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ed10) returned 0x0 [0211.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ed10, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.472] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ed10, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5277000) returned 0x0 [0211.472] WbemDefPath:IUnknown:Release (This=0x23ed10) returned 0x0 [0211.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277000, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5277000) returned 0x0 [0211.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277000, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.472] WbemDefPath:IUnknown:AddRef (This=0x5277000) returned 0x3 [0211.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277000, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277000, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277000, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ed20) returned 0x0 [0211.473] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ed20, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.473] WbemDefPath:IUnknown:Release (This=0x23ed20) returned 0x3 [0211.473] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.473] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.473] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277000, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.473] WbemDefPath:IUnknown:Release (This=0x5277000) returned 0x2 [0211.473] WbemDefPath:IUnknown:Release (This=0x5277000) returned 0x1 [0211.473] SetEvent (hEvent=0x398) returned 1 [0211.479] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ed60) returned 0x0 [0211.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ed60, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.480] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ed60, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5277070) returned 0x0 [0211.480] WbemDefPath:IUnknown:Release (This=0x23ed60) returned 0x0 [0211.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277070, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5277070) returned 0x0 [0211.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277070, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.480] WbemDefPath:IUnknown:AddRef (This=0x5277070) returned 0x3 [0211.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277070, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277070, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.480] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277070, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ed70) returned 0x0 [0211.480] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ed70, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.481] WbemDefPath:IUnknown:Release (This=0x23ed70) returned 0x3 [0211.481] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.481] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277070, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.481] WbemDefPath:IUnknown:Release (This=0x5277070) returned 0x2 [0211.481] WbemDefPath:IUnknown:Release (This=0x5277070) returned 0x1 [0211.481] SetEvent (hEvent=0x39c) returned 1 [0211.489] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23edb0) returned 0x0 [0211.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x23edb0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.490] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23edb0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x52770e0) returned 0x0 [0211.490] WbemDefPath:IUnknown:Release (This=0x23edb0) returned 0x0 [0211.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x52770e0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x52770e0) returned 0x0 [0211.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x52770e0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.490] WbemDefPath:IUnknown:AddRef (This=0x52770e0) returned 0x3 [0211.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x52770e0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x52770e0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x52770e0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23edc0) returned 0x0 [0211.490] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23edc0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.490] WbemDefPath:IUnknown:Release (This=0x23edc0) returned 0x3 [0211.490] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.490] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.491] WbemDefPath:IUnknown:QueryInterface (in: This=0x52770e0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.491] WbemDefPath:IUnknown:Release (This=0x52770e0) returned 0x2 [0211.491] WbemDefPath:IUnknown:Release (This=0x52770e0) returned 0x1 [0211.491] SetEvent (hEvent=0x3a0) returned 1 [0211.498] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ee00) returned 0x0 [0211.498] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ee00, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.498] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ee00, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5277150) returned 0x0 [0211.498] WbemDefPath:IUnknown:Release (This=0x23ee00) returned 0x0 [0211.498] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277150, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5277150) returned 0x0 [0211.498] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277150, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.499] WbemDefPath:IUnknown:AddRef (This=0x5277150) returned 0x3 [0211.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277150, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277150, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277150, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ee10) returned 0x0 [0211.499] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ee10, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.499] WbemDefPath:IUnknown:Release (This=0x23ee10) returned 0x3 [0211.499] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.499] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277150, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.499] WbemDefPath:IUnknown:Release (This=0x5277150) returned 0x2 [0211.499] WbemDefPath:IUnknown:Release (This=0x5277150) returned 0x1 [0211.499] SetEvent (hEvent=0x3a4) returned 1 [0211.507] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23ee50) returned 0x0 [0211.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x23ee50, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.507] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23ee50, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x52771c0) returned 0x0 [0211.507] WbemDefPath:IUnknown:Release (This=0x23ee50) returned 0x0 [0211.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x52771c0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x52771c0) returned 0x0 [0211.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x52771c0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.508] WbemDefPath:IUnknown:AddRef (This=0x52771c0) returned 0x3 [0211.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x52771c0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x52771c0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x52771c0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23ee60) returned 0x0 [0211.508] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23ee60, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.508] WbemDefPath:IUnknown:Release (This=0x23ee60) returned 0x3 [0211.508] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.508] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x52771c0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.508] WbemDefPath:IUnknown:Release (This=0x52771c0) returned 0x2 [0211.508] WbemDefPath:IUnknown:Release (This=0x52771c0) returned 0x1 [0211.508] SetEvent (hEvent=0x3a8) returned 1 [0211.516] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x23eea0) returned 0x0 [0211.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x23eea0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.517] WbemDefPath:IClassFactory:CreateInstance (in: This=0x23eea0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5277230) returned 0x0 [0211.517] WbemDefPath:IUnknown:Release (This=0x23eea0) returned 0x0 [0211.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277230, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5277230) returned 0x0 [0211.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277230, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.517] WbemDefPath:IUnknown:AddRef (This=0x5277230) returned 0x3 [0211.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277230, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277230, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277230, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x52750f0) returned 0x0 [0211.517] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x52750f0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.517] WbemDefPath:IUnknown:Release (This=0x52750f0) returned 0x3 [0211.517] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.518] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277230, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.518] WbemDefPath:IUnknown:Release (This=0x5277230) returned 0x2 [0211.518] WbemDefPath:IUnknown:Release (This=0x5277230) returned 0x1 [0211.518] SetEvent (hEvent=0x3ac) returned 1 [0211.525] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x5275130) returned 0x0 [0211.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x5275130, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.525] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5275130, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x52772a0) returned 0x0 [0211.526] WbemDefPath:IUnknown:Release (This=0x5275130) returned 0x0 [0211.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x52772a0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x52772a0) returned 0x0 [0211.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x52772a0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.526] WbemDefPath:IUnknown:AddRef (This=0x52772a0) returned 0x3 [0211.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x52772a0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x52772a0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x52772a0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x5275140) returned 0x0 [0211.526] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5275140, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.526] WbemDefPath:IUnknown:Release (This=0x5275140) returned 0x3 [0211.526] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.526] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x52772a0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.527] WbemDefPath:IUnknown:Release (This=0x52772a0) returned 0x2 [0211.527] WbemDefPath:IUnknown:Release (This=0x52772a0) returned 0x1 [0211.527] SetEvent (hEvent=0x3b0) returned 1 [0211.535] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x5275180) returned 0x0 [0211.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x5275180, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.535] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5275180, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5277310) returned 0x0 [0211.535] WbemDefPath:IUnknown:Release (This=0x5275180) returned 0x0 [0211.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277310, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5277310) returned 0x0 [0211.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277310, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.536] WbemDefPath:IUnknown:AddRef (This=0x5277310) returned 0x3 [0211.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277310, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277310, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277310, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x5275190) returned 0x0 [0211.536] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5275190, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.536] WbemDefPath:IUnknown:Release (This=0x5275190) returned 0x3 [0211.536] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.536] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277310, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.536] WbemDefPath:IUnknown:Release (This=0x5277310) returned 0x2 [0211.536] WbemDefPath:IUnknown:Release (This=0x5277310) returned 0x1 [0211.536] SetEvent (hEvent=0x3b4) returned 1 [0211.550] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x52751d0) returned 0x0 [0211.550] WbemDefPath:IUnknown:QueryInterface (in: This=0x52751d0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.550] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52751d0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5277380) returned 0x0 [0211.550] WbemDefPath:IUnknown:Release (This=0x52751d0) returned 0x0 [0211.550] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277380, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5277380) returned 0x0 [0211.550] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277380, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.551] WbemDefPath:IUnknown:AddRef (This=0x5277380) returned 0x3 [0211.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277380, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277380, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277380, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x52751e0) returned 0x0 [0211.551] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x52751e0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.551] WbemDefPath:IUnknown:Release (This=0x52751e0) returned 0x3 [0211.551] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.552] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277380, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.552] WbemDefPath:IUnknown:Release (This=0x5277380) returned 0x2 [0211.552] WbemDefPath:IUnknown:Release (This=0x5277380) returned 0x1 [0211.552] SetEvent (hEvent=0x3b8) returned 1 [0211.562] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x5275220) returned 0x0 [0211.562] WbemDefPath:IUnknown:QueryInterface (in: This=0x5275220, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0211.562] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5275220, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x52773f0) returned 0x0 [0211.562] WbemDefPath:IUnknown:Release (This=0x5275220) returned 0x0 [0211.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x52773f0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x52773f0) returned 0x0 [0211.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x52773f0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0211.563] WbemDefPath:IUnknown:AddRef (This=0x52773f0) returned 0x3 [0211.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x52773f0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0211.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x52773f0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0211.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x52773f0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x5275230) returned 0x0 [0211.563] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5275230, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.563] WbemDefPath:IUnknown:Release (This=0x5275230) returned 0x3 [0211.564] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0211.564] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0211.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x52773f0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0211.564] WbemDefPath:IUnknown:Release (This=0x52773f0) returned 0x2 [0211.564] WbemDefPath:IUnknown:Release (This=0x52773f0) returned 0x1 [0211.564] SetEvent (hEvent=0x3bc) returned 1 [0218.159] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x5275410) returned 0x0 [0218.160] WbemDefPath:IUnknown:QueryInterface (in: This=0x5275410, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0218.160] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5275410, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x52774d0) returned 0x0 [0218.161] WbemDefPath:IUnknown:Release (This=0x5275410) returned 0x0 [0218.161] WbemDefPath:IUnknown:QueryInterface (in: This=0x52774d0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x52774d0) returned 0x0 [0218.161] WbemDefPath:IUnknown:QueryInterface (in: This=0x52774d0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0218.161] WbemDefPath:IUnknown:AddRef (This=0x52774d0) returned 0x3 [0218.161] WbemDefPath:IUnknown:QueryInterface (in: This=0x52774d0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0218.161] WbemDefPath:IUnknown:QueryInterface (in: This=0x52774d0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0218.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x52774d0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x52752d0) returned 0x0 [0218.162] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x52752d0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0218.162] WbemDefPath:IUnknown:Release (This=0x52752d0) returned 0x3 [0218.162] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0218.162] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0218.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x52774d0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0218.162] WbemDefPath:IUnknown:Release (This=0x52774d0) returned 0x2 [0218.162] WbemDefPath:IUnknown:Release (This=0x52774d0) returned 0x1 [0218.162] SetEvent (hEvent=0x438) returned 1 [0218.316] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x52754c0) returned 0x0 [0218.316] WbemDefPath:IUnknown:QueryInterface (in: This=0x52754c0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0218.316] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52754c0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x5277540) returned 0x0 [0218.316] WbemDefPath:IUnknown:Release (This=0x52754c0) returned 0x0 [0218.316] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277540, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x5277540) returned 0x0 [0218.316] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277540, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0218.317] WbemDefPath:IUnknown:AddRef (This=0x5277540) returned 0x3 [0218.317] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277540, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0218.317] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277540, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0218.317] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277540, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x23eb70) returned 0x0 [0218.317] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x23eb70, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0218.317] WbemDefPath:IUnknown:Release (This=0x23eb70) returned 0x3 [0218.317] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0218.317] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0218.317] WbemDefPath:IUnknown:QueryInterface (in: This=0x5277540, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0218.317] WbemDefPath:IUnknown:Release (This=0x5277540) returned 0x2 [0218.317] WbemDefPath:IUnknown:Release (This=0x5277540) returned 0x1 [0218.317] SetEvent (hEvent=0x450) returned 1 [0221.917] CoGetClassObject (in: rclsid=0x21a1bc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x547f008 | out: ppv=0x547f008*=0x52a1a48) returned 0x0 [0221.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x52a1a48, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x547f220 | out: ppvObject=0x547f220*=0x0) returned 0x80004002 [0221.917] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52a1a48, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547f22c | out: ppvObject=0x547f22c*=0x52775b0) returned 0x0 [0221.918] WbemDefPath:IUnknown:Release (This=0x52a1a48) returned 0x0 [0221.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x52775b0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ee4c | out: ppvObject=0x547ee4c*=0x52775b0) returned 0x0 [0221.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x52775b0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x547ee00 | out: ppvObject=0x547ee00*=0x0) returned 0x80004002 [0221.918] WbemDefPath:IUnknown:AddRef (This=0x52775b0) returned 0x3 [0221.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x52775b0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x547e75c | out: ppvObject=0x547e75c*=0x0) returned 0x80004002 [0221.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x52775b0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x547e70c | out: ppvObject=0x547e70c*=0x0) returned 0x80004002 [0221.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x52775b0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547e718 | out: ppvObject=0x547e718*=0x52a1a58) returned 0x0 [0221.918] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x52a1a58, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x547e720 | out: pCid=0x547e720*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0221.918] WbemDefPath:IUnknown:Release (This=0x52a1a58) returned 0x3 [0221.918] CoGetContextToken (in: pToken=0x547e778 | out: pToken=0x547e778) returned 0x0 [0221.918] CoGetContextToken (in: pToken=0x547eb8c | out: pToken=0x547eb8c) returned 0x0 [0221.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x52775b0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x547ec0c | out: ppvObject=0x547ec0c*=0x0) returned 0x80004002 [0221.918] WbemDefPath:IUnknown:Release (This=0x52775b0) returned 0x2 [0221.918] WbemDefPath:IUnknown:Release (This=0x52775b0) returned 0x1 [0221.919] SetEvent (hEvent=0x468) returned 1 Thread: id = 154 os_tid = 0xcd4 [0201.157] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0201.158] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x55af744 | out: lpiid=0x55af744) returned 0x0 [0201.160] CoGetClassObject (in: rclsid=0x21a24c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x55af460 | out: ppv=0x55af460*=0x224000) returned 0x0 [0201.160] WbemLocator:IUnknown:QueryInterface (in: This=0x224000, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x55af678 | out: ppvObject=0x55af678*=0x0) returned 0x80004002 [0201.160] WbemLocator:IClassFactory:CreateInstance (in: This=0x224000, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55af684 | out: ppvObject=0x55af684*=0x219a60) returned 0x0 [0201.160] WbemLocator:IUnknown:Release (This=0x224000) returned 0x0 [0201.160] WbemLocator:IUnknown:QueryInterface (in: This=0x219a60, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55af2a4 | out: ppvObject=0x55af2a4*=0x219a60) returned 0x0 [0201.160] WbemLocator:IUnknown:QueryInterface (in: This=0x219a60, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x55af258 | out: ppvObject=0x55af258*=0x0) returned 0x80004002 [0201.161] WbemLocator:IUnknown:AddRef (This=0x219a60) returned 0x3 [0201.161] WbemLocator:IUnknown:QueryInterface (in: This=0x219a60, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x55aebb4 | out: ppvObject=0x55aebb4*=0x0) returned 0x80004002 [0201.161] WbemLocator:IUnknown:QueryInterface (in: This=0x219a60, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x55aeb64 | out: ppvObject=0x55aeb64*=0x0) returned 0x80004002 [0201.161] WbemLocator:IUnknown:QueryInterface (in: This=0x219a60, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55aeb70 | out: ppvObject=0x55aeb70*=0x0) returned 0x80004002 [0201.161] CoGetContextToken (in: pToken=0x55aebd0 | out: pToken=0x55aebd0) returned 0x0 [0201.161] CoGetObjectContext (in: riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x224004 | out: ppv=0x224004*=0x1a29f0) returned 0x0 [0201.163] CoGetContextToken (in: pToken=0x55aefe4 | out: pToken=0x55aefe4) returned 0x0 [0201.163] WbemLocator:IUnknown:QueryInterface (in: This=0x219a60, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55af064 | out: ppvObject=0x55af064*=0x0) returned 0x80004002 [0201.164] WbemLocator:IUnknown:Release (This=0x219a60) returned 0x2 [0201.164] WbemLocator:IUnknown:Release (This=0x219a60) returned 0x1 [0201.164] CoGetContextToken (in: pToken=0x55af65c | out: pToken=0x55af65c) returned 0x0 [0201.164] CoGetContextToken (in: pToken=0x55af5bc | out: pToken=0x55af5bc) returned 0x0 [0201.164] WbemLocator:IUnknown:QueryInterface (in: This=0x219a60, riid=0x55af68c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x55af688 | out: ppvObject=0x55af688*=0x219a60) returned 0x0 [0201.164] WbemLocator:IUnknown:AddRef (This=0x219a60) returned 0x3 [0201.164] WbemLocator:IUnknown:Release (This=0x219a60) returned 0x2 [0201.172] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a80, puCount=0x55af81c | out: puCount=0x55af81c*=0x2) returned 0x0 [0201.172] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=8, puBuffLength=0x55af818*=0x0, pszText=0x0 | out: puBuffLength=0x55af818*=0xf, pszText=0x0) returned 0x0 [0201.172] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a80, lFlags=8, puBuffLength=0x55af818*=0xf, pszText="00000000000000" | out: puBuffLength=0x55af818*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x55aea40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0201.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x55aef68, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0201.183] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x700e0000 [0201.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x55aef9c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymbmÛ\x10a2DþJqxòZ\x05\x01", lpUsedDefaultChar=0x0) returned 13 [0201.339] GetProcAddress (hModule=0x700e0000, lpProcName="ResetSecurity") returned 0x700e7dd0 [0201.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x55aef9c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0201.352] GetProcAddress (hModule=0x700e0000, lpProcName="SetSecurity") returned 0x700e7e20 [0201.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x55aef98, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 18 [0201.364] GetProcAddress (hModule=0x700e0000, lpProcName="BlessIWbemServices") returned 0x700e6e70 [0201.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x55aef90, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 24 [0201.400] GetProcAddress (hModule=0x700e0000, lpProcName="BlessIWbemServicesObject") returned 0x700e6ed0 [0201.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x55aef98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlembmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 17 [0201.446] GetProcAddress (hModule=0x700e0000, lpProcName="GetPropertyHandle") returned 0x700e7820 [0201.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x55aef98, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValuebmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 18 [0201.461] GetProcAddress (hModule=0x700e0000, lpProcName="WritePropertyValue") returned 0x700e7fa0 [0201.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x55aefa4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonembmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 5 [0201.481] GetProcAddress (hModule=0x700e0000, lpProcName="Clone") returned 0x700e6f30 [0201.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x55aef98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0201.492] GetProcAddress (hModule=0x700e0000, lpProcName="VerifyClientKey") returned 0x700e7f20 [0201.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x55aef98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0201.500] GetProcAddress (hModule=0x700e0000, lpProcName="GetQualifierSet") returned 0x700e78e0 [0201.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x55aefa4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0201.502] GetProcAddress (hModule=0x700e0000, lpProcName="Get") returned 0x700e75c0 [0201.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x55aefa4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0201.527] GetProcAddress (hModule=0x700e0000, lpProcName="Put") returned 0x700e7a00 [0201.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x55aefa4, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeletebmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 6 [0201.549] GetProcAddress (hModule=0x700e0000, lpProcName="Delete") returned 0x700e7300 [0201.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x55aefa0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 8 [0201.567] GetProcAddress (hModule=0x700e0000, lpProcName="GetNames") returned 0x700e77c0 [0201.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x55aef98, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 16 [0201.607] GetProcAddress (hModule=0x700e0000, lpProcName="BeginEnumeration") returned 0x700e6e30 [0201.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x55aefa4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 4 [0201.619] GetProcAddress (hModule=0x700e0000, lpProcName="Next") returned 0x700e79a0 [0201.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x55aef9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 14 [0201.640] GetProcAddress (hModule=0x700e0000, lpProcName="EndEnumeration") returned 0x700e73c0 [0201.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x55aef90, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0201.651] GetProcAddress (hModule=0x700e0000, lpProcName="GetPropertyQualifierSet") returned 0x700e78b0 [0201.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x55aefa4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonembmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 5 [0201.667] GetProcAddress (hModule=0x700e0000, lpProcName="Clone") returned 0x700e6f30 [0201.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x55aef9c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 13 [0201.668] GetProcAddress (hModule=0x700e0000, lpProcName="GetObjectText") returned 0x700e77f0 [0201.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x55aef98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 17 [0201.684] GetProcAddress (hModule=0x700e0000, lpProcName="SpawnDerivedClass") returned 0x700e7e80 [0201.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x55aef9c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancembmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 13 [0201.697] GetProcAddress (hModule=0x700e0000, lpProcName="SpawnInstance") returned 0x700e7eb0 [0201.698] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x55aefa0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTombmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 9 [0201.698] GetProcAddress (hModule=0x700e0000, lpProcName="CompareTo") returned 0x700e7020 [0201.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x55aef98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 17 [0201.710] GetProcAddress (hModule=0x700e0000, lpProcName="GetPropertyOrigin") returned 0x700e7880 [0201.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x55aef9c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 12 [0201.729] GetProcAddress (hModule=0x700e0000, lpProcName="InheritsFrom") returned 0x700e7900 [0201.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x55aefa0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 9 [0201.731] GetProcAddress (hModule=0x700e0000, lpProcName="GetMethod") returned 0x700e7730 [0201.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x55aefa0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 9 [0201.748] GetProcAddress (hModule=0x700e0000, lpProcName="PutMethod") returned 0x700e7bf0 [0201.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x55aef9c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 12 [0201.766] GetProcAddress (hModule=0x700e0000, lpProcName="DeleteMethod") returned 0x700e7320 [0201.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x55aef94, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 22 [0201.769] GetProcAddress (hModule=0x700e0000, lpProcName="BeginMethodEnumeration") returned 0x700e6e50 [0201.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x55aefa0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 10 [0201.771] GetProcAddress (hModule=0x700e0000, lpProcName="NextMethod") returned 0x700e79d0 [0201.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x55aef94, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 20 [0201.789] GetProcAddress (hModule=0x700e0000, lpProcName="EndMethodEnumeration") returned 0x700e73e0 [0201.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x55aef94, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 21 [0201.791] GetProcAddress (hModule=0x700e0000, lpProcName="GetMethodQualifierSet") returned 0x700e7790 [0201.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x55aef98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0201.793] GetProcAddress (hModule=0x700e0000, lpProcName="GetMethodOrigin") returned 0x700e7760 [0201.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x55aef98, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 16 [0201.795] GetProcAddress (hModule=0x700e0000, lpProcName="QualifierSet_Get") returned 0x700e7c80 [0201.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x55aef98, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 16 [0201.819] GetProcAddress (hModule=0x700e0000, lpProcName="QualifierSet_Put") returned 0x700e7d10 [0201.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x55aef94, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0201.841] GetProcAddress (hModule=0x700e0000, lpProcName="QualifierSet_Delete") returned 0x700e7c40 [0201.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x55aef94, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNamesmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 21 [0201.844] GetProcAddress (hModule=0x700e0000, lpProcName="QualifierSet_GetNames") returned 0x700e7cb0 [0201.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x55aef8c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumerationmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 29 [0201.866] GetProcAddress (hModule=0x700e0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x700e7c20 [0201.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x55aef98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_NextmbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 17 [0201.868] GetProcAddress (hModule=0x700e0000, lpProcName="QualifierSet_Next") returned 0x700e7ce0 [0201.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x55aef8c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0201.880] GetProcAddress (hModule=0x700e0000, lpProcName="QualifierSet_EndEnumeration") returned 0x700e7c60 [0201.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x55aef90, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0201.882] GetProcAddress (hModule=0x700e0000, lpProcName="GetCurrentApartmentType") returned 0x700e78e0 [0201.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x55aef94, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 20 [0201.894] GetProcAddress (hModule=0x700e0000, lpProcName="GetDemultiplexedStub") returned 0x700e75f0 [0201.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x55aef94, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmimbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 21 [0201.911] GetProcAddress (hModule=0x700e0000, lpProcName="CreateInstanceEnumWmi") returned 0x700e7230 [0201.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x55aef98, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmibmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 18 [0201.943] GetProcAddress (hModule=0x700e0000, lpProcName="CreateClassEnumWmi") returned 0x700e7160 [0201.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x55aef9c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 12 [0201.946] GetProcAddress (hModule=0x700e0000, lpProcName="ExecQueryWmi") returned 0x700e74e0 [0201.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x55aef90, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 24 [0201.960] GetProcAddress (hModule=0x700e0000, lpProcName="ExecNotificationQueryWmi") returned 0x700e7400 [0201.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x55aef9c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmibmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 14 [0201.965] GetProcAddress (hModule=0x700e0000, lpProcName="PutInstanceWmi") returned 0x700e7b10 [0201.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x55aef9c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0201.977] GetProcAddress (hModule=0x700e0000, lpProcName="PutClassWmi") returned 0x700e7a30 [0201.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x55aef90, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 24 [0201.980] GetProcAddress (hModule=0x700e0000, lpProcName="CloneEnumWbemClassObject") returned 0x700e6f50 [0201.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x55aef98, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 16 [0201.986] GetProcAddress (hModule=0x700e0000, lpProcName="ConnectServerWmi") returned 0x700e7050 [0201.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetErrorInfo", cchWideChar=12, lpMultiByteStr=0x55aef9c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetErrorInfo»mbmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 12 [0201.989] GetProcAddress (hModule=0x700e0000, lpProcName="GetErrorInfo") returned 0x700e7650 [0201.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Initialize", cchWideChar=10, lpMultiByteStr=0x55aefa0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializebmÛ\x10a2DþJqxòZ\x05", lpUsedDefaultChar=0x0) returned 10 [0201.990] GetProcAddress (hModule=0x700e0000, lpProcName="Initialize") returned 0x700e7920 [0201.993] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x55aef50 | out: phkResult=0x55aef50*=0x314) returned 0x0 [0201.994] RegQueryValueExW (in: hKey=0x314, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x55aef6c, lpData=0x0, lpcbData=0x55aef68*=0x0 | out: lpType=0x55aef6c*=0x0, lpData=0x0, lpcbData=0x55aef68*=0x0) returned 0x2 [0201.994] RegCloseKey (hKey=0x314) returned 0x0 [0201.995] CoCreateInstance (in: rclsid=0x700e3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x700e3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x55af6c8 | out: ppv=0x55af6c8*=0x219aa0) returned 0x0 [0201.995] WbemLocator:IWbemLocator:ConnectServer (in: This=0x219aa0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x55af768 | out: ppNamespace=0x55af768*=0x212008) returned 0x0 [0202.040] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55af5ec | out: ppvObject=0x55af5ec*=0x200a7c) returned 0x0 [0202.040] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x200a7c, pProxy=0x212008, pAuthnSvc=0x55af63c, pAuthzSvc=0x55af638, pServerPrincName=0x55af630, pAuthnLevel=0x55af634, pImpLevel=0x55af624, pAuthInfo=0x55af628, pCapabilites=0x55af62c | out: pAuthnSvc=0x55af63c*=0xa, pAuthzSvc=0x55af638*=0x0, pServerPrincName=0x55af630, pAuthnLevel=0x55af634*=0x6, pImpLevel=0x55af624*=0x2, pAuthInfo=0x55af628, pCapabilites=0x55af62c*=0x1) returned 0x0 [0202.040] WbemLocator:IUnknown:Release (This=0x200a7c) returned 0x1 [0202.040] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55af5e0 | out: ppvObject=0x55af5e0*=0x200a9c) returned 0x0 [0202.040] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55af5cc | out: ppvObject=0x55af5cc*=0x200a7c) returned 0x0 [0202.040] WbemLocator:IClientSecurity:SetBlanket (This=0x200a7c, pProxy=0x212008, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.040] WbemLocator:IUnknown:Release (This=0x200a7c) returned 0x2 [0202.040] WbemLocator:IUnknown:Release (This=0x200a9c) returned 0x1 [0202.040] CoTaskMemFree (pv=0x21a300) [0202.041] WbemLocator:IUnknown:AddRef (This=0x212008) returned 0x2 [0202.041] WbemLocator:IUnknown:Release (This=0x219aa0) returned 0x0 [0202.041] CoGetContextToken (in: pToken=0x55aeb20 | out: pToken=0x55aeb20) returned 0x0 [0202.041] CoGetContextToken (in: pToken=0x55aef34 | out: pToken=0x55aef34) returned 0x0 [0202.041] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55aeecc | out: ppvObject=0x55aeecc*=0x200a84) returned 0x0 [0202.042] WbemLocator:IRpcOptions:Query (in: This=0x200a84, pPrx=0x224198, dwProperty=2, pdwValue=0x55aefc0 | out: pdwValue=0x55aefc0) returned 0x80004002 [0202.042] WbemLocator:IUnknown:Release (This=0x200a84) returned 0x2 [0202.042] CoGetContextToken (in: pToken=0x55af504 | out: pToken=0x55af504) returned 0x0 [0202.042] CoGetContextToken (in: pToken=0x55af464 | out: pToken=0x55af464) returned 0x0 [0202.042] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x55af534*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x55af400 | out: ppvObject=0x55af400*=0x212008) returned 0x0 [0202.043] WbemLocator:IUnknown:Release (This=0x212008) returned 0x2 [0202.049] SysStringLen (param_1=0x0) returned 0x0 [0202.051] CoUninitialize () Thread: id = 155 os_tid = 0xcdc [0202.069] CoGetContextToken (in: pToken=0x558f208 | out: pToken=0x558f208) returned 0x0 [0202.069] CoGetContextToken (in: pToken=0x558f1f4 | out: pToken=0x558f1f4) returned 0x0 [0202.070] CoGetMarshalSizeMax (in: pulSize=0x558f1b0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x224198, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x558f1b0) returned 0x0 [0202.072] CoMarshalInterface (pStm=0x1ecff8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x224198, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 156 os_tid = 0xcf8 [0202.077] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x2060f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57ff020 | out: ppvObject=0x57ff020*=0x212008) returned 0x0 [0202.077] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fefbc | out: ppvObject=0x57fefbc*=0x212008) returned 0x0 [0202.077] WbemLocator:IUnknown:QueryInterface (in: This=0x212008, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fef74 | out: ppvObject=0x57fef74*=0x212008) returned 0x0 [0202.079] IWbemServices:GetObject (in: This=0x212008, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x57ff138*=0x0, ppCallResult=0x0 | out: ppObject=0x57ff138*=0x235d30, ppCallResult=0x0) returned 0x0 [0210.876] CoGetContextToken (in: pToken=0x57ff138 | out: pToken=0x57ff138) returned 0x0 [0210.876] CoGetContextToken (in: pToken=0x57ff124 | out: pToken=0x57ff124) returned 0x0 [0210.876] CoGetMarshalSizeMax (in: pulSize=0x57ff0e0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x238fa0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x57ff0e0) returned 0x0 [0210.877] CoMarshalInterface (pStm=0x1ecfd8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x238fa0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0210.879] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x2062d8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57ff020 | out: ppvObject=0x57ff020*=0x212378) returned 0x0 [0210.879] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fefbc | out: ppvObject=0x57fefbc*=0x212378) returned 0x0 [0210.879] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fef74 | out: ppvObject=0x57fef74*=0x212378) returned 0x0 [0210.880] IWbemServices:GetObject (in: This=0x212378, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x57ff138*=0x0, ppCallResult=0x0 | out: ppObject=0x57ff138*=0x23a570, ppCallResult=0x0) returned 0x0 [0218.226] CoGetContextToken (in: pToken=0x57ff138 | out: pToken=0x57ff138) returned 0x0 [0218.226] CoGetContextToken (in: pToken=0x57ff124 | out: pToken=0x57ff124) returned 0x0 [0218.226] CoGetMarshalSizeMax (in: pulSize=0x57ff0e0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x529ae60, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x57ff0e0) returned 0x0 [0218.226] CoMarshalInterface (pStm=0x5284d90, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x529ae60, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0218.228] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x2064b8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57ff020 | out: ppvObject=0x57ff020*=0x5293c98) returned 0x0 [0218.229] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fefbc | out: ppvObject=0x57fefbc*=0x5293c98) returned 0x0 [0218.229] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fef74 | out: ppvObject=0x57fef74*=0x5293c98) returned 0x0 [0218.391] CoGetContextToken (in: pToken=0x57ff138 | out: pToken=0x57ff138) returned 0x0 [0218.391] CoGetContextToken (in: pToken=0x57ff124 | out: pToken=0x57ff124) returned 0x0 [0218.391] CoGetMarshalSizeMax (in: pulSize=0x57ff0e0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x529b268, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x57ff0e0) returned 0x0 [0218.392] CoMarshalInterface (pStm=0x5284e10, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x529b268, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0218.394] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x206878*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57ff020 | out: ppvObject=0x57ff020*=0x5293d88) returned 0x0 [0218.395] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fefbc | out: ppvObject=0x57fefbc*=0x5293d88) returned 0x0 [0218.395] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x701762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57fef74 | out: ppvObject=0x57fef74*=0x5293d88) returned 0x0 Thread: id = 157 os_tid = 0xc34 [0210.836] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0210.838] CoGetClassObject (in: rclsid=0x21a24c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x59af0d0 | out: ppv=0x59af0d0*=0x236490) returned 0x0 [0210.839] WbemLocator:IUnknown:QueryInterface (in: This=0x236490, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x59af2e8 | out: ppvObject=0x59af2e8*=0x0) returned 0x80004002 [0210.839] WbemLocator:IClassFactory:CreateInstance (in: This=0x236490, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59af2f4 | out: ppvObject=0x59af2f4*=0x1eeab8) returned 0x0 [0210.839] WbemLocator:IUnknown:Release (This=0x236490) returned 0x0 [0210.839] WbemLocator:IUnknown:QueryInterface (in: This=0x1eeab8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59aef14 | out: ppvObject=0x59aef14*=0x1eeab8) returned 0x0 [0210.839] WbemLocator:IUnknown:QueryInterface (in: This=0x1eeab8, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x59aeec8 | out: ppvObject=0x59aeec8*=0x0) returned 0x80004002 [0210.839] WbemLocator:IUnknown:AddRef (This=0x1eeab8) returned 0x3 [0210.839] WbemLocator:IUnknown:QueryInterface (in: This=0x1eeab8, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x59ae824 | out: ppvObject=0x59ae824*=0x0) returned 0x80004002 [0210.839] WbemLocator:IUnknown:QueryInterface (in: This=0x1eeab8, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x59ae7d4 | out: ppvObject=0x59ae7d4*=0x0) returned 0x80004002 [0210.839] WbemLocator:IUnknown:QueryInterface (in: This=0x1eeab8, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59ae7e0 | out: ppvObject=0x59ae7e0*=0x0) returned 0x80004002 [0210.839] CoGetContextToken (in: pToken=0x59ae840 | out: pToken=0x59ae840) returned 0x0 [0210.841] CoGetContextToken (in: pToken=0x59aec54 | out: pToken=0x59aec54) returned 0x0 [0210.841] WbemLocator:IUnknown:QueryInterface (in: This=0x1eeab8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59aecd4 | out: ppvObject=0x59aecd4*=0x0) returned 0x80004002 [0210.841] WbemLocator:IUnknown:Release (This=0x1eeab8) returned 0x2 [0210.841] WbemLocator:IUnknown:Release (This=0x1eeab8) returned 0x1 [0210.842] CoGetContextToken (in: pToken=0x59af2cc | out: pToken=0x59af2cc) returned 0x0 [0210.842] CoGetContextToken (in: pToken=0x59af22c | out: pToken=0x59af22c) returned 0x0 [0210.842] WbemLocator:IUnknown:QueryInterface (in: This=0x1eeab8, riid=0x59af2fc*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x59af2f8 | out: ppvObject=0x59af2f8*=0x1eeab8) returned 0x0 [0210.842] WbemLocator:IUnknown:AddRef (This=0x1eeab8) returned 0x3 [0210.842] WbemLocator:IUnknown:Release (This=0x1eeab8) returned 0x2 [0210.843] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9cb0, puCount=0x59af48c | out: puCount=0x59af48c*=0x2) returned 0x0 [0210.843] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=8, puBuffLength=0x59af488*=0x0, pszText=0x0 | out: puBuffLength=0x59af488*=0xf, pszText=0x0) returned 0x0 [0210.843] WbemDefPath:IWbemPath:GetText (in: This=0x1e9cb0, lFlags=8, puBuffLength=0x59af488*=0xf, pszText="00000000000000" | out: puBuffLength=0x59af488*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.843] CoCreateInstance (in: rclsid=0x700e3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x700e3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x59af338 | out: ppv=0x59af338*=0x23eae0) returned 0x0 [0210.843] WbemLocator:IWbemLocator:ConnectServer (in: This=0x23eae0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x59af3d8 | out: ppNamespace=0x59af3d8*=0x212378) returned 0x0 [0210.864] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59af25c | out: ppvObject=0x59af25c*=0x200f2c) returned 0x0 [0210.864] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x200f2c, pProxy=0x212378, pAuthnSvc=0x59af2ac, pAuthzSvc=0x59af2a8, pServerPrincName=0x59af2a0, pAuthnLevel=0x59af2a4, pImpLevel=0x59af294, pAuthInfo=0x59af298, pCapabilites=0x59af29c | out: pAuthnSvc=0x59af2ac*=0xa, pAuthzSvc=0x59af2a8*=0x0, pServerPrincName=0x59af2a0, pAuthnLevel=0x59af2a4*=0x6, pImpLevel=0x59af294*=0x2, pAuthInfo=0x59af298, pCapabilites=0x59af29c*=0x1) returned 0x0 [0210.864] WbemLocator:IUnknown:Release (This=0x200f2c) returned 0x1 [0210.864] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59af250 | out: ppvObject=0x59af250*=0x200f4c) returned 0x0 [0210.865] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59af23c | out: ppvObject=0x59af23c*=0x200f2c) returned 0x0 [0210.865] WbemLocator:IClientSecurity:SetBlanket (This=0x200f2c, pProxy=0x212378, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0210.865] WbemLocator:IUnknown:Release (This=0x200f2c) returned 0x2 [0210.865] WbemLocator:IUnknown:Release (This=0x200f4c) returned 0x1 [0210.865] CoTaskMemFree (pv=0x21a540) [0210.865] WbemLocator:IUnknown:AddRef (This=0x212378) returned 0x2 [0210.865] WbemLocator:IUnknown:Release (This=0x23eae0) returned 0x0 [0210.866] CoGetContextToken (in: pToken=0x59ae790 | out: pToken=0x59ae790) returned 0x0 [0210.866] CoGetContextToken (in: pToken=0x59aeba4 | out: pToken=0x59aeba4) returned 0x0 [0210.866] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59aeb3c | out: ppvObject=0x59aeb3c*=0x200f34) returned 0x0 [0210.867] WbemLocator:IRpcOptions:Query (in: This=0x200f34, pPrx=0x238fa0, dwProperty=2, pdwValue=0x59aec30 | out: pdwValue=0x59aec30) returned 0x80004002 [0210.867] WbemLocator:IUnknown:Release (This=0x200f34) returned 0x2 [0210.867] CoGetContextToken (in: pToken=0x59af174 | out: pToken=0x59af174) returned 0x0 [0210.867] CoGetContextToken (in: pToken=0x59af0d4 | out: pToken=0x59af0d4) returned 0x0 [0210.867] WbemLocator:IUnknown:QueryInterface (in: This=0x212378, riid=0x59af1a4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x59af070 | out: ppvObject=0x59af070*=0x212378) returned 0x0 [0210.867] WbemLocator:IUnknown:Release (This=0x212378) returned 0x2 [0210.867] SysStringLen (param_1=0x0) returned 0x0 [0210.868] CoUninitialize () Thread: id = 158 os_tid = 0xda4 [0211.896] CoGetContextToken (in: pToken=0x566f7b4 | out: pToken=0x566f7b4) returned 0x0 [0211.896] IUnknown:QueryInterface (in: This=0x1a29f0, riid=0x7154b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x566f7d8 | out: ppvObject=0x566f7d8*=0x1a29fc) returned 0x0 [0211.897] IComThreadingInfo:GetCurrentThreadType (in: This=0x1a29fc, pThreadType=0x566f804 | out: pThreadType=0x566f804*=0) returned 0x0 [0211.897] IUnknown:Release (This=0x1a29fc) returned 0x1 [0211.897] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 159 os_tid = 0xd80 [0212.056] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0212.057] CoGetContextToken (in: pToken=0x59ff7a4 | out: pToken=0x59ff7a4) returned 0x0 [0212.057] IUnknown:QueryInterface (in: This=0x1a29f0, riid=0x7154b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x59ff7c8 | out: ppvObject=0x59ff7c8*=0x1a29fc) returned 0x0 [0212.057] IComThreadingInfo:GetCurrentThreadType (in: This=0x1a29fc, pThreadType=0x59ff7f4 | out: pThreadType=0x59ff7f4*=0) returned 0x0 [0212.057] IUnknown:Release (This=0x1a29fc) returned 0x1 [0212.057] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0212.057] CoUninitialize () [0232.585] CoUninitialize () Thread: id = 160 os_tid = 0xd78 Thread: id = 161 os_tid = 0xdc8 [0218.176] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0218.178] CoGetClassObject (in: rclsid=0x21a24c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5b6ec80 | out: ppv=0x5b6ec80*=0x529adb8) returned 0x0 [0218.179] WbemLocator:IUnknown:QueryInterface (in: This=0x529adb8, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5b6ee98 | out: ppvObject=0x5b6ee98*=0x0) returned 0x80004002 [0218.179] WbemLocator:IClassFactory:CreateInstance (in: This=0x529adb8, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6eea4 | out: ppvObject=0x5b6eea4*=0x52753b0) returned 0x0 [0218.179] WbemLocator:IUnknown:Release (This=0x529adb8) returned 0x0 [0218.179] WbemLocator:IUnknown:QueryInterface (in: This=0x52753b0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6eac4 | out: ppvObject=0x5b6eac4*=0x52753b0) returned 0x0 [0218.179] WbemLocator:IUnknown:QueryInterface (in: This=0x52753b0, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5b6ea78 | out: ppvObject=0x5b6ea78*=0x0) returned 0x80004002 [0218.179] WbemLocator:IUnknown:AddRef (This=0x52753b0) returned 0x3 [0218.179] WbemLocator:IUnknown:QueryInterface (in: This=0x52753b0, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5b6e3d4 | out: ppvObject=0x5b6e3d4*=0x0) returned 0x80004002 [0218.179] WbemLocator:IUnknown:QueryInterface (in: This=0x52753b0, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5b6e384 | out: ppvObject=0x5b6e384*=0x0) returned 0x80004002 [0218.179] WbemLocator:IUnknown:QueryInterface (in: This=0x52753b0, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6e390 | out: ppvObject=0x5b6e390*=0x0) returned 0x80004002 [0218.179] CoGetContextToken (in: pToken=0x5b6e3f0 | out: pToken=0x5b6e3f0) returned 0x0 [0218.181] CoGetContextToken (in: pToken=0x5b6e804 | out: pToken=0x5b6e804) returned 0x0 [0218.181] WbemLocator:IUnknown:QueryInterface (in: This=0x52753b0, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6e884 | out: ppvObject=0x5b6e884*=0x0) returned 0x80004002 [0218.181] WbemLocator:IUnknown:Release (This=0x52753b0) returned 0x2 [0218.181] WbemLocator:IUnknown:Release (This=0x52753b0) returned 0x1 [0218.181] CoGetContextToken (in: pToken=0x5b6ee7c | out: pToken=0x5b6ee7c) returned 0x0 [0218.181] CoGetContextToken (in: pToken=0x5b6eddc | out: pToken=0x5b6eddc) returned 0x0 [0218.181] WbemLocator:IUnknown:QueryInterface (in: This=0x52753b0, riid=0x5b6eeac*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5b6eea8 | out: ppvObject=0x5b6eea8*=0x52753b0) returned 0x0 [0218.181] WbemLocator:IUnknown:AddRef (This=0x52753b0) returned 0x3 [0218.181] WbemLocator:IUnknown:Release (This=0x52753b0) returned 0x2 [0218.182] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x5b6f03c | out: puCount=0x5b6f03c*=0x2) returned 0x0 [0218.182] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=8, puBuffLength=0x5b6f038*=0x0, pszText=0x0 | out: puBuffLength=0x5b6f038*=0xf, pszText=0x0) returned 0x0 [0218.182] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=8, puBuffLength=0x5b6f038*=0xf, pszText="00000000000000" | out: puBuffLength=0x5b6f038*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.182] CoCreateInstance (in: rclsid=0x700e3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x700e3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5b6eee8 | out: ppv=0x5b6eee8*=0x5275430) returned 0x0 [0218.182] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5275430, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5b6ef88 | out: ppNamespace=0x5b6ef88*=0x5293c98) returned 0x0 [0218.215] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6ee0c | out: ppvObject=0x5b6ee0c*=0x2012ec) returned 0x0 [0218.216] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x2012ec, pProxy=0x5293c98, pAuthnSvc=0x5b6ee5c, pAuthzSvc=0x5b6ee58, pServerPrincName=0x5b6ee50, pAuthnLevel=0x5b6ee54, pImpLevel=0x5b6ee44, pAuthInfo=0x5b6ee48, pCapabilites=0x5b6ee4c | out: pAuthnSvc=0x5b6ee5c*=0xa, pAuthzSvc=0x5b6ee58*=0x0, pServerPrincName=0x5b6ee50, pAuthnLevel=0x5b6ee54*=0x6, pImpLevel=0x5b6ee44*=0x2, pAuthInfo=0x5b6ee48, pCapabilites=0x5b6ee4c*=0x1) returned 0x0 [0218.216] WbemLocator:IUnknown:Release (This=0x2012ec) returned 0x1 [0218.216] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6ee00 | out: ppvObject=0x5b6ee00*=0x20130c) returned 0x0 [0218.216] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6edec | out: ppvObject=0x5b6edec*=0x2012ec) returned 0x0 [0218.216] WbemLocator:IClientSecurity:SetBlanket (This=0x2012ec, pProxy=0x5293c98, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0218.216] WbemLocator:IUnknown:Release (This=0x2012ec) returned 0x2 [0218.216] WbemLocator:IUnknown:Release (This=0x20130c) returned 0x1 [0218.217] CoTaskMemFree (pv=0x5295828) [0218.217] WbemLocator:IUnknown:AddRef (This=0x5293c98) returned 0x2 [0218.217] WbemLocator:IUnknown:Release (This=0x5275430) returned 0x0 [0218.217] CoGetContextToken (in: pToken=0x5b6e340 | out: pToken=0x5b6e340) returned 0x0 [0218.218] CoGetContextToken (in: pToken=0x5b6e754 | out: pToken=0x5b6e754) returned 0x0 [0218.218] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b6e6ec | out: ppvObject=0x5b6e6ec*=0x2012f4) returned 0x0 [0218.218] WbemLocator:IRpcOptions:Query (in: This=0x2012f4, pPrx=0x529ae60, dwProperty=2, pdwValue=0x5b6e7e0 | out: pdwValue=0x5b6e7e0) returned 0x80004002 [0218.218] WbemLocator:IUnknown:Release (This=0x2012f4) returned 0x2 [0218.218] CoGetContextToken (in: pToken=0x5b6ed24 | out: pToken=0x5b6ed24) returned 0x0 [0218.218] CoGetContextToken (in: pToken=0x5b6ec84 | out: pToken=0x5b6ec84) returned 0x0 [0218.218] WbemLocator:IUnknown:QueryInterface (in: This=0x5293c98, riid=0x5b6ed54*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5b6ec20 | out: ppvObject=0x5b6ec20*=0x5293c98) returned 0x0 [0218.219] WbemLocator:IUnknown:Release (This=0x5293c98) returned 0x2 [0218.219] SysStringLen (param_1=0x0) returned 0x0 [0218.219] CoUninitialize () Thread: id = 162 os_tid = 0xdc0 [0218.369] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0218.373] CoGetClassObject (in: rclsid=0x21a24c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x71616bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5c2f000 | out: ppv=0x5c2f000*=0x529b1c0) returned 0x0 [0218.373] WbemLocator:IUnknown:QueryInterface (in: This=0x529b1c0, riid=0x715ddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5c2f218 | out: ppvObject=0x5c2f218*=0x0) returned 0x80004002 [0218.373] WbemLocator:IClassFactory:CreateInstance (in: This=0x529b1c0, pUnkOuter=0x0, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2f224 | out: ppvObject=0x5c2f224*=0x52a19c8) returned 0x0 [0218.373] WbemLocator:IUnknown:Release (This=0x529b1c0) returned 0x0 [0218.373] WbemLocator:IUnknown:QueryInterface (in: This=0x52a19c8, riid=0x714c2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2ee44 | out: ppvObject=0x5c2ee44*=0x52a19c8) returned 0x0 [0218.373] WbemLocator:IUnknown:QueryInterface (in: This=0x52a19c8, riid=0x715b1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5c2edf8 | out: ppvObject=0x5c2edf8*=0x0) returned 0x80004002 [0218.374] WbemLocator:IUnknown:AddRef (This=0x52a19c8) returned 0x3 [0218.374] WbemLocator:IUnknown:QueryInterface (in: This=0x52a19c8, riid=0x715b182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5c2e754 | out: ppvObject=0x5c2e754*=0x0) returned 0x80004002 [0218.374] WbemLocator:IUnknown:QueryInterface (in: This=0x52a19c8, riid=0x715b1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5c2e704 | out: ppvObject=0x5c2e704*=0x0) returned 0x80004002 [0218.374] WbemLocator:IUnknown:QueryInterface (in: This=0x52a19c8, riid=0x714e1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2e710 | out: ppvObject=0x5c2e710*=0x0) returned 0x80004002 [0218.374] CoGetContextToken (in: pToken=0x5c2e770 | out: pToken=0x5c2e770) returned 0x0 [0218.374] CoGetContextToken (in: pToken=0x5c2eb84 | out: pToken=0x5c2eb84) returned 0x0 [0218.375] WbemLocator:IUnknown:QueryInterface (in: This=0x52a19c8, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2ec04 | out: ppvObject=0x5c2ec04*=0x0) returned 0x80004002 [0218.375] WbemLocator:IUnknown:Release (This=0x52a19c8) returned 0x2 [0218.375] WbemLocator:IUnknown:Release (This=0x52a19c8) returned 0x1 [0218.375] CoGetContextToken (in: pToken=0x5c2f1fc | out: pToken=0x5c2f1fc) returned 0x0 [0218.375] CoGetContextToken (in: pToken=0x5c2f15c | out: pToken=0x5c2f15c) returned 0x0 [0218.375] WbemLocator:IUnknown:QueryInterface (in: This=0x52a19c8, riid=0x5c2f22c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5c2f228 | out: ppvObject=0x5c2f228*=0x52a19c8) returned 0x0 [0218.375] WbemLocator:IUnknown:AddRef (This=0x52a19c8) returned 0x3 [0218.375] WbemLocator:IUnknown:Release (This=0x52a19c8) returned 0x2 [0218.375] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1e9a10, puCount=0x5c2f3bc | out: puCount=0x5c2f3bc*=0x2) returned 0x0 [0218.375] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=8, puBuffLength=0x5c2f3b8*=0x0, pszText=0x0 | out: puBuffLength=0x5c2f3b8*=0xf, pszText=0x0) returned 0x0 [0218.375] WbemDefPath:IWbemPath:GetText (in: This=0x1e9a10, lFlags=8, puBuffLength=0x5c2f3b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x5c2f3b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0218.375] CoCreateInstance (in: rclsid=0x700e3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x700e3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5c2f268 | out: ppv=0x5c2f268*=0x52a19e8) returned 0x0 [0218.375] WbemLocator:IWbemLocator:ConnectServer (in: This=0x52a19e8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5c2f308 | out: ppNamespace=0x5c2f308*=0x5293d88) returned 0x0 [0218.383] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2f18c | out: ppvObject=0x5c2f18c*=0x201a6c) returned 0x0 [0218.383] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x201a6c, pProxy=0x5293d88, pAuthnSvc=0x5c2f1dc, pAuthzSvc=0x5c2f1d8, pServerPrincName=0x5c2f1d0, pAuthnLevel=0x5c2f1d4, pImpLevel=0x5c2f1c4, pAuthInfo=0x5c2f1c8, pCapabilites=0x5c2f1cc | out: pAuthnSvc=0x5c2f1dc*=0xa, pAuthzSvc=0x5c2f1d8*=0x0, pServerPrincName=0x5c2f1d0, pAuthnLevel=0x5c2f1d4*=0x6, pImpLevel=0x5c2f1c4*=0x2, pAuthInfo=0x5c2f1c8, pCapabilites=0x5c2f1cc*=0x1) returned 0x0 [0218.383] WbemLocator:IUnknown:Release (This=0x201a6c) returned 0x1 [0218.383] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x700e35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2f180 | out: ppvObject=0x5c2f180*=0x201a8c) returned 0x0 [0218.383] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x700e35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2f16c | out: ppvObject=0x5c2f16c*=0x201a6c) returned 0x0 [0218.383] WbemLocator:IClientSecurity:SetBlanket (This=0x201a6c, pProxy=0x5293d88, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0218.384] WbemLocator:IUnknown:Release (This=0x201a6c) returned 0x2 [0218.384] WbemLocator:IUnknown:Release (This=0x201a8c) returned 0x1 [0218.384] CoTaskMemFree (pv=0x5295a68) [0218.384] WbemLocator:IUnknown:AddRef (This=0x5293d88) returned 0x2 [0218.384] WbemLocator:IUnknown:Release (This=0x52a19e8) returned 0x0 [0218.385] CoGetContextToken (in: pToken=0x5c2e6c0 | out: pToken=0x5c2e6c0) returned 0x0 [0218.385] CoGetContextToken (in: pToken=0x5c2ead4 | out: pToken=0x5c2ead4) returned 0x0 [0218.385] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x715b1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5c2ea6c | out: ppvObject=0x5c2ea6c*=0x201a74) returned 0x0 [0218.385] WbemLocator:IRpcOptions:Query (in: This=0x201a74, pPrx=0x529b268, dwProperty=2, pdwValue=0x5c2eb60 | out: pdwValue=0x5c2eb60) returned 0x80004002 [0218.385] WbemLocator:IUnknown:Release (This=0x201a74) returned 0x2 [0218.386] CoGetContextToken (in: pToken=0x5c2f0a4 | out: pToken=0x5c2f0a4) returned 0x0 [0218.386] CoGetContextToken (in: pToken=0x5c2f004 | out: pToken=0x5c2f004) returned 0x0 [0218.386] WbemLocator:IUnknown:QueryInterface (in: This=0x5293d88, riid=0x5c2f0d4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5c2efa0 | out: ppvObject=0x5c2efa0*=0x5293d88) returned 0x0 [0218.386] WbemLocator:IUnknown:Release (This=0x5293d88) returned 0x2 [0218.386] SysStringLen (param_1=0x0) returned 0x0 [0218.386] CoUninitialize () Thread: id = 163 os_tid = 0xdbc [0222.233] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0222.235] ResetEvent (hEvent=0x1e4) returned 1 Thread: id = 164 os_tid = 0xdb8 [0222.627] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0222.656] CoTaskMemAlloc (cb=0x20c) returned 0x249b48 [0222.656] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x249b48 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0222.656] CoTaskMemFree (pv=0x249b48) [0222.656] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x5ebd190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0222.657] CoTaskMemAlloc (cb=0x20c) returned 0x249b48 [0222.657] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x249b48 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0222.657] CoTaskMemFree (pv=0x249b48) [0222.657] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x5ebd190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0222.930] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x3e [0222.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.931] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0222.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.931] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0222.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.932] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0222.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.932] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0222.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.932] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0222.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0222.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0222.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0222.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.934] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0222.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.934] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0222.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.934] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0222.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.935] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x30 [0222.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.935] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0222.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.936] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0222.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.936] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0222.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.936] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0222.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.937] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0222.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.937] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x56 [0222.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.937] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0222.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0222.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0222.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0222.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3c [0222.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2b [0222.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucbrowser"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0222.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.940] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0222.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.940] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0222.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0222.940] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x5ebe910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0222.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebeb4c) returned 1 [0222.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x5ebee10 | out: lpFileInformation=0x5ebee10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0222.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebeb48) returned 1 [0223.026] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.027] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.027] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.027] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.033] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.033] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.033] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.034] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.034] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.034] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.034] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.034] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5ebed58, nSize=0x80 | out: lpBuffer="") returned 0x22 [0223.034] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\", lpFilePart=0x0) returned 0x33 [0223.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.035] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\", lpFilePart=0x0) returned 0x32 [0223.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.035] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", lpFilePart=0x0) returned 0x43 [0223.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.036] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", lpFilePart=0x0) returned 0x35 [0223.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.036] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\", lpFilePart=0x0) returned 0x31 [0223.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flock\\browser"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.037] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\", lpFilePart=0x0) returned 0x2c [0223.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.037] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\", lpFilePart=0x0) returned 0x2b [0223.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.037] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\", lpFilePart=0x0) returned 0x2f [0223.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.038] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\", lpFilePart=0x0) returned 0x34 [0223.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.038] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\", lpFilePart=0x0) returned 0x2c [0223.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.038] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", lpFilePart=0x0) returned 0x42 [0223.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.039] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", nBufferLength=0x105, lpBuffer=0x5ebe98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", lpFilePart=0x0) returned 0x39 [0223.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebebc8) returned 1 [0223.039] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox"), fInfoLevelId=0x0, lpFileInformation=0x5ebee8c | out: lpFileInformation=0x5ebee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebc4) returned 1 [0223.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5ebee80) returned 1 [0223.126] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\coygsq0a.byw", nBufferLength=0x105, lpBuffer=0x5ebe960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\coygsq0a.byw", lpFilePart=0x0) returned 0x2f [0223.126] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\coygsq0a.byw\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\coygsq0a.byw\\*"), lpFindFileData=0x5ebec30 | out: lpFindFileData=0x5ebec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0223.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5ebebf0) returned 1 [0223.200] CoUninitialize () Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xab2a000" os_pid = "0x2bc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1c4" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c01e" [0xc000000f], "LOCAL" [0x7] Region: id = 2304 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2305 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2306 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2307 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2308 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2309 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2310 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2311 start_va = 0xe0000 end_va = 0xecfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2312 start_va = 0xf0000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2313 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2314 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2315 start_va = 0x1a0000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2316 start_va = 0x2a0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 2317 start_va = 0x2c0000 end_va = 0x2c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 2318 start_va = 0x2d0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 2319 start_va = 0x2e0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 2320 start_va = 0x3e0000 end_va = 0x567fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2321 start_va = 0x570000 end_va = 0x6f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2322 start_va = 0x700000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2323 start_va = 0x7c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2324 start_va = 0x840000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 2325 start_va = 0x860000 end_va = 0x860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 2326 start_va = 0x870000 end_va = 0x877fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 2327 start_va = 0x880000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 2328 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 2329 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 2330 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 2331 start_va = 0x8f0000 end_va = 0x8f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 2332 start_va = 0x980000 end_va = 0x980fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 2333 start_va = 0x990000 end_va = 0x991fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 2334 start_va = 0x9a0000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 2335 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 2336 start_va = 0x9c0000 end_va = 0x9c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 2337 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 2338 start_va = 0xa20000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 2339 start_va = 0xb50000 end_va = 0xe1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2340 start_va = 0xe20000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 2341 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 2342 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2343 start_va = 0x1060000 end_va = 0x10dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 2344 start_va = 0x10e0000 end_va = 0x1141fff monitored = 0 entry_point = 0x10f08d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2345 start_va = 0x11d0000 end_va = 0x124ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 2346 start_va = 0x12a0000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 2347 start_va = 0x13c0000 end_va = 0x14bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 2348 start_va = 0x14c0000 end_va = 0x16bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 2349 start_va = 0x1720000 end_va = 0x179ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 2350 start_va = 0x17a0000 end_va = 0x181ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 2351 start_va = 0x1870000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 2352 start_va = 0x18f0000 end_va = 0x196ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 2353 start_va = 0x19f0000 end_va = 0x1a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 2354 start_va = 0x1ae0000 end_va = 0x1b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 2355 start_va = 0x1b60000 end_va = 0x1bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 2356 start_va = 0x1be0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 2357 start_va = 0x2000000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 2358 start_va = 0x2110000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 2359 start_va = 0x22c0000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2360 start_va = 0x2380000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2361 start_va = 0x2400000 end_va = 0x2802fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2362 start_va = 0x2810000 end_va = 0x288ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 2363 start_va = 0x2890000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 2364 start_va = 0x2970000 end_va = 0x29effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 2365 start_va = 0x2a70000 end_va = 0x2aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 2366 start_va = 0x2af0000 end_va = 0x2beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 2367 start_va = 0x2c40000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 2368 start_va = 0x2cc0000 end_va = 0x34bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 2369 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2370 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2371 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2372 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2373 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2374 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2375 start_va = 0xff720000 end_va = 0xff772fff monitored = 0 entry_point = 0xff733310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 2376 start_va = 0xff870000 end_va = 0xff87afff monitored = 0 entry_point = 0xff87246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2377 start_va = 0xffe50000 end_va = 0xffeb1fff monitored = 0 entry_point = 0xffe608d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2378 start_va = 0x7fef03e0000 end_va = 0x7fef048dfff monitored = 0 entry_point = 0x7fef03e4104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2379 start_va = 0x7fef42b0000 end_va = 0x7fef42fefff monitored = 0 entry_point = 0x7fef42b2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2380 start_va = 0x7fef61b0000 end_va = 0x7fef61bafff monitored = 0 entry_point = 0x7fef61b12e0 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2381 start_va = 0x7fef6210000 end_va = 0x7fef6224fff monitored = 0 entry_point = 0x7fef62112a0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2382 start_va = 0x7fef6230000 end_va = 0x7fef6248fff monitored = 0 entry_point = 0x7fef623177c region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2383 start_va = 0x7fef6670000 end_va = 0x7fef6677fff monitored = 0 entry_point = 0x7fef6671414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2384 start_va = 0x7fef6960000 end_va = 0x7fef6972fff monitored = 0 entry_point = 0x7fef6961d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2385 start_va = 0x7fef6c40000 end_va = 0x7fef6c4dfff monitored = 0 entry_point = 0x7fef6c45500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2386 start_va = 0x7fef6c50000 end_va = 0x7fef6c76fff monitored = 0 entry_point = 0x7fef6c511a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2387 start_va = 0x7fef6c80000 end_va = 0x7fef6d52fff monitored = 0 entry_point = 0x7fef6cf8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2388 start_va = 0x7fef6ee0000 end_va = 0x7fef6f56fff monitored = 0 entry_point = 0x7fef6f1e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2389 start_va = 0x7fef6ff0000 end_va = 0x7fef7114fff monitored = 0 entry_point = 0x7fef7041570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 2390 start_va = 0x7fef7120000 end_va = 0x7fef713bfff monitored = 0 entry_point = 0x7fef7121060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2391 start_va = 0x7fef9b00000 end_va = 0x7fef9b1afff monitored = 0 entry_point = 0x7fef9b01198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2392 start_va = 0x7fefa340000 end_va = 0x7fefa357fff monitored = 0 entry_point = 0x7fefa341bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2393 start_va = 0x7fefa360000 end_va = 0x7fefa370fff monitored = 0 entry_point = 0x7fefa3616ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2394 start_va = 0x7fefa390000 end_va = 0x7fefa3e2fff monitored = 0 entry_point = 0x7fefa392b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2395 start_va = 0x7fefa420000 end_va = 0x7fefa45afff monitored = 0 entry_point = 0x7fefa424520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2396 start_va = 0x7fefa460000 end_va = 0x7fefa4b0fff monitored = 0 entry_point = 0x7fefa46f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2397 start_va = 0x7fefa4d0000 end_va = 0x7fefa4d7fff monitored = 0 entry_point = 0x7fefa4d284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2398 start_va = 0x7fefa4e0000 end_va = 0x7fefa4e9fff monitored = 0 entry_point = 0x7fefa4e1adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2399 start_va = 0x7fefa9a0000 end_va = 0x7fefa9aafff monitored = 0 entry_point = 0x7fefa9a1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2400 start_va = 0x7fefa9b0000 end_va = 0x7fefa9d6fff monitored = 0 entry_point = 0x7fefa9b98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2401 start_va = 0x7fefab30000 end_va = 0x7fefab44fff monitored = 0 entry_point = 0x7fefab360d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2402 start_va = 0x7fefae50000 end_va = 0x7fefae58fff monitored = 0 entry_point = 0x7fefae51010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2403 start_va = 0x7fefae60000 end_va = 0x7fefae8bfff monitored = 0 entry_point = 0x7fefae615c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2404 start_va = 0x7fefae90000 end_va = 0x7fefaf3bfff monitored = 0 entry_point = 0x7fefaea6acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2405 start_va = 0x7fefaf40000 end_va = 0x7fefaf6cfff monitored = 0 entry_point = 0x7fefaf41010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2406 start_va = 0x7fefb0e0000 end_va = 0x7fefb0f4fff monitored = 0 entry_point = 0x7fefb0e1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2407 start_va = 0x7fefb100000 end_va = 0x7fefb10bfff monitored = 0 entry_point = 0x7fefb1018a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2408 start_va = 0x7fefb400000 end_va = 0x7fefb44afff monitored = 0 entry_point = 0x7fefb40efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2409 start_va = 0x7fefb870000 end_va = 0x7fefb99bfff monitored = 0 entry_point = 0x7fefb8794bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2410 start_va = 0x7fefbee0000 end_va = 0x7fefc075fff monitored = 0 entry_point = 0x7fefbee78e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2411 start_va = 0x7fefc080000 end_va = 0x7fefc08bfff monitored = 0 entry_point = 0x7fefc081064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2412 start_va = 0x7fefc090000 end_va = 0x7fefc14afff monitored = 0 entry_point = 0x7fefc096de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2413 start_va = 0x7fefc150000 end_va = 0x7fefc156fff monitored = 0 entry_point = 0x7fefc1514b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2414 start_va = 0x7fefc240000 end_va = 0x7fefc25afff monitored = 0 entry_point = 0x7fefc242068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2415 start_va = 0x7fefc260000 end_va = 0x7fefc27dfff monitored = 0 entry_point = 0x7fefc2613b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2416 start_va = 0x7fefc3b0000 end_va = 0x7fefc3b9fff monitored = 0 entry_point = 0x7fefc3b3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2417 start_va = 0x7fefc4b0000 end_va = 0x7fefc4f6fff monitored = 0 entry_point = 0x7fefc4b1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2418 start_va = 0x7fefc5d0000 end_va = 0x7fefc62afff monitored = 0 entry_point = 0x7fefc5d6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2419 start_va = 0x7fefc740000 end_va = 0x7fefc746fff monitored = 0 entry_point = 0x7fefc74142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2420 start_va = 0x7fefc750000 end_va = 0x7fefc7a4fff monitored = 0 entry_point = 0x7fefc751054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2421 start_va = 0x7fefc7b0000 end_va = 0x7fefc7c7fff monitored = 0 entry_point = 0x7fefc7b3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2422 start_va = 0x7fefc920000 end_va = 0x7fefc941fff monitored = 0 entry_point = 0x7fefc925d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2423 start_va = 0x7fefc9e0000 end_va = 0x7fefca4cfff monitored = 0 entry_point = 0x7fefc9e1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2424 start_va = 0x7fefcd50000 end_va = 0x7fefcd5afff monitored = 0 entry_point = 0x7fefcd51030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2425 start_va = 0x7fefcd80000 end_va = 0x7fefcda4fff monitored = 0 entry_point = 0x7fefcd89658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2426 start_va = 0x7fefcdb0000 end_va = 0x7fefcdbefff monitored = 0 entry_point = 0x7fefcdb1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2427 start_va = 0x7fefce60000 end_va = 0x7fefce9cfff monitored = 0 entry_point = 0x7fefce618f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2428 start_va = 0x7fefcea0000 end_va = 0x7fefceb3fff monitored = 0 entry_point = 0x7fefcea10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2429 start_va = 0x7fefcec0000 end_va = 0x7fefcecefff monitored = 0 entry_point = 0x7fefcec19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2430 start_va = 0x7fefcf60000 end_va = 0x7fefcf6efff monitored = 0 entry_point = 0x7fefcf61020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2431 start_va = 0x7fefcf70000 end_va = 0x7fefd0dcfff monitored = 0 entry_point = 0x7fefcf710b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2432 start_va = 0x7fefd180000 end_va = 0x7fefd1b5fff monitored = 0 entry_point = 0x7fefd181474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2433 start_va = 0x7fefd1c0000 end_va = 0x7fefd22bfff monitored = 0 entry_point = 0x7fefd1c2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2434 start_va = 0x7fefd230000 end_va = 0x7fefd26afff monitored = 0 entry_point = 0x7fefd231324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2435 start_va = 0x7fefd270000 end_va = 0x7fefd289fff monitored = 0 entry_point = 0x7fefd271558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2436 start_va = 0x7fefe1d0000 end_va = 0x7fefe2aafff monitored = 0 entry_point = 0x7fefe1f0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2437 start_va = 0x7fefe2d0000 end_va = 0x7fefe2d7fff monitored = 0 entry_point = 0x7fefe2d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2438 start_va = 0x7fefe2e0000 end_va = 0x7fefe331fff monitored = 0 entry_point = 0x7fefe2e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2439 start_va = 0x7fefe4c0000 end_va = 0x7fefe5ecfff monitored = 0 entry_point = 0x7fefe50ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2440 start_va = 0x7fefe5f0000 end_va = 0x7fefe6c6fff monitored = 0 entry_point = 0x7fefe5f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2441 start_va = 0x7fefe770000 end_va = 0x7fefe7d6fff monitored = 0 entry_point = 0x7fefe77b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2442 start_va = 0x7fefe7e0000 end_va = 0x7fefe8a8fff monitored = 0 entry_point = 0x7fefe85a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2443 start_va = 0x7fefe8b0000 end_va = 0x7fefea86fff monitored = 0 entry_point = 0x7fefe8b1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2444 start_va = 0x7fefea90000 end_va = 0x7fefeabdfff monitored = 0 entry_point = 0x7fefea91010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2445 start_va = 0x7fefeac0000 end_va = 0x7fefeb30fff monitored = 0 entry_point = 0x7fefead1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2446 start_va = 0x7fefeb40000 end_va = 0x7fefeb5efff monitored = 0 entry_point = 0x7fefeb460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2447 start_va = 0x7fefeb60000 end_va = 0x7fefebacfff monitored = 0 entry_point = 0x7fefeb61070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2448 start_va = 0x7fefebb0000 end_va = 0x7fefebbdfff monitored = 0 entry_point = 0x7fefebb1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2449 start_va = 0x7fefee20000 end_va = 0x7fefef28fff monitored = 0 entry_point = 0x7fefee21064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2450 start_va = 0x7fefef30000 end_va = 0x7feff132fff monitored = 0 entry_point = 0x7fefef53330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2451 start_va = 0x7feff140000 end_va = 0x7feff1defff monitored = 0 entry_point = 0x7feff1425a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2452 start_va = 0x7feff1e0000 end_va = 0x7feff278fff monitored = 0 entry_point = 0x7feff1e1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2453 start_va = 0x7feff290000 end_va = 0x7feff290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2454 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 2455 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 2456 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2457 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 2458 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 2459 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 2460 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2461 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2462 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2463 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2464 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2465 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2466 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2467 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2468 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2469 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2470 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2471 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2472 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2473 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2474 start_va = 0x7fffffda000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2475 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2476 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4375 start_va = 0x900000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 4376 start_va = 0xad0000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 4377 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4378 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4552 start_va = 0x10e0000 end_va = 0x1141fff monitored = 0 entry_point = 0x10f08d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4553 start_va = 0x2090000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 4554 start_va = 0xff3e0000 end_va = 0xff436fff monitored = 0 entry_point = 0xff3f3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4555 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 4556 start_va = 0x7fefaab0000 end_va = 0x7fefaae6fff monitored = 0 entry_point = 0x7fefaab8424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 4557 start_va = 0x7fefad80000 end_va = 0x7fefae2bfff monitored = 0 entry_point = 0x7fefad918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4572 start_va = 0x7fefb1e0000 end_va = 0x7fefb230fff monitored = 0 entry_point = 0x7fefb1ef6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 4573 start_va = 0x7fefb220000 end_va = 0x7fefb23cfff monitored = 0 entry_point = 0x7fefb221a28 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll") Region: id = 4574 start_va = 0x7fefc2c0000 end_va = 0x7fefc326fff monitored = 0 entry_point = 0x7fefc2cd320 region_type = mapped_file name = "umpnpmgr.dll" filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll") Region: id = 4577 start_va = 0x16e0000 end_va = 0x175ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016e0000" filename = "" Region: id = 4578 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Thread: id = 100 os_tid = 0xb24 Thread: id = 101 os_tid = 0xddc Thread: id = 102 os_tid = 0xdd8 Thread: id = 103 os_tid = 0x430 Thread: id = 104 os_tid = 0x6c0 Thread: id = 105 os_tid = 0x67c Thread: id = 106 os_tid = 0x94 Thread: id = 107 os_tid = 0x5ec Thread: id = 108 os_tid = 0x7f4 Thread: id = 109 os_tid = 0x6e0 Thread: id = 110 os_tid = 0x538 Thread: id = 111 os_tid = 0x530 Thread: id = 112 os_tid = 0x524 Thread: id = 113 os_tid = 0x410 Thread: id = 114 os_tid = 0x2a4 Thread: id = 115 os_tid = 0x3b0 Thread: id = 116 os_tid = 0x3a8 Thread: id = 117 os_tid = 0x398 Thread: id = 118 os_tid = 0x2f0 Thread: id = 119 os_tid = 0x2ec Thread: id = 120 os_tid = 0x2c8 Thread: id = 121 os_tid = 0x2c0 Thread: id = 123 os_tid = 0x874 Thread: id = 165 os_tid = 0xdec Thread: id = 166 os_tid = 0xe84 Thread: id = 184 os_tid = 0xea8 Thread: id = 192 os_tid = 0x9c4 Thread: id = 197 os_tid = 0xa58 Process: id = "6" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4e536000" os_pid = "0xd04" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x244" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004f09a" [0xc000000f] Region: id = 2639 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2640 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2641 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2642 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2643 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2644 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2645 start_va = 0xd0000 end_va = 0xd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2646 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2647 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 2648 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 2649 start_va = 0x110000 end_va = 0x11cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2650 start_va = 0x130000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2651 start_va = 0x1b0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2652 start_va = 0x2c0000 end_va = 0x2c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 2653 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2654 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2655 start_va = 0x410000 end_va = 0x597fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2656 start_va = 0x5a0000 end_va = 0x720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2657 start_va = 0x730000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 2658 start_va = 0x7f0000 end_va = 0xabefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2659 start_va = 0xb20000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 2660 start_va = 0xce0000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 2661 start_va = 0xdd0000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 2662 start_va = 0xe50000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 2663 start_va = 0xed0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 2664 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2665 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 2666 start_va = 0x11a0000 end_va = 0x121ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 2667 start_va = 0x72540000 end_va = 0x72542fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 2668 start_va = 0x72550000 end_va = 0x72552fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 2669 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2670 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2671 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2672 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2673 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2674 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2675 start_va = 0x13f880000 end_va = 0x13f8ebfff monitored = 0 entry_point = 0x13f8bb450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2676 start_va = 0x7feefdb0000 end_va = 0x7feefdc1fff monitored = 0 entry_point = 0x7feefdbaab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 2677 start_va = 0x7feefdd0000 end_va = 0x7feeffc9fff monitored = 1 entry_point = 0x7feefde4c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 2678 start_va = 0x7fef2390000 end_va = 0x7fef23d2fff monitored = 0 entry_point = 0x7fef23b1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 2679 start_va = 0x7fef4690000 end_va = 0x7fef46bbfff monitored = 0 entry_point = 0x7fef46a8194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 2680 start_va = 0x7fef6700000 end_va = 0x7fef6711fff monitored = 0 entry_point = 0x7fef67089d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2681 start_va = 0x7fef68c0000 end_va = 0x7fef68e0fff monitored = 0 entry_point = 0x7fef68d03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2682 start_va = 0x7fef6960000 end_va = 0x7fef6972fff monitored = 0 entry_point = 0x7fef6961d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2683 start_va = 0x7fef6c40000 end_va = 0x7fef6c4dfff monitored = 0 entry_point = 0x7fef6c45500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2684 start_va = 0x7fef6c50000 end_va = 0x7fef6c76fff monitored = 0 entry_point = 0x7fef6c511a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2685 start_va = 0x7fef6c80000 end_va = 0x7fef6d52fff monitored = 0 entry_point = 0x7fef6cf8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2686 start_va = 0x7fef6ee0000 end_va = 0x7fef6f56fff monitored = 1 entry_point = 0x7fef6f1e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2687 start_va = 0x7fef6fd0000 end_va = 0x7fef6fd9fff monitored = 0 entry_point = 0x7fef6fd31c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 2688 start_va = 0x7fefa820000 end_va = 0x7fefa82efff monitored = 0 entry_point = 0x7fefa821040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2689 start_va = 0x7fefaa70000 end_va = 0x7fefaa7bfff monitored = 0 entry_point = 0x7fefaa715d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2690 start_va = 0x7fefae60000 end_va = 0x7fefae8bfff monitored = 0 entry_point = 0x7fefae615c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2691 start_va = 0x7fefaf40000 end_va = 0x7fefaf6cfff monitored = 0 entry_point = 0x7fefaf41010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2692 start_va = 0x7fefafa0000 end_va = 0x7fefafa7fff monitored = 0 entry_point = 0x7fefafa11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 2693 start_va = 0x7fefb0c0000 end_va = 0x7fefb0d3fff monitored = 0 entry_point = 0x7fefb0c16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2694 start_va = 0x7fefb0e0000 end_va = 0x7fefb0f4fff monitored = 0 entry_point = 0x7fefb0e1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2695 start_va = 0x7fefb100000 end_va = 0x7fefb10bfff monitored = 0 entry_point = 0x7fefb1018a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2696 start_va = 0x7fefb110000 end_va = 0x7fefb125fff monitored = 0 entry_point = 0x7fefb1111a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2697 start_va = 0x7fefb240000 end_va = 0x7fefb250fff monitored = 0 entry_point = 0x7fefb241070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2698 start_va = 0x7fefc3b0000 end_va = 0x7fefc3b9fff monitored = 0 entry_point = 0x7fefc3b3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2699 start_va = 0x7fefc4b0000 end_va = 0x7fefc4f6fff monitored = 0 entry_point = 0x7fefc4b1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2700 start_va = 0x7fefc540000 end_va = 0x7fefc596fff monitored = 0 entry_point = 0x7fefc545e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2701 start_va = 0x7fefc5a0000 end_va = 0x7fefc5cffff monitored = 0 entry_point = 0x7fefc5a194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2702 start_va = 0x7fefc7b0000 end_va = 0x7fefc7c7fff monitored = 0 entry_point = 0x7fefc7b3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2703 start_va = 0x7fefc920000 end_va = 0x7fefc941fff monitored = 0 entry_point = 0x7fefc925d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2704 start_va = 0x7fefccb0000 end_va = 0x7fefccd2fff monitored = 0 entry_point = 0x7fefccb1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2705 start_va = 0x7fefcd50000 end_va = 0x7fefcd5afff monitored = 0 entry_point = 0x7fefcd51030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2706 start_va = 0x7fefcd80000 end_va = 0x7fefcda4fff monitored = 0 entry_point = 0x7fefcd89658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2707 start_va = 0x7fefcdb0000 end_va = 0x7fefcdbefff monitored = 0 entry_point = 0x7fefcdb1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2708 start_va = 0x7fefce60000 end_va = 0x7fefce9cfff monitored = 0 entry_point = 0x7fefce618f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2709 start_va = 0x7fefcea0000 end_va = 0x7fefceb3fff monitored = 0 entry_point = 0x7fefcea10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2710 start_va = 0x7fefcf60000 end_va = 0x7fefcf6efff monitored = 0 entry_point = 0x7fefcf61020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2711 start_va = 0x7fefcf70000 end_va = 0x7fefd0dcfff monitored = 0 entry_point = 0x7fefcf710b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2712 start_va = 0x7fefd180000 end_va = 0x7fefd1b5fff monitored = 0 entry_point = 0x7fefd181474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2713 start_va = 0x7fefd1c0000 end_va = 0x7fefd22bfff monitored = 0 entry_point = 0x7fefd1c2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2714 start_va = 0x7fefd230000 end_va = 0x7fefd26afff monitored = 0 entry_point = 0x7fefd231324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2715 start_va = 0x7fefd270000 end_va = 0x7fefd289fff monitored = 0 entry_point = 0x7fefd271558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2716 start_va = 0x7fefe1d0000 end_va = 0x7fefe2aafff monitored = 0 entry_point = 0x7fefe1f0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2717 start_va = 0x7fefe2d0000 end_va = 0x7fefe2d7fff monitored = 0 entry_point = 0x7fefe2d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2718 start_va = 0x7fefe2e0000 end_va = 0x7fefe331fff monitored = 0 entry_point = 0x7fefe2e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2719 start_va = 0x7fefe4c0000 end_va = 0x7fefe5ecfff monitored = 0 entry_point = 0x7fefe50ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2720 start_va = 0x7fefe5f0000 end_va = 0x7fefe6c6fff monitored = 0 entry_point = 0x7fefe5f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2721 start_va = 0x7fefe770000 end_va = 0x7fefe7d6fff monitored = 0 entry_point = 0x7fefe77b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2722 start_va = 0x7fefe7e0000 end_va = 0x7fefe8a8fff monitored = 0 entry_point = 0x7fefe85a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2723 start_va = 0x7fefe8b0000 end_va = 0x7fefea86fff monitored = 0 entry_point = 0x7fefe8b1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2724 start_va = 0x7fefea90000 end_va = 0x7fefeabdfff monitored = 0 entry_point = 0x7fefea91010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2725 start_va = 0x7fefeb40000 end_va = 0x7fefeb5efff monitored = 0 entry_point = 0x7fefeb460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2726 start_va = 0x7fefeb60000 end_va = 0x7fefebacfff monitored = 0 entry_point = 0x7fefeb61070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2727 start_va = 0x7fefebb0000 end_va = 0x7fefebbdfff monitored = 0 entry_point = 0x7fefebb1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2728 start_va = 0x7fefee20000 end_va = 0x7fefef28fff monitored = 0 entry_point = 0x7fefee21064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2729 start_va = 0x7fefef30000 end_va = 0x7feff132fff monitored = 0 entry_point = 0x7fefef53330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2730 start_va = 0x7feff140000 end_va = 0x7feff1defff monitored = 0 entry_point = 0x7feff1425a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2731 start_va = 0x7feff1e0000 end_va = 0x7feff278fff monitored = 0 entry_point = 0x7feff1e1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2732 start_va = 0x7feff290000 end_va = 0x7feff290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2733 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2734 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2735 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2736 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2737 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2738 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2739 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2740 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2741 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2742 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2743 start_va = 0x120000 end_va = 0x122fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2859 start_va = 0x120000 end_va = 0x121fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2860 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2861 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2862 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2863 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2864 start_va = 0xac0000 end_va = 0xb13fff monitored = 0 entry_point = 0xad3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2865 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2866 start_va = 0xac0000 end_va = 0xb13fff monitored = 0 entry_point = 0xad3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2867 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2868 start_va = 0xac0000 end_va = 0xae0fff monitored = 0 entry_point = 0xada06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2869 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2870 start_va = 0xac0000 end_va = 0xae0fff monitored = 0 entry_point = 0xada06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2871 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2872 start_va = 0xac0000 end_va = 0xae0fff monitored = 0 entry_point = 0xada06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2873 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2874 start_va = 0xac0000 end_va = 0xae0fff monitored = 0 entry_point = 0xada06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2875 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2876 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2877 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2878 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2879 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2880 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2881 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2882 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2883 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2884 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2885 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2886 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2887 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2888 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2889 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2890 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2891 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2892 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xb068c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2893 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2894 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xb068c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2895 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2896 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2897 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2898 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2899 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2900 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2901 start_va = 0xac0000 end_va = 0xae8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2902 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2903 start_va = 0xac0000 end_va = 0xae8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2904 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2905 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2906 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2907 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2908 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2909 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2910 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2911 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2912 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2913 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2914 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2915 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2916 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2917 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2918 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2919 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2920 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2921 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2922 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2923 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2924 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2925 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2926 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2927 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2928 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2929 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2930 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2931 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2932 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2933 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2934 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2935 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2936 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2937 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2938 start_va = 0xac0000 end_va = 0xb0ffff monitored = 0 entry_point = 0xac2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2939 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2940 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2941 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2942 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2943 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2944 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2945 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2946 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2947 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2948 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2949 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2950 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2951 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2952 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2953 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2954 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2955 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2956 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2957 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2958 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2959 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2960 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2961 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2962 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2963 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2964 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2965 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2966 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2967 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2968 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2969 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2970 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2971 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2972 start_va = 0xac0000 end_va = 0xae7fff monitored = 0 entry_point = 0xac1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2973 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2974 start_va = 0xac0000 end_va = 0xae7fff monitored = 0 entry_point = 0xac1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2975 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2976 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2977 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2978 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2979 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2980 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2981 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2982 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2983 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2984 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2985 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2986 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2987 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2988 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2989 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2990 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2991 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2992 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2993 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2994 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2995 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2996 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2997 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2998 start_va = 0xac0000 end_va = 0xb07fff monitored = 0 entry_point = 0xaffd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2999 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3000 start_va = 0xac0000 end_va = 0xb07fff monitored = 0 entry_point = 0xaffd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3001 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3002 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3003 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3004 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3005 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3006 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3007 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3008 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3009 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3010 start_va = 0xac0000 end_va = 0xb11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui") Region: id = 3011 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3012 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3013 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3014 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3015 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3016 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3017 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3018 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3019 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3020 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3021 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3022 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3023 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3024 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3025 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3026 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3027 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3028 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3029 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3030 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3031 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3032 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3033 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3034 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3035 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3036 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3037 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3038 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3039 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3040 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3041 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3042 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3043 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3044 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3045 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3046 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3047 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3048 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3049 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3050 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3051 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3052 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3053 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3054 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3055 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3056 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3057 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3058 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3059 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3060 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3061 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3062 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3063 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3064 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3065 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3066 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3067 start_va = 0xc90000 end_va = 0xcb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3068 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3069 start_va = 0xc90000 end_va = 0xcb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3070 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3071 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3072 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3073 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3074 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3075 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3076 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3077 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3078 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3079 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3080 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3081 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3082 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3083 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3084 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3085 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3086 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3087 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3088 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3089 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3090 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3091 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3092 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3093 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3094 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3095 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3096 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3097 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3098 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3099 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3100 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3101 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3102 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3103 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3104 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3105 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3106 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3107 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3108 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3109 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3110 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3111 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3112 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3113 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3114 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3115 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3116 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3117 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3118 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3119 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3120 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3121 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3122 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3123 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3124 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3125 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3126 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3127 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3128 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3129 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3130 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3131 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3132 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3133 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3134 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3135 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3136 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3137 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3138 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3139 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3140 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3141 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3142 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3143 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3144 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3145 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3146 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3147 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3148 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3149 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3150 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3151 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3152 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3153 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3154 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3155 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3156 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3157 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3158 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3159 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3160 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3161 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3162 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3163 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3164 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3165 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3166 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3167 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3168 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3169 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3170 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3171 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3172 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3173 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3174 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3175 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3176 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3177 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3178 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3179 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3180 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3181 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3182 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3183 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3184 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3185 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3186 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3187 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3188 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3189 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3190 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3191 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3192 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3193 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3194 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3195 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3196 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3197 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3198 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3199 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3200 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3201 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3202 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3203 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3204 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3205 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3206 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3207 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3208 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3209 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3210 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3211 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3212 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3213 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3214 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3215 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3216 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3217 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3218 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3219 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3220 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3221 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3222 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3223 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3224 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3225 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3226 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3227 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3228 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3229 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3230 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3231 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3232 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3233 start_va = 0xc90000 end_va = 0xcb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3234 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3235 start_va = 0xc90000 end_va = 0xcb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3236 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3237 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3238 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3239 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3240 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3241 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3242 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3243 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3244 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3245 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3246 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3247 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3248 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3249 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3250 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3251 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3252 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3253 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3254 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3255 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3256 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3257 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3258 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3259 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3260 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3261 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3262 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3263 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3264 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3265 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3266 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3267 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3268 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3269 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3270 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3271 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3272 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3273 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3274 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3275 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3276 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3277 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3278 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3279 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3280 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3281 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3282 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3283 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3284 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3285 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3286 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3287 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3288 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3289 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3290 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3291 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3292 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3293 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3294 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3295 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3296 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3297 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3298 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3299 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3300 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3301 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3302 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3303 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3304 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3305 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3306 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3307 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3308 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3309 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3310 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3311 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3312 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3313 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3314 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3315 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3316 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3317 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3318 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3319 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3320 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3321 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3322 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3323 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3324 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3325 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3326 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3327 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3328 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3329 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3330 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3331 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3332 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3333 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3334 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3335 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3336 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3337 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3338 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3339 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3340 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3341 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3342 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3343 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3344 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3345 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3346 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3347 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3348 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3349 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3350 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3351 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3352 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3353 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3354 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3355 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3356 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3357 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3358 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3359 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3360 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3361 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3362 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3363 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3364 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3365 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3366 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3367 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3368 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3369 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3370 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3371 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3372 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3373 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3374 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3375 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3376 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3377 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3378 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3379 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3380 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3381 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3382 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3383 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3384 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3385 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3386 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3387 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3388 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3389 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3390 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3391 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3392 start_va = 0xba0000 end_va = 0xc7bfff monitored = 0 entry_point = 0xc15ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3393 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3394 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3395 start_va = 0xc90000 end_va = 0xcb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3396 start_va = 0xba0000 end_va = 0xc81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3397 start_va = 0xc90000 end_va = 0xcb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3398 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3399 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3400 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3401 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3402 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3403 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3404 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3405 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3406 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3407 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3408 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3409 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3410 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3411 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3412 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3413 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3414 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3415 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3416 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3417 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3418 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3419 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3420 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3421 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3422 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3423 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3424 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3425 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3426 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3427 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3428 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3429 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3430 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3431 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3432 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3433 start_va = 0x2d0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3434 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3435 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3436 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3437 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3438 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3439 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3440 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3441 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3442 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3443 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3444 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3445 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3446 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3447 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3448 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3449 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3450 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3451 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3452 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3453 start_va = 0x2b0000 end_va = 0x2b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3454 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3455 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3456 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3457 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3458 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3459 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3460 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3461 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3462 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3463 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3464 start_va = 0x2d0000 end_va = 0x2e9fff monitored = 1 entry_point = 0x2d1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3465 start_va = 0x2b0000 end_va = 0x2bbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3466 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3467 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3468 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3469 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3470 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3471 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3472 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3473 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3474 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3475 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3476 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3477 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3478 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3479 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3480 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3481 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3482 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3483 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3484 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3485 start_va = 0x2d0000 end_va = 0x2ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3486 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3487 start_va = 0x1220000 end_va = 0x2014fff monitored = 0 entry_point = 0x1303268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3488 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3489 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3490 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3491 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3492 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3493 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3494 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3495 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3496 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3497 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3498 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3499 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3500 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3501 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3502 start_va = 0xba0000 end_va = 0xc88fff monitored = 0 entry_point = 0xc7906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3503 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3504 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3505 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3506 start_va = 0x1220000 end_va = 0x136cfff monitored = 0 entry_point = 0x1322a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3507 start_va = 0x2b0000 end_va = 0x2b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3508 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3509 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3510 start_va = 0x2b0000 end_va = 0x2befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3511 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3512 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3513 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3514 start_va = 0x2b0000 end_va = 0x2bffff monitored = 0 entry_point = 0x2ba33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3515 start_va = 0x2d0000 end_va = 0x2d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3516 start_va = 0x7fefa3f0000 end_va = 0x7fefa3fafff monitored = 0 entry_point = 0x7fefa3f46ec region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 3517 start_va = 0xba0000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 3518 start_va = 0x1220000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 3519 start_va = 0x1320000 end_va = 0x141ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 3525 start_va = 0x2b0000 end_va = 0x2b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 3526 start_va = 0x7fefa9b0000 end_va = 0x7fefa9d6fff monitored = 0 entry_point = 0x7fefa9b98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3527 start_va = 0x7fefa9a0000 end_va = 0x7fefa9aafff monitored = 0 entry_point = 0x7fefa9a1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3528 start_va = 0x7fefa360000 end_va = 0x7fefa370fff monitored = 0 entry_point = 0x7fefa3616ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3529 start_va = 0x7fefa340000 end_va = 0x7fefa357fff monitored = 0 entry_point = 0x7fefa341bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3530 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3531 start_va = 0x2e0000 end_va = 0x2e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3532 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3533 start_va = 0x2e0000 end_va = 0x2e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3534 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3535 start_va = 0x2e0000 end_va = 0x2e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3536 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3537 start_va = 0x2e0000 end_va = 0x2e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3538 start_va = 0x7fefc5d0000 end_va = 0x7fefc62afff monitored = 0 entry_point = 0x7fefc5d6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3539 start_va = 0x1420000 end_va = 0x160ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001420000" filename = "" Region: id = 3541 start_va = 0x2d0000 end_va = 0x2d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 3673 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3674 start_va = 0xc70000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 3675 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3676 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3677 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3678 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3679 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3680 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3681 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3682 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3683 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3684 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3685 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3686 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3687 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3688 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3689 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3690 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3691 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3692 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3693 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3694 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3695 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3696 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3697 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3698 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3699 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3700 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3701 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3702 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3703 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3704 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3705 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3706 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3707 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3708 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3709 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3710 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3711 start_va = 0x1590000 end_va = 0x160ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 3712 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3713 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3714 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3715 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3716 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3717 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3718 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3719 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3720 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3721 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3722 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3723 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3724 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3725 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3726 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3727 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3728 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3729 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3730 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3731 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3732 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3733 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3734 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3735 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3736 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3737 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3738 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3739 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3740 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3741 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3742 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3743 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3744 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3745 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3746 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3747 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3748 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3749 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3750 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3751 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3752 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3753 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3754 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3755 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3756 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3757 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3758 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3759 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3760 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3761 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3762 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3763 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3764 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3765 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3766 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3767 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3768 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3769 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3770 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3771 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3772 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3773 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3774 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3775 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3776 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3777 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3778 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3779 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3780 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3781 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3782 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3783 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3784 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3785 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3786 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3787 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3788 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3789 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3790 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3791 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3792 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3793 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3794 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3795 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3796 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3797 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3798 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3799 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3800 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3801 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3802 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3803 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3804 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3805 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3806 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3807 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3808 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3809 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3810 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3811 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3812 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3813 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3814 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3815 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3816 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3817 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3818 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3819 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3820 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3821 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3822 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3823 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3824 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3825 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3826 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3827 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3828 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3829 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3830 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3831 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3832 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3833 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3834 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3835 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3836 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3837 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3838 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3839 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3840 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3841 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3842 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3843 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3844 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3845 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3846 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3847 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3848 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3849 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3850 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3851 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3852 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3853 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3854 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3855 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3856 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3857 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3858 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3859 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3860 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3861 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3862 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3863 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3864 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3865 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3866 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3867 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3868 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3869 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3870 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3871 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3872 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3873 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3874 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3875 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3876 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3877 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3878 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3879 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3880 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3881 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3882 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3883 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3884 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3885 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3886 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3887 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3888 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3889 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3890 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3891 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3892 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3893 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3894 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3895 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3896 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3897 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3898 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3899 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3900 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3901 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3902 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3903 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3904 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3905 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3906 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3907 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3908 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3909 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3910 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3911 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3912 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3913 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3914 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3915 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3916 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3917 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3918 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3919 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3920 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3921 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3922 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3923 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3924 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3925 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3926 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3927 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3928 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3929 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3930 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3931 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3932 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3933 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3934 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3935 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3936 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3937 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3938 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3939 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3940 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3941 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3942 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3943 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3944 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3945 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3946 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3947 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3948 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3949 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3950 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3951 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3952 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3953 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3954 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3955 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3956 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3957 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3958 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3959 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3960 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3961 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3962 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3963 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3964 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3965 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3966 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3967 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3968 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3969 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3970 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3971 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3972 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3973 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3974 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3975 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3976 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3977 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3978 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3979 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3980 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3981 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3982 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3983 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3984 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3985 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3986 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3987 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3988 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3989 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3990 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3991 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3992 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3993 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3994 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3995 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3996 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3997 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3998 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3999 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4000 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4001 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4002 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4003 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4004 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4005 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4006 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4007 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4008 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4009 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4010 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4011 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4012 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4013 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4014 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4015 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4016 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4017 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4018 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4019 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4020 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4021 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4022 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4023 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4024 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4025 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4026 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4027 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4028 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4029 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4030 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4031 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4032 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4033 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4034 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4035 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4036 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4037 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4038 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4039 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4040 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4041 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4042 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4043 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4044 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4045 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4046 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4047 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4048 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4049 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4050 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4051 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4052 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4053 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4054 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4055 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4056 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4057 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4058 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4059 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4060 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4061 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4062 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4063 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4064 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4065 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4066 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4067 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4068 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4069 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4070 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4071 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4072 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4073 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4074 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4075 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4076 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4077 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4078 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4079 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4080 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4081 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4082 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4083 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4084 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4085 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4086 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4087 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4088 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4089 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4090 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4091 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4092 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4093 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4094 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4095 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4096 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4097 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4098 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4099 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4100 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4101 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4102 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4103 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4104 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4105 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4106 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4107 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4108 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4109 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4110 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4111 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4112 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4113 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4114 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4115 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4116 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4117 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4118 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4119 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4120 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4121 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4122 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4123 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4124 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4125 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4126 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4127 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4128 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4129 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4130 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4131 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4132 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4133 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4134 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4135 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4136 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4137 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4138 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4139 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4140 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4141 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4142 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4143 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4144 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4145 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4146 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4147 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4148 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4149 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4150 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4151 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4152 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4153 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4154 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4155 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4156 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4157 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4158 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4159 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4160 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4161 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4162 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4163 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4164 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4165 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4166 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4167 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4168 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4169 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4170 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4171 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4172 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4173 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4174 start_va = 0xba0000 end_va = 0xbf3fff monitored = 0 entry_point = 0xbb3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4175 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4176 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4177 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4178 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4179 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4180 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4181 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4182 start_va = 0xba0000 end_va = 0xbc0fff monitored = 0 entry_point = 0xbba06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4183 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4184 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4185 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4186 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4187 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4188 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4189 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4190 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4191 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4192 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4193 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4194 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4195 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4196 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4197 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4198 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4199 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4200 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4201 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4202 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xbe68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4203 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4204 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4205 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4206 start_va = 0x1420000 end_va = 0x14fbfff monitored = 0 entry_point = 0x1495ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4207 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4208 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4209 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4210 start_va = 0x1420000 end_va = 0x1501fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4211 start_va = 0xba0000 end_va = 0xbc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4212 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4213 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4214 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4215 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4216 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4217 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4218 start_va = 0xba0000 end_va = 0xc48fff monitored = 0 entry_point = 0xbb18d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4219 start_va = 0x2e0000 end_va = 0x2e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4220 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4221 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4222 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4223 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4224 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4225 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4226 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4227 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4228 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4229 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4230 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4231 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4232 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4233 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4234 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4235 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4236 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4237 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4238 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4239 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4240 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4241 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4242 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4243 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4244 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4245 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4246 start_va = 0xba0000 end_va = 0xbeffff monitored = 0 entry_point = 0xba2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4247 start_va = 0xbf0000 end_va = 0xc02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4248 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4249 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4250 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4251 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4252 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4253 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4254 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4255 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4256 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4257 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4258 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4259 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4260 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4261 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4262 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4263 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4264 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4265 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4266 start_va = 0xba0000 end_va = 0xc2afff monitored = 0 entry_point = 0xc151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4267 start_va = 0x2e0000 end_va = 0x2e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4268 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4269 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4270 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4271 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4272 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4273 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4274 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4275 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4276 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4277 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4278 start_va = 0xba0000 end_va = 0xbb9fff monitored = 1 entry_point = 0xba1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4279 start_va = 0x2e0000 end_va = 0x2ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4280 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4281 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4282 start_va = 0xba0000 end_va = 0xbc7fff monitored = 0 entry_point = 0xba1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4283 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4284 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4285 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4286 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4287 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4288 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4289 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4290 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4291 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4292 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4293 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4294 start_va = 0x2e0000 end_va = 0x2eafff monitored = 0 entry_point = 0x2e11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4295 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4296 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4297 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4298 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4299 start_va = 0x300000 end_va = 0x30dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4300 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4301 start_va = 0x1610000 end_va = 0x2404fff monitored = 0 entry_point = 0x16f3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4302 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4303 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4304 start_va = 0xba0000 end_va = 0xc49fff monitored = 0 entry_point = 0xbb4100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4305 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4306 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4307 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4308 start_va = 0xba0000 end_va = 0xbe7fff monitored = 0 entry_point = 0xbdfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4309 start_va = 0x2e0000 end_va = 0x2e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4310 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4311 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4312 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4313 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4314 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4315 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4316 start_va = 0x1420000 end_va = 0x1508fff monitored = 0 entry_point = 0x14f906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4317 start_va = 0x2e0000 end_va = 0x2e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4318 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4319 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4320 start_va = 0x1420000 end_va = 0x156cfff monitored = 0 entry_point = 0x1522a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4321 start_va = 0x2e0000 end_va = 0x2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4322 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4323 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4324 start_va = 0x2e0000 end_va = 0x2eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4325 start_va = 0xba0000 end_va = 0xbf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4326 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4327 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4328 start_va = 0x2e0000 end_va = 0x2effff monitored = 0 entry_point = 0x2ea33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4329 start_va = 0x300000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Thread: id = 131 os_tid = 0xb30 [0200.419] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0200.438] SetLastError (dwErrCode=0x0) [0200.438] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0) returned 1 [0200.438] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d950 [0200.438] SetLastError (dwErrCode=0x0) [0200.438] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d950, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d950, pcchLanguagesBuffer=0x121e7b0) returned 1 [0200.438] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d900 [0200.438] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d950 | out: hHeap=0x310000) returned 1 [0200.438] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x14) returned 0x37f390 [0200.438] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x37f390, pulNumLanguages=0x121e8a8 | out: pulNumLanguages=0x121e8a8) returned 1 [0200.438] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x37f390 | out: hHeap=0x310000) returned 1 [0200.451] LoadStringW (in: hInstance=0x7feefdd0000, uID=0x3e, lpBuffer=0x121de80, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa [0200.452] lstrlenW (lpString="Dell") returned 4 [0200.452] lstrlenW (lpString="0D61XP") returned 6 [0200.452] lstrlenW (lpString="A00") returned 3 [0200.453] lstrlenW (lpString="..CN747510BO0504.") returned 17 [0200.458] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x4) returned 0x34d950 [0200.458] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x34d950, pulNumLanguages=0x121e8a0 | out: pulNumLanguages=0x121e8a0) returned 1 [0200.458] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d950 | out: hHeap=0x310000) returned 1 [0202.114] SetLastError (dwErrCode=0x0) [0202.114] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0) returned 1 [0202.114] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d900 [0202.114] SetLastError (dwErrCode=0x0) [0202.114] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d900, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d900, pcchLanguagesBuffer=0x121e7b0) returned 1 [0202.114] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d950 [0202.114] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d900 | out: hHeap=0x310000) returned 1 [0202.114] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x14) returned 0x37f290 [0202.114] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x37f290, pulNumLanguages=0x121e8a8 | out: pulNumLanguages=0x121e8a8) returned 1 [0202.114] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x37f290 | out: hHeap=0x310000) returned 1 [0202.120] malloc (_Size=0x600) returned 0x1eb270 [0202.120] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x121dfcc | out: Buffer=0x0, ReturnedLength=0x121dfcc) returned 0 [0202.120] GetLastError () returned 0x7a [0202.120] malloc (_Size=0x250) returned 0x1e7cb0 [0202.120] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x1e7cb0, ReturnedLength=0x121dfcc | out: Buffer=0x1e7cb0, ReturnedLength=0x121dfcc) returned 1 [0202.120] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0202.120] GetMaximumProcessorGroupCount () returned 0x1 [0202.120] malloc (_Size=0x40) returned 0x1dd8b0 [0202.120] malloc (_Size=0x40) returned 0x1dd900 [0202.120] malloc (_Size=0x8) returned 0x1e7830 [0202.122] memcpy (in: _Dst=0x1dd8b0, _Src=0x1e7cd0, _Size=0x10 | out: _Dst=0x1dd8b0) returned 0x1dd8b0 [0202.131] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0202.131] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x121dfc4, InputBufferLength=0x2, OutputBuffer=0x1eb270, OutputBufferLength=0x60 | out: OutputBuffer=0x1eb270) returned 0x0 [0202.132] _vsnwprintf (in: _Buffer=0x121de60, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x121d758 | out: _Buffer="CPU0") returned 4 [0202.133] GetCurrentThread () returned 0xfffffffffffffffe [0202.133] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x121d630, PreviousGroupAffinity=0x121d640 | out: PreviousGroupAffinity=0x121d640) returned 1 [0202.133] GetSystemInfo (in: lpSystemInfo=0x121d7f0 | out: lpSystemInfo=0x121d7f0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0202.134] mbstowcs (in: _Dest=0x121da78, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0202.134] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0202.136] mbstowcs (in: _Dest=0x121d8e8, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0202.136] GetCurrentThread () returned 0xfffffffffffffffe [0202.136] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x121d640, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0202.139] LoadStringW (in: hInstance=0x7feefdd0000, uID=0x2c, lpBuffer=0x121d4b0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0208.872] malloc (_Size=0x305ca) returned 0x1ec1a0 [0209.480] _wtoi (_String="238") returned 238 [0209.480] _wtoi (_String="6") returned 6 [0209.480] _itow (in: _Dest=0x0, _Radix=18996624 | out: _Dest=0x0) returned="0" [0209.480] _itow (in: _Dest=0xee, _Radix=18994912 | out: _Dest=0xee) returned="238" [0209.480] malloc (_Size=0x4000) returned 0x21c780 [0209.480] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x21c780, lpcbData=0x121d6b4*=0x4000 | out: lpType=0x0, lpData=0x21c780*=0x50, lpcbData=0x121d6b4*=0x608) returned 0x0 [0209.588] free (_Block=0x21c780) [0209.590] Sleep (dwMilliseconds=0x3e8) [0210.620] _itow (in: _Dest=0xee, _Radix=18994912 | out: _Dest=0xee) returned="238" [0210.620] malloc (_Size=0x4000) returned 0x21c780 [0210.621] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x21c780, lpcbData=0x121d6b4*=0x4000 | out: lpType=0x0, lpData=0x21c780*=0x50, lpcbData=0x121d6b4*=0x608) returned 0x0 [0210.691] free (_Block=0x21c780) [0210.694] GetCurrentThreadId () returned 0xb30 [0210.694] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef6f4a0d0, BackTraceHash=0x0 | out: BackTrace=0x7fef6f4a0d0*=0x7fef6ca509b, BackTraceHash=0x0) returned 0x8 [0210.713] GetCurrentThreadId () returned 0xb30 [0210.713] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef6f4a120, BackTraceHash=0x0 | out: BackTrace=0x7fef6f4a120*=0x7fef6ca1bc2, BackTraceHash=0x0) returned 0x8 [0210.716] free (_Block=0x1ec1a0) [0210.721] _vsnwprintf (in: _Buffer=0x121dd90, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x121d758 | out: _Buffer="0F8BFBFF00050654") returned 16 [0210.722] lstrlenW (lpString=" 0") returned 2 [0210.722] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0210.723] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0210.723] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0210.723] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0210.723] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0210.723] _vsnwprintf (in: _Buffer=0x121e070, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x121df98 | out: _Buffer="CPU0") returned 4 [0210.725] free (_Block=0x1e7830) [0210.725] free (_Block=0x1dd900) [0210.726] free (_Block=0x1dd8b0) [0210.726] free (_Block=0x1e7cb0) [0210.726] free (_Block=0x1eb270) [0210.740] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x4) returned 0x34d900 [0210.740] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x34d900, pulNumLanguages=0x121e8a0 | out: pulNumLanguages=0x121e8a0) returned 1 [0210.740] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d900 | out: hHeap=0x310000) returned 1 [0210.981] SetLastError (dwErrCode=0x0) [0210.981] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0) returned 1 [0210.981] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d950 [0210.981] SetLastError (dwErrCode=0x0) [0210.982] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d950, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d950, pcchLanguagesBuffer=0x121e7b0) returned 1 [0210.982] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d900 [0210.982] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d950 | out: hHeap=0x310000) returned 1 [0210.982] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x14) returned 0x37f430 [0210.982] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x37f430, pulNumLanguages=0x121e8a8 | out: pulNumLanguages=0x121e8a8) returned 1 [0210.982] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x37f430 | out: hHeap=0x310000) returned 1 [0210.988] LoadLibraryA (lpLibFileName="IPHLPAPI.DLL") returned 0x7fefa9b0000 [0210.995] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdaptersAddresses") returned 0x7fefa9b2ab4 [0210.995] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x121e1a8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x121e1a8*=0xcc0) returned 0x6f [0211.026] malloc (_Size=0xcc0) returned 0x1eb270 [0211.026] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0x1eb270, SizePointer=0x121e1a8*=0xcc0 | out: AdapterAddresses=0x1eb270*(Alignment=0x10000001c0, Length=0x1c0, IfIndex=0x10, Next=0x1eb7a8, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x1eb4f8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x1eb5a8, FirstDnsServerAddress=0x1eb778, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x25, [2]=0x60, [3]=0xfd, [4]=0xb5, [5]=0x57, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x1eb430*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x121e1a8*=0xcc0) returned 0x0 [0211.038] malloc (_Size=0x68) returned 0x1e0a60 [0211.038] memcpy (in: _Dst=0x1e0aac, _Src=0x1eb2c0, _Size=0x6 | out: _Dst=0x1e0aac) returned 0x1e0aac [0211.039] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetIpForwardTable2") returned 0x7fefa9b61b4 [0211.039] GetIpForwardTable2 () returned 0x0 [0211.040] malloc (_Size=0x20) returned 0x1e8500 [0211.040] RtlIpv6AddressToStringW () returned 0x121e022 [0211.040] malloc (_Size=0x20) returned 0x1e84d0 [0211.040] RtlIpv4AddressToStringW () returned 0x121e008 [0211.041] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="ConvertLengthToIpv4Mask") returned 0x7fefa9b5330 [0211.041] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0x121dfd8 | out: Mask=0x121dfd8) returned 0x0 [0211.041] RtlIpv4AddressToStringW () returned 0x121e00a [0211.041] malloc (_Size=0x20) returned 0x1e8620 [0211.041] RtlIpv4AddressToStringW () returned 0x121e006 [0211.041] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="FreeMibTable") returned 0x7fefa9b5710 [0211.041] FreeMibTable () returned 0x14b01801 [0211.041] malloc (_Size=0x68) returned 0x1e0bb0 [0211.042] GetIpForwardTable2 () returned 0x0 [0211.042] malloc (_Size=0x20) returned 0x1e8680 [0211.042] RtlIpv6AddressToStringW () returned 0x121dff6 [0211.043] malloc (_Size=0x20) returned 0x1e86b0 [0211.043] RtlIpv4AddressToStringW () returned 0x121e002 [0211.043] ConvertLengthToIpv4Mask (in: MaskLength=0x8, Mask=0x121dfd8 | out: Mask=0x121dfd8) returned 0x0 [0211.043] RtlIpv4AddressToStringW () returned 0x121e002 [0211.043] FreeMibTable () returned 0x14b01801 [0211.043] malloc (_Size=0x68) returned 0x1e0c90 [0211.044] free (_Block=0x1eb270) [0211.044] _vsnwprintf (in: _Buffer=0x121df10, _BufferCount=0x105, _Format="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}", _ArgList=0x121cf38 | out: _Buffer="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}") returned 77 [0211.045] _wtol (_String="0000") returned 0 [0211.047] malloc (_Size=0x48) returned 0x1dd950 [0211.048] _wtol (_String="0001") returned 1 [0211.050] malloc (_Size=0x48) returned 0x1dd9a0 [0211.051] _wtol (_String="0002") returned 2 [0211.053] malloc (_Size=0x48) returned 0x1dd9f0 [0211.054] _wtol (_String="0003") returned 3 [0211.056] malloc (_Size=0x48) returned 0x1ee130 [0211.057] _wtol (_String="0004") returned 4 [0211.060] malloc (_Size=0x48) returned 0x1ee180 [0211.061] _wtol (_String="0005") returned 5 [0211.063] malloc (_Size=0x48) returned 0x1ee1d0 [0211.064] _wtol (_String="0006") returned 6 [0211.066] malloc (_Size=0x48) returned 0x1ee270 [0211.067] _wtol (_String="0007") returned 7 [0211.070] malloc (_Size=0x48) returned 0x1ee2c0 [0211.074] _wtol (_String="0008") returned 8 [0211.077] malloc (_Size=0x48) returned 0x1ee310 [0211.079] _wtol (_String="0009") returned 9 [0211.081] malloc (_Size=0x48) returned 0x1ee3b0 [0211.083] _wtol (_String="0010") returned 10 [0211.085] malloc (_Size=0x48) returned 0x1ee220 [0211.086] _wtol (_String="0011") returned 11 [0211.089] malloc (_Size=0x48) returned 0x1ee400 [0211.090] _wtol (_String="0012") returned 12 [0211.092] malloc (_Size=0x48) returned 0x1ee450 [0211.093] _wtol (_String="0013") returned 13 [0211.094] malloc (_Size=0x48) returned 0x1ee4a0 [0211.096] _wtol (_String="0014") returned 14 [0211.097] malloc (_Size=0x48) returned 0x1ee4f0 [0211.098] _wtol (_String="Properties") returned 0 [0211.106] QueryDosDeviceW (in: lpDeviceName="{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP10") returned 0x10 [0211.106] CreateFileW (lpFileName="\\\\.\\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}" (normalized: "\\device\\ndmp10"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x478 [0211.106] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.106] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.107] CloseHandle (hObject=0x478) returned 1 [0211.112] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.112] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.112] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.113] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.114] QueryDosDeviceW (in: lpDeviceName="{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP3") returned 0xf [0211.114] CreateFileW (lpFileName="\\\\.\\{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}" (normalized: "\\device\\ndmp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x478 [0211.115] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.115] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.115] CloseHandle (hObject=0x478) returned 1 [0211.117] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.118] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.118] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.119] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.120] QueryDosDeviceW (in: lpDeviceName="{E43D242B-9EAB-4626-A952-46649FBB939A}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP4") returned 0xf [0211.120] CreateFileW (lpFileName="\\\\.\\{E43D242B-9EAB-4626-A952-46649FBB939A}" (normalized: "\\device\\ndmp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.122] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.123] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.123] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{E43D242B-9EAB-4626-A952-46649FBB939A}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.123] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.124] QueryDosDeviceW (in: lpDeviceName="{DF4A9D2C-8742-4EB1-8703-D395C4183F33}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP9") returned 0xf [0211.124] CreateFileW (lpFileName="\\\\.\\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}" (normalized: "\\device\\ndmp9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x478 [0211.125] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.125] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.125] CloseHandle (hObject=0x478) returned 1 [0211.127] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.128] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.128] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{DF4A9D2C-8742-4EB1-8703-D395C4183F33}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.128] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.129] QueryDosDeviceW (in: lpDeviceName="{8E301A52-AFFA-4F49-B9CA-C79096A1A056}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP8") returned 0xf [0211.130] CreateFileW (lpFileName="\\\\.\\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}" (normalized: "\\device\\ndmp8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x478 [0211.130] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.130] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.130] CloseHandle (hObject=0x478) returned 1 [0211.133] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.133] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.133] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{8E301A52-AFFA-4F49-B9CA-C79096A1A056}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.134] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.135] QueryDosDeviceW (in: lpDeviceName="{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="") returned 0x0 [0211.135] GetLastError () returned 0x2 [0211.135] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", lpTargetPath="\\Device\\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}") returned 1 [0211.142] CreateFileW (lpFileName="\\\\.\\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}" (normalized: "{9a399d81-2ead-4f23-bcdd-637fc13dcd51}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.142] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", lpTargetPath="\\Device\\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}") returned 1 [0211.148] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.149] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.149] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.149] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.150] QueryDosDeviceW (in: lpDeviceName="{5BF54C7E-91DA-457D-80BF-333677D7E316}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="ˣ") returned 0x0 [0211.150] GetLastError () returned 0x2 [0211.151] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{5BF54C7E-91DA-457D-80BF-333677D7E316}", lpTargetPath="\\Device\\{5BF54C7E-91DA-457D-80BF-333677D7E316}") returned 1 [0211.155] CreateFileW (lpFileName="\\\\.\\{5BF54C7E-91DA-457D-80BF-333677D7E316}" (normalized: "{5bf54c7e-91da-457d-80bf-333677d7e316}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.156] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{5BF54C7E-91DA-457D-80BF-333677D7E316}", lpTargetPath="\\Device\\{5BF54C7E-91DA-457D-80BF-333677D7E316}") returned 1 [0211.158] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.159] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.159] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{5BF54C7E-91DA-457D-80BF-333677D7E316}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.160] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.160] QueryDosDeviceW (in: lpDeviceName="{2E05A730-9200-401C-93EB-834FDA0A8400}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="˴") returned 0x0 [0211.161] GetLastError () returned 0x2 [0211.161] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{2E05A730-9200-401C-93EB-834FDA0A8400}", lpTargetPath="\\Device\\{2E05A730-9200-401C-93EB-834FDA0A8400}") returned 1 [0211.165] CreateFileW (lpFileName="\\\\.\\{2E05A730-9200-401C-93EB-834FDA0A8400}" (normalized: "{2e05a730-9200-401c-93eb-834fda0a8400}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.166] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{2E05A730-9200-401C-93EB-834FDA0A8400}", lpTargetPath="\\Device\\{2E05A730-9200-401C-93EB-834FDA0A8400}") returned 1 [0211.169] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.170] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.170] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{2E05A730-9200-401C-93EB-834FDA0A8400}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.171] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.172] QueryDosDeviceW (in: lpDeviceName="{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="˰") returned 0x0 [0211.172] GetLastError () returned 0x2 [0211.172] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", lpTargetPath="\\Device\\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}") returned 1 [0211.176] CreateFileW (lpFileName="\\\\.\\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}" (normalized: "{2caa64ed-baa3-4473-b637-dec65a14c8aa}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.177] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", lpTargetPath="\\Device\\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}") returned 1 [0211.179] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.180] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.180] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.181] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.182] QueryDosDeviceW (in: lpDeviceName="{D798E63F-0CBA-45D6-AA42-58A00E60B2E0}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP1") returned 0xf [0211.182] CreateFileW (lpFileName="\\\\.\\{D798E63F-0CBA-45D6-AA42-58A00E60B2E0}" (normalized: "\\device\\ndmp1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x478 [0211.182] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40*, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpInBuffer=0x121cc40*, lpOutBuffer=0x121cc90*, lpBytesReturned=0x121cc50*=0x4, lpOverlapped=0x0) returned 1 [0211.183] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpOutBuffer=0x121cc90, lpBytesReturned=0x121cc50, lpOverlapped=0x0) returned 0 [0211.183] CloseHandle (hObject=0x478) returned 1 [0211.185] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.186] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.186] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{D798E63F-0CBA-45D6-AA42-58A00E60B2E0}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.187] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.188] QueryDosDeviceW (in: lpDeviceName="{78032B7E-4968-42D3-9F37-287EA86C0AAA}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP12") returned 0x10 [0211.188] CreateFileW (lpFileName="\\\\.\\{78032B7E-4968-42D3-9F37-287EA86C0AAA}" (normalized: "\\device\\ndmp12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x478 [0211.188] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40*, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpInBuffer=0x121cc40*, lpOutBuffer=0x121cc90*, lpBytesReturned=0x121cc50*=0x4, lpOverlapped=0x0) returned 1 [0211.188] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40*, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpInBuffer=0x121cc40*, lpOutBuffer=0x121cc90*, lpBytesReturned=0x121cc50*=0x6, lpOverlapped=0x0) returned 1 [0211.188] CloseHandle (hObject=0x478) returned 1 [0211.199] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.199] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.199] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{78032B7E-4968-42D3-9F37-287EA86C0AAA}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.200] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.201] QueryDosDeviceW (in: lpDeviceName="{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="ˮ") returned 0x0 [0211.201] GetLastError () returned 0x2 [0211.201] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", lpTargetPath="\\Device\\{5C264C78-4D74-46FF-BC21-C933DE51C5DF}") returned 1 [0211.206] CreateFileW (lpFileName="\\\\.\\{5C264C78-4D74-46FF-BC21-C933DE51C5DF}" (normalized: "{5c264c78-4d74-46ff-bc21-c933de51c5df}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.206] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", lpTargetPath="\\Device\\{5C264C78-4D74-46FF-BC21-C933DE51C5DF}") returned 1 [0211.210] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.210] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.210] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.211] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.212] QueryDosDeviceW (in: lpDeviceName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="˯") returned 0x0 [0211.212] GetLastError () returned 0x2 [0211.212] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", lpTargetPath="\\Device\\{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}") returned 1 [0211.217] CreateFileW (lpFileName="\\\\.\\{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}" (normalized: "{954905e5-5ed1-4baf-ac14-2c2b8b445e08}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.218] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", lpTargetPath="\\Device\\{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}") returned 1 [0211.222] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.222] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.223] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.223] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.224] QueryDosDeviceW (in: lpDeviceName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="˯") returned 0x0 [0211.224] GetLastError () returned 0x2 [0211.224] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", lpTargetPath="\\Device\\{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}") returned 1 [0211.232] CreateFileW (lpFileName="\\\\.\\{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}" (normalized: "{2e4c7576-f100-4c39-a70c-5e6d4e6bf9b7}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0211.232] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", lpTargetPath="\\Device\\{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}") returned 1 [0211.236] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.236] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.236] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.237] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.238] QueryDosDeviceW (in: lpDeviceName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", lpTargetPath=0x121dc90, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP11") returned 0x10 [0211.238] CreateFileW (lpFileName="\\\\.\\{68F1467C-143D-484A-87A1-65BCBB1B2D48}" (normalized: "\\device\\ndmp11"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x478 [0211.238] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40*, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpInBuffer=0x121cc40*, lpOutBuffer=0x121cc90*, lpBytesReturned=0x121cc50*=0x4, lpOverlapped=0x0) returned 1 [0211.238] DeviceIoControl (in: hDevice=0x478, dwIoControlCode=0x170002, lpInBuffer=0x121cc40*, nInBufferSize=0x4, lpOutBuffer=0x121cc90, nOutBufferSize=0x1000, lpBytesReturned=0x121cc50, lpOverlapped=0x0 | out: lpInBuffer=0x121cc40*, lpOutBuffer=0x121cc90*, lpBytesReturned=0x121cc50*=0x6, lpOverlapped=0x0) returned 1 [0211.239] CloseHandle (hObject=0x478) returned 1 [0211.242] malloc (_Size=0x18) returned 0x1f4570 [0211.242] malloc (_Size=0x18) returned 0x1f4590 [0211.242] SafeArrayPutElement (psa=0x38a6e0, rgIndices=0x121dd70, pv=0x38a958) returned 0x0 [0211.242] malloc (_Size=0x18) returned 0x1f45b0 [0211.242] SafeArrayPutElement (psa=0x38a760, rgIndices=0x121dd70, pv=0x3a81c8) returned 0x0 [0211.242] free (_Block=0x1f45b0) [0211.242] free (_Block=0x1f4590) [0211.242] malloc (_Size=0x18) returned 0x1f4590 [0211.242] SafeArrayPutElement (psa=0x38a6e0, rgIndices=0x121dd70, pv=0x3a81c8) returned 0x0 [0211.242] malloc (_Size=0x18) returned 0x1f45b0 [0211.243] SafeArrayPutElement (psa=0x38a760, rgIndices=0x121dd70, pv=0x3b1a28) returned 0x0 [0211.243] free (_Block=0x1f45b0) [0211.243] free (_Block=0x1f4590) [0211.243] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.243] SafeArrayGetDim (psa=0x38a6e0) returned 0x1 [0211.243] SafeArrayGetLBound (in: psa=0x38a6e0, nDim=0x1, plLbound=0x121da54 | out: plLbound=0x121da54) returned 0x0 [0211.243] SafeArrayGetUBound (in: psa=0x38a6e0, nDim=0x1, plUbound=0x121da60 | out: plUbound=0x121da60) returned 0x0 [0211.243] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x28) returned 0x394c40 [0211.243] SafeArrayGetDim (psa=0x38a6e0) returned 0x1 [0211.243] SafeArrayGetUBound (in: psa=0x38a6e0, nDim=0x1, plUbound=0x121da18 | out: plUbound=0x121da18) returned 0x0 [0211.243] SafeArrayGetElemsize (psa=0x38a6e0) returned 0x8 [0211.243] SafeArrayGetElement (in: psa=0x38a6e0, rgIndices=0x121d9a8, pv=0x121d9b0 | out: pv=0x121d9b0) returned 0x0 [0211.243] memcpy (in: _Dst=0x121d9a8, _Src=0x37f430, _Size=0x8 | out: _Dst=0x121d9a8) returned 0x121d9a8 [0211.244] memcpy (in: _Dst=0x121d9a8, _Src=0x37f438, _Size=0x8 | out: _Dst=0x121d9a8) returned 0x121d9a8 [0211.245] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x394c40 | out: hHeap=0x310000) returned 1 [0211.245] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.245] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.245] SafeArrayGetDim (psa=0x38a760) returned 0x1 [0211.245] SafeArrayGetLBound (in: psa=0x38a760, nDim=0x1, plLbound=0x121da54 | out: plLbound=0x121da54) returned 0x0 [0211.245] SafeArrayGetUBound (in: psa=0x38a760, nDim=0x1, plUbound=0x121da60 | out: plUbound=0x121da60) returned 0x0 [0211.245] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x28) returned 0x394c40 [0211.245] SafeArrayGetDim (psa=0x38a760) returned 0x1 [0211.245] SafeArrayGetUBound (in: psa=0x38a760, nDim=0x1, plUbound=0x121da18 | out: plUbound=0x121da18) returned 0x0 [0211.245] SafeArrayGetElemsize (psa=0x38a760) returned 0x8 [0211.246] SafeArrayGetElement (in: psa=0x38a760, rgIndices=0x121d9a8, pv=0x121d9b0 | out: pv=0x121d9b0) returned 0x0 [0211.246] memcpy (in: _Dst=0x121d9a8, _Src=0x37f2d0, _Size=0x8 | out: _Dst=0x121d9a8) returned 0x121d9a8 [0211.246] memcpy (in: _Dst=0x121d9a8, _Src=0x37f2d8, _Size=0x8 | out: _Dst=0x121d9a8) returned 0x121d9a8 [0211.247] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x394c40 | out: hHeap=0x310000) returned 1 [0211.247] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.247] free (_Block=0x1f4570) [0211.248] malloc (_Size=0x18) returned 0x1f4570 [0211.248] SafeArrayPutElement (psa=0x38a6e0, rgIndices=0x121dd78, pv=0x3b1a28) returned 0x0 [0211.248] SafeArrayPutElement (psa=0x38a760, rgIndices=0x121dd78, pv=0x1e863c) returned 0x0 [0211.248] free (_Block=0x1f4570) [0211.248] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.248] SafeArrayGetDim (psa=0x38a6e0) returned 0x1 [0211.248] SafeArrayGetLBound (in: psa=0x38a6e0, nDim=0x1, plLbound=0x121da54 | out: plLbound=0x121da54) returned 0x0 [0211.248] SafeArrayGetUBound (in: psa=0x38a6e0, nDim=0x1, plUbound=0x121da60 | out: plUbound=0x121da60) returned 0x0 [0211.248] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x28) returned 0x394c40 [0211.248] SafeArrayGetDim (psa=0x38a6e0) returned 0x1 [0211.248] SafeArrayGetUBound (in: psa=0x38a6e0, nDim=0x1, plUbound=0x121da18 | out: plUbound=0x121da18) returned 0x0 [0211.248] SafeArrayGetElemsize (psa=0x38a6e0) returned 0x8 [0211.248] SafeArrayGetElement (in: psa=0x38a6e0, rgIndices=0x121d9a8, pv=0x121d9b0 | out: pv=0x121d9b0) returned 0x0 [0211.248] memcpy (in: _Dst=0x121d9a8, _Src=0x34d950, _Size=0x8 | out: _Dst=0x121d9a8) returned 0x121d9a8 [0211.249] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x394c40 | out: hHeap=0x310000) returned 1 [0211.249] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.249] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.249] SafeArrayGetDim (psa=0x38a760) returned 0x1 [0211.250] SafeArrayGetLBound (in: psa=0x38a760, nDim=0x1, plLbound=0x121da54 | out: plLbound=0x121da54) returned 0x0 [0211.250] SafeArrayGetUBound (in: psa=0x38a760, nDim=0x1, plUbound=0x121da60 | out: plUbound=0x121da60) returned 0x0 [0211.250] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x28) returned 0x394c40 [0211.250] SafeArrayGetDim (psa=0x38a760) returned 0x1 [0211.250] SafeArrayGetUBound (in: psa=0x38a760, nDim=0x1, plUbound=0x121da18 | out: plUbound=0x121da18) returned 0x0 [0211.250] SafeArrayGetElemsize (psa=0x38a760) returned 0x4 [0211.250] SafeArrayGetElement (in: psa=0x38a760, rgIndices=0x121d9b0, pv=0x121d9e0 | out: pv=0x121d9e0) returned 0x0 [0211.250] SafeArrayGetElement (in: psa=0x38a760, rgIndices=0x121d9b0, pv=0x121d9e0 | out: pv=0x121d9e0) returned 0x0 [0211.250] memcpy (in: _Dst=0x121d9a8, _Src=0x34d970, _Size=0x4 | out: _Dst=0x121d9a8) returned 0x121d9a8 [0211.251] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x394c40 | out: hHeap=0x310000) returned 1 [0211.251] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.252] _wtol (_String="1654869469") returned 1654869469 [0211.252] _wtol (_String="1654865869") returned 1654865869 [0211.327] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.328] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.328] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.328] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.329] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.329] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.330] GetProcessHeap () returned 0x310000 [0211.330] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x8, Size=0x1c0) returned 0x3a26c0 [0211.330] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x3a26c0, SizePointer=0x121d8b0*=0x1c0 | out: AdapterAddresses=0x3a26c0*(Alignment=0x0, Length=0x0, IfIndex=0x0, Next=0x0, AdapterName=0x0, FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix=0x0, Description=0x0, FriendlyName=0x0, PhysicalAddress=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x0, Flags=0x0, DdnsEnabled=0x0, RegisterAdapterSuffix=0x0, Dhcpv4Enabled=0x0, ReceiveOnly=0x0, NoMulticast=0x0, Ipv6OtherStatefulConfig=0x0, NetbiosOverTcpipEnabled=0x0, Ipv4Enabled=0x0, Ipv6Enabled=0x0, Ipv6ManagedAddressConfigurationSupported=0x0, Mtu=0x0, IfType=0x0, OperStatus=0x0, Ipv6IfIndex=0x0, ZoneIndices=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0), FirstPrefix=0x0, TransmitLinkSpeed=0x0, ReceiveLinkSpeed=0x0, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0x0, Ipv6Metric=0x0, Luid=0x0, Dhcpv4Server.lpSockaddr=0x0, Dhcpv4Server.iSockaddrLength=0, CompartmentId=0x0, NetworkGuid=0x0, ConnectionType=0x0, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0x0, Dhcpv6Iaid=0x0, FirstDnsSuffix=0x0), SizePointer=0x121d8b0*=0x760) returned 0x6f [0211.338] GetProcessHeap () returned 0x310000 [0211.338] RtlFreeHeap (HeapHandle=0x310000, Flags=0x0, BaseAddress=0x3a26c0) returned 1 [0211.338] GetProcessHeap () returned 0x310000 [0211.338] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x8, Size=0x760) returned 0x406410 [0211.338] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x406410, SizePointer=0x121d8b0*=0x760 | out: AdapterAddresses=0x406410*(Alignment=0x10000001c0, Length=0x1c0, IfIndex=0x10, Next=0x406698, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x25, [2]=0x60, [3]=0xfd, [4]=0xb5, [5]=0x57, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x4065d0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x121d8b0*=0x760) returned 0x0 [0211.345] GetProcessHeap () returned 0x310000 [0211.345] RtlFreeHeap (HeapHandle=0x310000, Flags=0x0, BaseAddress=0x406410) returned 1 [0211.348] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5d0000 [0211.356] GetProcAddress (hModule=0x7fefc5d0000, lpProcName="DnsQueryConfigAllocEx") returned 0x7fefc5d5e88 [0211.356] DnsQueryConfigAllocEx () returned 0x1591940 [0211.362] GetProcAddress (hModule=0x7fefc5d0000, lpProcName="DnsFreeConfigStructure") returned 0x7fefc5e6838 [0211.362] DnsFreeConfigStructure () returned 0x47fea401 [0211.363] GetProcAddress (hModule=0x7fefc5d0000, lpProcName="DnsQueryConfigDword") returned 0x7fefc5e0ad0 [0211.363] DnsQueryConfigDword () returned 0x1 [0211.364] DnsQueryConfigDword () returned 0x0 [0211.365] malloc (_Size=0x18) returned 0x1f4570 [0211.365] SafeArrayPutElement (psa=0x3bc740, rgIndices=0x121da44, pv=0x3b1a28) returned 0x0 [0211.365] free (_Block=0x1f4570) [0211.367] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.367] SafeArrayGetDim (psa=0x3bc740) returned 0x1 [0211.367] SafeArrayGetLBound (in: psa=0x3bc740, nDim=0x1, plLbound=0x121db14 | out: plLbound=0x121db14) returned 0x0 [0211.367] SafeArrayGetUBound (in: psa=0x3bc740, nDim=0x1, plUbound=0x121db20 | out: plUbound=0x121db20) returned 0x0 [0211.367] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x28) returned 0x394d60 [0211.367] SafeArrayGetDim (psa=0x3bc740) returned 0x1 [0211.367] SafeArrayGetUBound (in: psa=0x3bc740, nDim=0x1, plUbound=0x121dad8 | out: plUbound=0x121dad8) returned 0x0 [0211.367] SafeArrayGetElemsize (psa=0x3bc740) returned 0x8 [0211.367] SafeArrayGetElement (in: psa=0x3bc740, rgIndices=0x121da68, pv=0x121da70 | out: pv=0x121da70) returned 0x0 [0211.368] memcpy (in: _Dst=0x121da68, _Src=0x34d970, _Size=0x8 | out: _Dst=0x121da68) returned 0x121da68 [0211.368] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x394d60 | out: hHeap=0x310000) returned 1 [0211.368] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.369] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x78) returned 0x346e00 [0211.369] SafeArrayGetDim (psa=0x37aac0) returned 0x1 [0211.369] SafeArrayGetLBound (in: psa=0x37aac0, nDim=0x1, plLbound=0x121db14 | out: plLbound=0x121db14) returned 0x0 [0211.369] SafeArrayGetUBound (in: psa=0x37aac0, nDim=0x1, plUbound=0x121db20 | out: plUbound=0x121db20) returned 0x0 [0211.369] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x28) returned 0x394d60 [0211.369] SafeArrayGetDim (psa=0x37aac0) returned 0x1 [0211.369] SafeArrayGetUBound (in: psa=0x37aac0, nDim=0x1, plUbound=0x121dad8 | out: plUbound=0x121dad8) returned 0x0 [0211.369] SafeArrayGetElemsize (psa=0x37aac0) returned 0x8 [0211.370] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x394d60 | out: hHeap=0x310000) returned 1 [0211.370] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x346e00 | out: hHeap=0x310000) returned 1 [0211.373] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa9b0000 [0211.373] GetProcAddress (hModule=0x7fefa9b0000, lpProcName="GetAdapterIndex") returned 0x7fefa9b51fc [0211.373] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{68F1467C-143D-484A-87A1-65BCBB1B2D48}", IfIndex=0x121e138 | out: IfIndex=0x121e138) returned 0x0 [0211.374] FreeLibrary (hLibModule=0x7fefa9b0000) returned 1 [0211.375] free (_Block=0x1dd950) [0211.376] free (_Block=0x1dd9a0) [0211.376] free (_Block=0x1dd9f0) [0211.377] free (_Block=0x1ee130) [0211.377] free (_Block=0x1ee180) [0211.378] free (_Block=0x1ee1d0) [0211.379] free (_Block=0x1ee270) [0211.379] free (_Block=0x1ee2c0) [0211.380] free (_Block=0x1ee310) [0211.380] free (_Block=0x1ee3b0) [0211.381] free (_Block=0x1ee220) [0211.381] free (_Block=0x1ee400) [0211.382] free (_Block=0x1ee450) [0211.382] free (_Block=0x1ee4a0) [0211.383] free (_Block=0x1ee4f0) [0211.383] free (_Block=0x1e8500) [0211.384] free (_Block=0x1e84d0) [0211.384] free (_Block=0x1e8620) [0211.384] free (_Block=0x1e0a60) [0211.385] free (_Block=0x1e8680) [0211.385] free (_Block=0x1e86b0) [0211.386] free (_Block=0x1e0bb0) [0211.386] free (_Block=0x1e0c90) [0211.400] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x4) returned 0x34d970 [0211.400] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x34d970, pulNumLanguages=0x121e8a0 | out: pulNumLanguages=0x121e8a0) returned 1 [0211.400] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d970 | out: hHeap=0x310000) returned 1 [0218.256] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0218.414] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0218.436] SetLastError (dwErrCode=0x0) [0218.436] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x121e7b0) returned 1 [0218.436] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d900 [0218.436] SetLastError (dwErrCode=0x0) [0218.436] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d900, pcchLanguagesBuffer=0x121e7b0 | out: pulNumLanguages=0x121e8a8, pwszLanguagesBuffer=0x34d900, pcchLanguagesBuffer=0x121e7b0) returned 1 [0218.436] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x8) returned 0x34d970 [0218.436] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d900 | out: hHeap=0x310000) returned 1 [0218.436] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x14) returned 0x37f430 [0218.436] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x37f430, pulNumLanguages=0x121e8a8 | out: pulNumLanguages=0x121e8a8) returned 1 [0218.436] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x37f430 | out: hHeap=0x310000) returned 1 [0218.440] malloc (_Size=0x600) returned 0x1fad20 [0218.441] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x121dfcc | out: Buffer=0x0, ReturnedLength=0x121dfcc) returned 0 [0218.441] GetLastError () returned 0x7a [0218.441] malloc (_Size=0x250) returned 0x1e7cb0 [0218.441] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x1e7cb0, ReturnedLength=0x121dfcc | out: Buffer=0x1e7cb0, ReturnedLength=0x121dfcc) returned 1 [0218.441] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0218.441] GetMaximumProcessorGroupCount () returned 0x1 [0218.441] malloc (_Size=0x40) returned 0x1dd900 [0218.441] malloc (_Size=0x40) returned 0x1dd8b0 [0218.441] malloc (_Size=0x8) returned 0x1e7830 [0218.441] memcpy (in: _Dst=0x1dd900, _Src=0x1e7cd0, _Size=0x10 | out: _Dst=0x1dd900) returned 0x1dd900 [0218.443] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0218.443] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x121dfc4, InputBufferLength=0x2, OutputBuffer=0x1fad20, OutputBufferLength=0x60 | out: OutputBuffer=0x1fad20) returned 0x0 [0218.443] _vsnwprintf (in: _Buffer=0x121de60, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x121d758 | out: _Buffer="CPU0") returned 4 [0218.444] GetCurrentThread () returned 0xfffffffffffffffe [0218.444] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x121d630, PreviousGroupAffinity=0x121d640 | out: PreviousGroupAffinity=0x121d640) returned 1 [0218.444] GetSystemInfo (in: lpSystemInfo=0x121d7f0 | out: lpSystemInfo=0x121d7f0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0218.444] mbstowcs (in: _Dest=0x121da78, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0218.444] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0218.446] mbstowcs (in: _Dest=0x121d8e8, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0218.446] GetCurrentThread () returned 0xfffffffffffffffe [0218.446] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x121d640, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0218.452] LoadStringW (in: hInstance=0x7feefdd0000, uID=0x2c, lpBuffer=0x121d4b0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0220.298] malloc (_Size=0x305ca) returned 0x1fbc50 [0220.859] _wtoi (_String="238") returned 238 [0220.859] _wtoi (_String="6") returned 6 [0220.859] _itow (in: _Dest=0x0, _Radix=18996624 | out: _Dest=0x0) returned="0" [0220.859] _itow (in: _Dest=0xee, _Radix=18994912 | out: _Dest=0xee) returned="238" [0220.860] malloc (_Size=0x4000) returned 0x22c230 [0220.860] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x22c230, lpcbData=0x121d6b4*=0x4000 | out: lpType=0x0, lpData=0x22c230*=0x50, lpcbData=0x121d6b4*=0x608) returned 0x0 [0220.872] free (_Block=0x22c230) [0220.872] Sleep (dwMilliseconds=0x3e8) [0221.882] _itow (in: _Dest=0xee, _Radix=18994912 | out: _Dest=0xee) returned="238" [0221.883] malloc (_Size=0x4000) returned 0x22c230 [0221.883] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x22c230, lpcbData=0x121d6b4*=0x4000 | out: lpType=0x0, lpData=0x22c230*=0x50, lpcbData=0x121d6b4*=0x608) returned 0x0 [0221.884] free (_Block=0x22c230) [0221.885] GetCurrentThreadId () returned 0xb30 [0221.885] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef6f4a170, BackTraceHash=0x0 | out: BackTrace=0x7fef6f4a170*=0x7fef6ca509b, BackTraceHash=0x0) returned 0x8 [0221.885] GetCurrentThreadId () returned 0xb30 [0221.885] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef6f4a1c0, BackTraceHash=0x0 | out: BackTrace=0x7fef6f4a1c0*=0x7fef6ca1bc2, BackTraceHash=0x0) returned 0x8 [0221.889] free (_Block=0x1fbc50) [0221.893] _vsnwprintf (in: _Buffer=0x121dd90, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x121d758 | out: _Buffer="0F8BFBFF00050654") returned 16 [0221.894] lstrlenW (lpString=" 0") returned 2 [0221.895] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0221.895] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0221.896] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0221.896] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0221.896] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0221.896] _vsnwprintf (in: _Buffer=0x121e070, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x121df98 | out: _Buffer="CPU0") returned 4 [0221.897] free (_Block=0x1e7830) [0221.898] free (_Block=0x1dd8b0) [0221.898] free (_Block=0x1dd900) [0221.898] free (_Block=0x1e7cb0) [0221.899] free (_Block=0x1fad20) [0221.907] RtlAllocateHeap (HeapHandle=0x310000, Flags=0x0, Size=0x4) returned 0x34d900 [0221.907] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x34d900, pulNumLanguages=0x121e8a0 | out: pulNumLanguages=0x121e8a0) returned 1 [0221.907] HeapFree (in: hHeap=0x310000, dwFlags=0x0, lpMem=0x34d900 | out: hHeap=0x310000) returned 1 Thread: id = 132 os_tid = 0xd24 Thread: id = 133 os_tid = 0xd20 Thread: id = 134 os_tid = 0xd1c Thread: id = 135 os_tid = 0xd18 Thread: id = 136 os_tid = 0xd10 Thread: id = 137 os_tid = 0xd0c Thread: id = 138 os_tid = 0xd08 Thread: id = 195 os_tid = 0x9e8 Thread: id = 200 os_tid = 0xf4c Process: id = "7" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x60629000" os_pid = "0x794" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x244" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d8ed" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2773 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2774 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2775 start_va = 0x30000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2776 start_va = 0xb0000 end_va = 0xb3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2777 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2778 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2779 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2780 start_va = 0x150000 end_va = 0x154fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2781 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 2782 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2783 start_va = 0x180000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2784 start_va = 0x280000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 2785 start_va = 0x380000 end_va = 0x507fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2786 start_va = 0x510000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2787 start_va = 0x6a0000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2788 start_va = 0x760000 end_va = 0xa2efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2789 start_va = 0xa30000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 2790 start_va = 0xa40000 end_va = 0xa40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 2791 start_va = 0xa60000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 2792 start_va = 0xaf0000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 2793 start_va = 0xc60000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 2794 start_va = 0xd30000 end_va = 0xdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 2795 start_va = 0xde0000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 2796 start_va = 0xe70000 end_va = 0xeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 2797 start_va = 0xf90000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 2798 start_va = 0x1010000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 2799 start_va = 0x11a0000 end_va = 0x121ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 2800 start_va = 0x12b0000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 2801 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2802 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2803 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2804 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2805 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2806 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2807 start_va = 0x13f880000 end_va = 0x13f8ebfff monitored = 0 entry_point = 0x13f8bb450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2808 start_va = 0x7feefd30000 end_va = 0x7feefd7dfff monitored = 0 entry_point = 0x7feefd31198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 2809 start_va = 0x7feefd80000 end_va = 0x7feefda4fff monitored = 1 entry_point = 0x7feefd98d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 2810 start_va = 0x7fef4140000 end_va = 0x7fef41c5fff monitored = 1 entry_point = 0x7fef414ffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2811 start_va = 0x7fef41d0000 end_va = 0x7fef420bfff monitored = 1 entry_point = 0x7fef41f5aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 2812 start_va = 0x7fef6700000 end_va = 0x7fef6711fff monitored = 0 entry_point = 0x7fef67089d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2813 start_va = 0x7fef68c0000 end_va = 0x7fef68e0fff monitored = 0 entry_point = 0x7fef68d03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2814 start_va = 0x7fef6960000 end_va = 0x7fef6972fff monitored = 0 entry_point = 0x7fef6961d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2815 start_va = 0x7fef6c40000 end_va = 0x7fef6c4dfff monitored = 0 entry_point = 0x7fef6c45500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2816 start_va = 0x7fef6c50000 end_va = 0x7fef6c76fff monitored = 0 entry_point = 0x7fef6c511a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2817 start_va = 0x7fef6c80000 end_va = 0x7fef6d52fff monitored = 0 entry_point = 0x7fef6cf8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2818 start_va = 0x7fef6ee0000 end_va = 0x7fef6f56fff monitored = 1 entry_point = 0x7fef6f1e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2819 start_va = 0x7fefaf40000 end_va = 0x7fefaf6cfff monitored = 0 entry_point = 0x7fefaf41010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2820 start_va = 0x7fefc4b0000 end_va = 0x7fefc4f6fff monitored = 0 entry_point = 0x7fefc4b1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2821 start_va = 0x7fefc7b0000 end_va = 0x7fefc7c7fff monitored = 0 entry_point = 0x7fefc7b3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2822 start_va = 0x7fefc920000 end_va = 0x7fefc941fff monitored = 0 entry_point = 0x7fefc925d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2823 start_va = 0x7fefc9e0000 end_va = 0x7fefca4cfff monitored = 0 entry_point = 0x7fefc9e1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2824 start_va = 0x7fefcdb0000 end_va = 0x7fefcdbefff monitored = 0 entry_point = 0x7fefcdb1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2825 start_va = 0x7fefcea0000 end_va = 0x7fefceb3fff monitored = 0 entry_point = 0x7fefcea10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2826 start_va = 0x7fefd1c0000 end_va = 0x7fefd22bfff monitored = 0 entry_point = 0x7fefd1c2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2827 start_va = 0x7fefe1d0000 end_va = 0x7fefe2aafff monitored = 0 entry_point = 0x7fefe1f0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2828 start_va = 0x7fefe2d0000 end_va = 0x7fefe2d7fff monitored = 0 entry_point = 0x7fefe2d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2829 start_va = 0x7fefe2e0000 end_va = 0x7fefe331fff monitored = 0 entry_point = 0x7fefe2e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2830 start_va = 0x7fefe4c0000 end_va = 0x7fefe5ecfff monitored = 0 entry_point = 0x7fefe50ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2831 start_va = 0x7fefe5f0000 end_va = 0x7fefe6c6fff monitored = 0 entry_point = 0x7fefe5f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2832 start_va = 0x7fefe770000 end_va = 0x7fefe7d6fff monitored = 0 entry_point = 0x7fefe77b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2833 start_va = 0x7fefe7e0000 end_va = 0x7fefe8a8fff monitored = 0 entry_point = 0x7fefe85a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2834 start_va = 0x7fefea90000 end_va = 0x7fefeabdfff monitored = 0 entry_point = 0x7fefea91010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2835 start_va = 0x7fefeb40000 end_va = 0x7fefeb5efff monitored = 0 entry_point = 0x7fefeb460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2836 start_va = 0x7fefeb60000 end_va = 0x7fefebacfff monitored = 0 entry_point = 0x7fefeb61070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2837 start_va = 0x7fefebb0000 end_va = 0x7fefebbdfff monitored = 0 entry_point = 0x7fefebb1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2838 start_va = 0x7fefee20000 end_va = 0x7fefef28fff monitored = 0 entry_point = 0x7fefee21064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2839 start_va = 0x7fefef30000 end_va = 0x7feff132fff monitored = 0 entry_point = 0x7fefef53330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2840 start_va = 0x7feff140000 end_va = 0x7feff1defff monitored = 0 entry_point = 0x7feff1425a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2841 start_va = 0x7feff1e0000 end_va = 0x7feff278fff monitored = 0 entry_point = 0x7feff1e1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2842 start_va = 0x7feff290000 end_va = 0x7feff290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2843 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2844 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2845 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2846 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2847 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2848 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2849 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2850 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2851 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2852 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 139 os_tid = 0xb0c Thread: id = 140 os_tid = 0x600 Thread: id = 141 os_tid = 0x7c4 Thread: id = 142 os_tid = 0x278 Thread: id = 143 os_tid = 0x60c Thread: id = 144 os_tid = 0x5cc Thread: id = 145 os_tid = 0x4c0 Thread: id = 146 os_tid = 0x568 Thread: id = 194 os_tid = 0x9e0 Thread: id = 201 os_tid = 0xf6c Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x8131000" os_pid = "0x32c" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1c4" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c516" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4380 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4381 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 4382 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4383 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4384 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4385 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 4386 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 4387 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 4388 start_va = 0x1e0000 end_va = 0x1ecfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 4389 start_va = 0x1f0000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 4390 start_va = 0x270000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 4391 start_va = 0x370000 end_va = 0x370fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 4392 start_va = 0x380000 end_va = 0x380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 4393 start_va = 0x390000 end_va = 0x390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 4394 start_va = 0x3a0000 end_va = 0x3a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 4395 start_va = 0x3b0000 end_va = 0x3b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 4396 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4397 start_va = 0x3d0000 end_va = 0x557fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 4398 start_va = 0x560000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 4399 start_va = 0x6f0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 4400 start_va = 0x830000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 4401 start_va = 0x8b0000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 4402 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 4403 start_va = 0x940000 end_va = 0x941fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 4404 start_va = 0x950000 end_va = 0x951fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 4405 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 4406 start_va = 0x970000 end_va = 0x98ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rasdlg.dll.mui" filename = "\\Windows\\System32\\en-US\\rasdlg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rasdlg.dll.mui") Region: id = 4407 start_va = 0x990000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 4408 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 4409 start_va = 0xa20000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 4410 start_va = 0xa50000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 4411 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 4412 start_va = 0xb10000 end_va = 0xddefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4413 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 4414 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 4415 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 4416 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 4417 start_va = 0x11d0000 end_va = 0x124ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 4418 start_va = 0x1250000 end_va = 0x12cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 4419 start_va = 0x12f0000 end_va = 0x136ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 4420 start_va = 0x13a0000 end_va = 0x141ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 4421 start_va = 0x14b0000 end_va = 0x152ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 4422 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 4423 start_va = 0x1600000 end_va = 0x167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 4424 start_va = 0x1690000 end_va = 0x178ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 4425 start_va = 0x18c0000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018c0000" filename = "" Region: id = 4426 start_va = 0x1940000 end_va = 0x1a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 4427 start_va = 0x1a40000 end_va = 0x1abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a40000" filename = "" Region: id = 4428 start_va = 0x1ae0000 end_va = 0x1b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 4429 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 4430 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 4431 start_va = 0x1e00000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 4432 start_va = 0x1eb0000 end_va = 0x1ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 4433 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 4434 start_va = 0x2020000 end_va = 0x202ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 4435 start_va = 0x2030000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 4436 start_va = 0x2130000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 4437 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 4438 start_va = 0x73910000 end_va = 0x73912fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 4439 start_va = 0x76d50000 end_va = 0x76e49fff monitored = 0 entry_point = 0x76d6a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4440 start_va = 0x76e50000 end_va = 0x76f6efff monitored = 0 entry_point = 0x76e65340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4441 start_va = 0x76f70000 end_va = 0x77118fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4442 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4443 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4444 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4445 start_va = 0xff870000 end_va = 0xff87afff monitored = 0 entry_point = 0xff87246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4446 start_va = 0x7fef36c0000 end_va = 0x7fef36fefff monitored = 0 entry_point = 0x7fef36c12c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 4447 start_va = 0x7fef3810000 end_va = 0x7fef382bfff monitored = 0 entry_point = 0x7fef38111a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4448 start_va = 0x7fef3830000 end_va = 0x7fef3891fff monitored = 0 entry_point = 0x7fef3831198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4449 start_va = 0x7fef38a0000 end_va = 0x7fef38d9fff monitored = 0 entry_point = 0x7fef38a1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 4450 start_va = 0x7fef38e0000 end_va = 0x7fef39b7fff monitored = 0 entry_point = 0x7fef3948bd0 region_type = mapped_file name = "rasdlg.dll" filename = "\\Windows\\System32\\rasdlg.dll" (normalized: "c:\\windows\\system32\\rasdlg.dll") Region: id = 4451 start_va = 0x7fef39c0000 end_va = 0x7fef3a1bfff monitored = 0 entry_point = 0x7fef39c8c20 region_type = mapped_file name = "netman.dll" filename = "\\Windows\\System32\\netman.dll" (normalized: "c:\\windows\\system32\\netman.dll") Region: id = 4452 start_va = 0x7fef3c60000 end_va = 0x7fef3eeafff monitored = 0 entry_point = 0x7fef3c66f5c region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 4453 start_va = 0x7fef6260000 end_va = 0x7fef626bfff monitored = 0 entry_point = 0x7fef626419c region_type = mapped_file name = "apphlpdm.dll" filename = "\\Windows\\System32\\Apphlpdm.dll" (normalized: "c:\\windows\\system32\\apphlpdm.dll") Region: id = 4454 start_va = 0x7fef6270000 end_va = 0x7fef6286fff monitored = 0 entry_point = 0x7fef627d308 region_type = mapped_file name = "portabledeviceconnectapi.dll" filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll") Region: id = 4455 start_va = 0x7fef6290000 end_va = 0x7fef634cfff monitored = 0 entry_point = 0x7fef6291ea4 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 4456 start_va = 0x7fef63c0000 end_va = 0x7fef643bfff monitored = 0 entry_point = 0x7fef63c11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 4457 start_va = 0x7fef68f0000 end_va = 0x7fef695afff monitored = 0 entry_point = 0x7fef6934344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 4458 start_va = 0x7fef6960000 end_va = 0x7fef6972fff monitored = 0 entry_point = 0x7fef6961d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 4459 start_va = 0x7fef6b40000 end_va = 0x7fef6bc3fff monitored = 0 entry_point = 0x7fef6b91118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 4460 start_va = 0x7fef6c40000 end_va = 0x7fef6c4dfff monitored = 0 entry_point = 0x7fef6c45500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 4461 start_va = 0x7fef6c50000 end_va = 0x7fef6c76fff monitored = 0 entry_point = 0x7fef6c511a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 4462 start_va = 0x7fef6c80000 end_va = 0x7fef6d52fff monitored = 0 entry_point = 0x7fef6cf8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 4463 start_va = 0x7fef6ee0000 end_va = 0x7fef6f56fff monitored = 0 entry_point = 0x7fef6f1e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 4464 start_va = 0x7fef6fa0000 end_va = 0x7fef6fc1fff monitored = 0 entry_point = 0x7fef6fa1020 region_type = mapped_file name = "trkwks.dll" filename = "\\Windows\\System32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll") Region: id = 4465 start_va = 0x7fef7180000 end_va = 0x7fef718ffff monitored = 0 entry_point = 0x7fef7181010 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 4466 start_va = 0x7fef7190000 end_va = 0x7fef71a1fff monitored = 0 entry_point = 0x7fef7191050 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 4467 start_va = 0x7fef71b0000 end_va = 0x7fef7206fff monitored = 0 entry_point = 0x7fef71b1118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 4468 start_va = 0x7fef7210000 end_va = 0x7fef7242fff monitored = 0 entry_point = 0x7fef721101c region_type = mapped_file name = "pcasvc.dll" filename = "\\Windows\\System32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll") Region: id = 4469 start_va = 0x7fef7250000 end_va = 0x7fef7268fff monitored = 0 entry_point = 0x7fef7252b50 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 4470 start_va = 0x7fefa810000 end_va = 0x7fefa81ffff monitored = 0 entry_point = 0x7fefa8127f0 region_type = mapped_file name = "uxsms.dll" filename = "\\Windows\\System32\\uxsms.dll" (normalized: "c:\\windows\\system32\\uxsms.dll") Region: id = 4471 start_va = 0x7fefa9a0000 end_va = 0x7fefa9aafff monitored = 0 entry_point = 0x7fefa9a1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4472 start_va = 0x7fefa9b0000 end_va = 0x7fefa9d6fff monitored = 0 entry_point = 0x7fefa9b98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4473 start_va = 0x7fefaa60000 end_va = 0x7fefaa6afff monitored = 0 entry_point = 0x7fefaa64f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 4474 start_va = 0x7fefaa70000 end_va = 0x7fefaa7bfff monitored = 0 entry_point = 0x7fefaa715d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 4475 start_va = 0x7fefaa90000 end_va = 0x7fefaaa8fff monitored = 0 entry_point = 0x7fefaa911a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 4476 start_va = 0x7fefaaf0000 end_va = 0x7fefab2cfff monitored = 0 entry_point = 0x7fefaaf1b7c region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll") Region: id = 4477 start_va = 0x7fefab30000 end_va = 0x7fefab44fff monitored = 0 entry_point = 0x7fefab360d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4478 start_va = 0x7fefac20000 end_va = 0x7fefad46fff monitored = 0 entry_point = 0x7fefac210ec region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 4479 start_va = 0x7fefad50000 end_va = 0x7fefad7ffff monitored = 0 entry_point = 0x7fefad6fe98 region_type = mapped_file name = "peerdist.dll" filename = "\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll") Region: id = 4480 start_va = 0x7fefad80000 end_va = 0x7fefae2bfff monitored = 0 entry_point = 0x7fefad918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4481 start_va = 0x7fefae50000 end_va = 0x7fefae58fff monitored = 0 entry_point = 0x7fefae51010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 4482 start_va = 0x7fefae60000 end_va = 0x7fefae8bfff monitored = 0 entry_point = 0x7fefae615c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4483 start_va = 0x7fefae90000 end_va = 0x7fefaf3bfff monitored = 0 entry_point = 0x7fefaea6acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 4484 start_va = 0x7fefaf40000 end_va = 0x7fefaf6cfff monitored = 0 entry_point = 0x7fefaf41010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4485 start_va = 0x7fefaf70000 end_va = 0x7fefaf80fff monitored = 0 entry_point = 0x7fefaf714c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4486 start_va = 0x7fefb240000 end_va = 0x7fefb250fff monitored = 0 entry_point = 0x7fefb241070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4487 start_va = 0x7fefb3a0000 end_va = 0x7fefb3d4fff monitored = 0 entry_point = 0x7fefb3a1064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4488 start_va = 0x7fefb400000 end_va = 0x7fefb44afff monitored = 0 entry_point = 0x7fefb40efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 4489 start_va = 0x7fefb870000 end_va = 0x7fefb99bfff monitored = 0 entry_point = 0x7fefb8794bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4490 start_va = 0x7fefb9f0000 end_va = 0x7fefbbe3fff monitored = 0 entry_point = 0x7fefbb7c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4491 start_va = 0x7fefc080000 end_va = 0x7fefc08bfff monitored = 0 entry_point = 0x7fefc081064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4492 start_va = 0x7fefc240000 end_va = 0x7fefc25afff monitored = 0 entry_point = 0x7fefc242068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4493 start_va = 0x7fefc260000 end_va = 0x7fefc27dfff monitored = 0 entry_point = 0x7fefc2613b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4494 start_va = 0x7fefc280000 end_va = 0x7fefc291fff monitored = 0 entry_point = 0x7fefc281060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 4495 start_va = 0x7fefc3b0000 end_va = 0x7fefc3b9fff monitored = 0 entry_point = 0x7fefc3b3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4496 start_va = 0x7fefc3c0000 end_va = 0x7fefc3ccfff monitored = 0 entry_point = 0x7fefc3c1348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 4497 start_va = 0x7fefc4b0000 end_va = 0x7fefc4f6fff monitored = 0 entry_point = 0x7fefc4b1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4498 start_va = 0x7fefc7b0000 end_va = 0x7fefc7c7fff monitored = 0 entry_point = 0x7fefc7b3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4499 start_va = 0x7fefc920000 end_va = 0x7fefc941fff monitored = 0 entry_point = 0x7fefc925d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4500 start_va = 0x7fefc9a0000 end_va = 0x7fefc9cefff monitored = 0 entry_point = 0x7fefc9a1064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 4501 start_va = 0x7fefc9e0000 end_va = 0x7fefca4cfff monitored = 0 entry_point = 0x7fefc9e1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 4502 start_va = 0x7fefcd50000 end_va = 0x7fefcd5afff monitored = 0 entry_point = 0x7fefcd51030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4503 start_va = 0x7fefcd80000 end_va = 0x7fefcda4fff monitored = 0 entry_point = 0x7fefcd89658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4504 start_va = 0x7fefcdb0000 end_va = 0x7fefcdbefff monitored = 0 entry_point = 0x7fefcdb1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4505 start_va = 0x7fefce60000 end_va = 0x7fefce9cfff monitored = 0 entry_point = 0x7fefce618f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4506 start_va = 0x7fefcea0000 end_va = 0x7fefceb3fff monitored = 0 entry_point = 0x7fefcea10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4507 start_va = 0x7fefcec0000 end_va = 0x7fefcecefff monitored = 0 entry_point = 0x7fefcec19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4508 start_va = 0x7fefcf60000 end_va = 0x7fefcf6efff monitored = 0 entry_point = 0x7fefcf61020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4509 start_va = 0x7fefcf70000 end_va = 0x7fefd0dcfff monitored = 0 entry_point = 0x7fefcf710b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4510 start_va = 0x7fefd180000 end_va = 0x7fefd1b5fff monitored = 0 entry_point = 0x7fefd181474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4511 start_va = 0x7fefd1c0000 end_va = 0x7fefd22bfff monitored = 0 entry_point = 0x7fefd1c2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4512 start_va = 0x7fefd230000 end_va = 0x7fefd26afff monitored = 0 entry_point = 0x7fefd231324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 4513 start_va = 0x7fefd270000 end_va = 0x7fefd289fff monitored = 0 entry_point = 0x7fefd271558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4514 start_va = 0x7fefd310000 end_va = 0x7fefe097fff monitored = 0 entry_point = 0x7fefd38cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4515 start_va = 0x7fefe1d0000 end_va = 0x7fefe2aafff monitored = 0 entry_point = 0x7fefe1f0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4516 start_va = 0x7fefe2d0000 end_va = 0x7fefe2d7fff monitored = 0 entry_point = 0x7fefe2d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4517 start_va = 0x7fefe2e0000 end_va = 0x7fefe331fff monitored = 0 entry_point = 0x7fefe2e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4518 start_va = 0x7fefe4c0000 end_va = 0x7fefe5ecfff monitored = 0 entry_point = 0x7fefe50ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4519 start_va = 0x7fefe5f0000 end_va = 0x7fefe6c6fff monitored = 0 entry_point = 0x7fefe5f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4520 start_va = 0x7fefe770000 end_va = 0x7fefe7d6fff monitored = 0 entry_point = 0x7fefe77b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4521 start_va = 0x7fefe7e0000 end_va = 0x7fefe8a8fff monitored = 0 entry_point = 0x7fefe85a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4522 start_va = 0x7fefe8b0000 end_va = 0x7fefea86fff monitored = 0 entry_point = 0x7fefe8b1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 4523 start_va = 0x7fefea90000 end_va = 0x7fefeabdfff monitored = 0 entry_point = 0x7fefea91010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4524 start_va = 0x7fefeac0000 end_va = 0x7fefeb30fff monitored = 0 entry_point = 0x7fefead1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4525 start_va = 0x7fefeb40000 end_va = 0x7fefeb5efff monitored = 0 entry_point = 0x7fefeb460e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4526 start_va = 0x7fefeb60000 end_va = 0x7fefebacfff monitored = 0 entry_point = 0x7fefeb61070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4527 start_va = 0x7fefebb0000 end_va = 0x7fefebbdfff monitored = 0 entry_point = 0x7fefebb1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4528 start_va = 0x7fefee20000 end_va = 0x7fefef28fff monitored = 0 entry_point = 0x7fefee21064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4529 start_va = 0x7fefef30000 end_va = 0x7feff132fff monitored = 0 entry_point = 0x7fefef53330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4530 start_va = 0x7feff140000 end_va = 0x7feff1defff monitored = 0 entry_point = 0x7feff1425a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4531 start_va = 0x7feff1e0000 end_va = 0x7feff278fff monitored = 0 entry_point = 0x7feff1e1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4532 start_va = 0x7feff290000 end_va = 0x7feff290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4533 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 4534 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 4535 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 4536 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 4537 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4538 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4539 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4540 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4541 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4542 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4543 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4544 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4545 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4546 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 4547 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4548 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 4549 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4550 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4551 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4575 start_va = 0xe50000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 4576 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Thread: id = 168 os_tid = 0xcd0 Thread: id = 169 os_tid = 0x6a0 Thread: id = 170 os_tid = 0x5f0 Thread: id = 171 os_tid = 0x2fc Thread: id = 172 os_tid = 0x114 Thread: id = 173 os_tid = 0x3e0 Thread: id = 174 os_tid = 0x3dc Thread: id = 175 os_tid = 0x3d4 Thread: id = 176 os_tid = 0x3d0 Thread: id = 177 os_tid = 0x3c0 Thread: id = 178 os_tid = 0x3bc Thread: id = 179 os_tid = 0x388 Thread: id = 180 os_tid = 0x374 Thread: id = 181 os_tid = 0x370 Thread: id = 182 os_tid = 0x340 Thread: id = 183 os_tid = 0x330 Thread: id = 185 os_tid = 0xea0 Thread: id = 193 os_tid = 0x9c8 Thread: id = 196 os_tid = 0xa40 Process: id = "9" image_name = "acrobat.exe" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe" page_root = "0x10516000" os_pid = "0x754" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x6cc" cmd_line = "\"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f79d" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4687 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4688 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4689 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4690 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 4691 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 4692 start_va = 0x130000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 4693 start_va = 0x380000 end_va = 0x38bfff monitored = 1 entry_point = 0x387286 region_type = mapped_file name = "acrobat.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe") Region: id = 4694 start_va = 0x390000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 4695 start_va = 0x77400000 end_va = 0x775a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4696 start_va = 0x775e0000 end_va = 0x7775ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4697 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 4698 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 4699 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 4700 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 4701 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4702 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4703 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4840 start_va = 0x170000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 4841 start_va = 0x73d60000 end_va = 0x73d9efff monitored = 0 entry_point = 0x73d8e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4842 start_va = 0x73d00000 end_va = 0x73d5bfff monitored = 0 entry_point = 0x73d3f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4843 start_va = 0x73cf0000 end_va = 0x73cf7fff monitored = 0 entry_point = 0x73cf20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4844 start_va = 0x771e0000 end_va = 0x772fefff monitored = 0 entry_point = 0x771f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4845 start_va = 0x76340000 end_va = 0x7644ffff monitored = 0 entry_point = 0x76353283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4846 start_va = 0x771e0000 end_va = 0x772fefff monitored = 0 entry_point = 0x771f5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4847 start_va = 0x771e0000 end_va = 0x772fefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000771e0000" filename = "" Region: id = 4848 start_va = 0x77300000 end_va = 0x773f9fff monitored = 0 entry_point = 0x7731a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4849 start_va = 0x77300000 end_va = 0x773f9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077300000" filename = "" Region: id = 4850 start_va = 0x490000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 4851 start_va = 0x73c90000 end_va = 0x73cd9fff monitored = 1 entry_point = 0x73c92e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 4852 start_va = 0x76340000 end_va = 0x7644ffff monitored = 0 entry_point = 0x76353283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4853 start_va = 0x762a0000 end_va = 0x762e6fff monitored = 0 entry_point = 0x762a74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4854 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4855 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4856 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4857 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4858 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4859 start_va = 0x640000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 4860 start_va = 0xe0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 4861 start_va = 0x75bc0000 end_va = 0x75c5ffff monitored = 0 entry_point = 0x75bd49e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4862 start_va = 0x75220000 end_va = 0x752cbfff monitored = 0 entry_point = 0x7522a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4863 start_va = 0x75600000 end_va = 0x75618fff monitored = 0 entry_point = 0x75604975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4864 start_va = 0x75a30000 end_va = 0x75b1ffff monitored = 0 entry_point = 0x75a40569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4865 start_va = 0x75130000 end_va = 0x7518ffff monitored = 0 entry_point = 0x7514a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4866 start_va = 0x75120000 end_va = 0x7512bfff monitored = 0 entry_point = 0x751210e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4867 start_va = 0x2a0000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4868 start_va = 0x73c00000 end_va = 0x73c8cfff monitored = 1 entry_point = 0x73c12860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 4869 start_va = 0x73bf0000 end_va = 0x73bf2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4870 start_va = 0x75560000 end_va = 0x755b6fff monitored = 0 entry_point = 0x75579ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 4871 start_va = 0x75f10000 end_va = 0x75f9ffff monitored = 0 entry_point = 0x75f26343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4872 start_va = 0x76000000 end_va = 0x760fffff monitored = 0 entry_point = 0x7601b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4873 start_va = 0x75210000 end_va = 0x75219fff monitored = 0 entry_point = 0x752136a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4874 start_va = 0x75b20000 end_va = 0x75bbcfff monitored = 0 entry_point = 0x75b53fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4875 start_va = 0x170000 end_va = 0x18dfff monitored = 0 entry_point = 0x18158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4876 start_va = 0x220000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4877 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 4878 start_va = 0x170000 end_va = 0x18dfff monitored = 0 entry_point = 0x18158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4879 start_va = 0x75fa0000 end_va = 0x75ffffff monitored = 0 entry_point = 0x75fb158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4880 start_va = 0x75e40000 end_va = 0x75f0bfff monitored = 0 entry_point = 0x75e4168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4881 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 4882 start_va = 0xa80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 4883 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4884 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 4885 start_va = 0xf0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 4886 start_va = 0x170000 end_va = 0x17afff monitored = 1 entry_point = 0x177286 region_type = mapped_file name = "acrobat.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe") Region: id = 4887 start_va = 0x170000 end_va = 0x17afff monitored = 1 entry_point = 0x177286 region_type = mapped_file name = "acrobat.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe") Region: id = 4888 start_va = 0x75100000 end_va = 0x75108fff monitored = 0 entry_point = 0x75101220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 4889 start_va = 0x74950000 end_va = 0x750fefff monitored = 1 entry_point = 0x7496d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4890 start_va = 0x741a0000 end_va = 0x7494efff monitored = 1 entry_point = 0x741bd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4891 start_va = 0x74950000 end_va = 0x750fefff monitored = 1 entry_point = 0x7496d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4892 start_va = 0x74930000 end_va = 0x74943fff monitored = 0 entry_point = 0x7493ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 4893 start_va = 0x74880000 end_va = 0x7492afff monitored = 0 entry_point = 0x74915f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 4894 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 4895 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 4896 start_va = 0x190000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 4897 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4898 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 4899 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 4900 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 4901 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 4902 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 4903 start_va = 0x1e80000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4904 start_va = 0x640000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 4905 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 4906 start_va = 0x2a0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4907 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 4908 start_va = 0x2090000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 4909 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 4910 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 4911 start_va = 0x2190000 end_va = 0x418ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 4912 start_va = 0x490000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 4913 start_va = 0x540000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4914 start_va = 0x1f60000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 4915 start_va = 0x2010000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 4916 start_va = 0x41b0000 end_va = 0x42affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041b0000" filename = "" Region: id = 4917 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 4918 start_va = 0x1ea0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 4919 start_va = 0x42d0000 end_va = 0x43cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 4920 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 4921 start_va = 0x43d0000 end_va = 0x469efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4922 start_va = 0x727e0000 end_va = 0x73beafff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 4923 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 4924 start_va = 0x75840000 end_va = 0x7599bfff monitored = 0 entry_point = 0x7588ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 4925 start_va = 0x74870000 end_va = 0x74872fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 4926 start_va = 0x747e0000 end_va = 0x74868fff monitored = 1 entry_point = 0x747e1130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 4927 start_va = 0x759a0000 end_va = 0x75a2efff monitored = 0 entry_point = 0x759a3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 4928 start_va = 0x210000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 4929 start_va = 0x71d80000 end_va = 0x727d4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 4930 start_va = 0x747b0000 end_va = 0x747d7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Confe64a9051#\\1561b93d6d25c4a9c3e2659ab29a5e73\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.confe64a9051#\\1561b93d6d25c4a9c3e2659ab29a5e73\\system.configuration.install.ni.dll") Region: id = 4931 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4932 start_va = 0x46a0000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 4933 start_va = 0x2e0000 end_va = 0x2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 4934 start_va = 0x74790000 end_va = 0x747a2fff monitored = 1 entry_point = 0x7479d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 4935 start_va = 0x4780000 end_va = 0x4a51fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 4936 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 4937 start_va = 0x73f70000 end_va = 0x74787fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 4938 start_va = 0x73e60000 end_va = 0x73f64fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 4939 start_va = 0x71600000 end_va = 0x71d73fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 4940 start_va = 0x76550000 end_va = 0x77199fff monitored = 0 entry_point = 0x765d1601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 4941 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 4942 start_va = 0x73e50000 end_va = 0x73e5afff monitored = 0 entry_point = 0x73e51992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 4943 start_va = 0x73e30000 end_va = 0x73e46fff monitored = 0 entry_point = 0x73e335fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 4944 start_va = 0x73e10000 end_va = 0x73e26fff monitored = 0 entry_point = 0x73e13573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 4945 start_va = 0x310000 end_va = 0x34bfff monitored = 0 entry_point = 0x31128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4946 start_va = 0x310000 end_va = 0x34bfff monitored = 0 entry_point = 0x31128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4947 start_va = 0x310000 end_va = 0x34bfff monitored = 0 entry_point = 0x31128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4948 start_va = 0x310000 end_va = 0x34bfff monitored = 0 entry_point = 0x31128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4949 start_va = 0x310000 end_va = 0x34bfff monitored = 0 entry_point = 0x31128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4950 start_va = 0x73dd0000 end_va = 0x73e0afff monitored = 0 entry_point = 0x73dd128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Thread: id = 202 os_tid = 0x758 [0281.011] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0281.718] EtwEventRegister () returned 0x0 [0281.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x48eb68 | out: phkResult=0x48eb68*=0x0) returned 0x2 [0281.757] RegCloseKey (hKey=0x80000002) returned 0x0 [0281.762] GetConsoleOutputCP () returned 0x1b5 [0281.922] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0281.923] WriteFile (in: hFile=0x7, lpBuffer=0x48f2d0*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0x48f2d4, lpOverlapped=0x0 | out: lpBuffer=0x48f2d0*, lpNumberOfBytesWritten=0x48f2d4*=0x0, lpOverlapped=0x0) returned 1 [0281.924] GetFileType (hFile=0x7) returned 0x2 [0281.928] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x48f2b0, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f2b0*=0x84, lpOverlapped=0x0) returned 1 [0282.321] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", nBufferLength=0x105, lpBuffer=0x48eb98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", lpFilePart=0x0) returned 0x3d [0282.632] GetCurrentProcess () returned 0xffffffff [0282.632] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48eed0 | out: TokenHandle=0x48eed0*=0x1ec) returned 1 [0282.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x48e988, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0282.641] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x48eec8 | out: lpFileInformation=0x48eec8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0282.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x48e954, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0282.645] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x48eed0 | out: lpFileInformation=0x48eed0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0282.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x48e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0282.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x48ee08) returned 1 [0282.649] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0 [0282.649] GetFileType (hFile=0x1f0) returned 0x1 [0282.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x48ee04) returned 1 [0282.649] GetFileType (hFile=0x1f0) returned 0x1 [0282.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x48e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0282.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x48e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0282.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x48e3e4) returned 1 [0282.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x48e6a8 | out: lpFileInformation=0x48e6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0282.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x48e3e0) returned 1 [0282.875] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x48e574 | out: pfEnabled=0x48e574) returned 0x0 [0282.954] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x48eec4 | out: lpFileSizeHigh=0x48eec4*=0x0) returned 0x8c8e [0282.955] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48ee80, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48ee80*=0x1000, lpOverlapped=0x0) returned 1 [0282.972] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48ed30, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48ed30*=0x1000, lpOverlapped=0x0) returned 1 [0282.974] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48ebe4, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48ebe4*=0x1000, lpOverlapped=0x0) returned 1 [0282.975] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48ebe4, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48ebe4*=0x1000, lpOverlapped=0x0) returned 1 [0282.976] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48ebe4, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48ebe4*=0x1000, lpOverlapped=0x0) returned 1 [0282.977] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48eb1c, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48eb1c*=0x1000, lpOverlapped=0x0) returned 1 [0282.984] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48ec88, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48ec88*=0x1000, lpOverlapped=0x0) returned 1 [0282.986] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48eb7c, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48eb7c*=0x1000, lpOverlapped=0x0) returned 1 [0282.986] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48eb7c, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48eb7c*=0xc8e, lpOverlapped=0x0) returned 1 [0282.987] ReadFile (in: hFile=0x1f0, lpBuffer=0x21c3500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x48ec40, lpOverlapped=0x0 | out: lpBuffer=0x21c3500*, lpNumberOfBytesRead=0x48ec40*=0x0, lpOverlapped=0x0) returned 1 [0282.987] CloseHandle (hObject=0x1f0) returned 1 [0282.987] CloseHandle (hObject=0x1ec) returned 1 [0282.988] GetCurrentProcess () returned 0xffffffff [0282.989] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48f01c | out: TokenHandle=0x48f01c*=0x1ec) returned 1 [0282.989] CloseHandle (hObject=0x1ec) returned 1 [0282.989] GetCurrentProcess () returned 0xffffffff [0282.990] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48f01c | out: TokenHandle=0x48f01c*=0x1ec) returned 1 [0282.990] CloseHandle (hObject=0x1ec) returned 1 [0282.998] GetCurrentProcess () returned 0xffffffff [0282.998] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48eed0 | out: TokenHandle=0x48eed0*=0x1ec) returned 1 [0282.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x48eec8 | out: lpFileInformation=0x48eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.999] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", nBufferLength=0x105, lpBuffer=0x48e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", lpFilePart=0x0) returned 0x3d [0282.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x48eed0 | out: lpFileInformation=0x48eed0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0283.000] CloseHandle (hObject=0x1ec) returned 1 [0283.000] GetCurrentProcess () returned 0xffffffff [0283.000] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48f01c | out: TokenHandle=0x48f01c*=0x1ec) returned 1 [0283.001] CloseHandle (hObject=0x1ec) returned 1 [0283.002] GetCurrentProcess () returned 0xffffffff [0283.002] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48f01c | out: TokenHandle=0x48f01c*=0x1ec) returned 1 [0283.003] CloseHandle (hObject=0x1ec) returned 1 [0283.062] GetCurrentProcess () returned 0xffffffff [0283.063] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48ee34 | out: TokenHandle=0x48ee34*=0x1ec) returned 1 [0283.156] CloseHandle (hObject=0x1ec) returned 1 [0283.157] GetCurrentProcess () returned 0xffffffff [0283.157] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x48ee4c | out: TokenHandle=0x48ee4c*=0x1ec) returned 1 [0283.159] CloseHandle (hObject=0x1ec) returned 1 [0283.204] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x100, lpOverlapped=0x0) returned 1 [0283.206] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x100, lpOverlapped=0x0) returned 1 [0283.209] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x100, lpOverlapped=0x0) returned 1 [0283.211] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x100, lpOverlapped=0x0) returned 1 [0283.220] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x100, lpOverlapped=0x0) returned 1 [0283.223] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x100, lpOverlapped=0x0) returned 1 [0283.227] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x100, lpOverlapped=0x0) returned 1 [0283.230] WriteFile (in: hFile=0x7, lpBuffer=0x2198be4*, nNumberOfBytesToWrite=0x5d, lpNumberOfBytesWritten=0x48f1e8, lpOverlapped=0x0 | out: lpBuffer=0x2198be4*, lpNumberOfBytesWritten=0x48f1e8*=0x5d, lpOverlapped=0x0) returned 1 [0283.235] CoGetContextToken (in: pToken=0x48fc10 | out: pToken=0x48fc10) returned 0x0 [0283.235] CObjectContext::QueryInterface () returned 0x0 [0283.235] CObjectContext::GetCurrentThreadType () returned 0x0 [0283.235] Release () returned 0x0 [0283.237] CoGetContextToken (in: pToken=0x48f91c | out: pToken=0x48f91c) returned 0x0 [0283.237] CObjectContext::QueryInterface () returned 0x0 [0283.237] CObjectContext::GetCurrentThreadType () returned 0x0 [0283.237] Release () returned 0x0 [0283.240] CoGetContextToken (in: pToken=0x48f91c | out: pToken=0x48f91c) returned 0x0 [0283.240] CObjectContext::QueryInterface () returned 0x0 [0283.240] CObjectContext::GetCurrentThreadType () returned 0x0 [0283.240] Release () returned 0x0 [0283.247] CoGetContextToken (in: pToken=0x48f91c | out: pToken=0x48f91c) returned 0x0 [0283.247] CObjectContext::QueryInterface () returned 0x0 [0283.247] CObjectContext::GetCurrentThreadType () returned 0x0 [0283.247] Release () returned 0x0 [0283.248] CoGetContextToken (in: pToken=0x48f93c | out: pToken=0x48f93c) returned 0x0 [0283.249] CObjectContext::QueryInterface () returned 0x0 [0283.249] CObjectContext::GetCurrentThreadType () returned 0x0 [0283.249] Release () returned 0x0 [0283.250] CoUninitialize () Thread: id = 203 os_tid = 0x7ac Thread: id = 204 os_tid = 0x7cc [0281.016] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0283.240] EtwEventUnregister () returned 0x0 [0283.245] CloseHandle (hObject=0x48) returned 1 [0283.246] UnmapViewOfFile (lpBaseAddress=0x2e0000) returned 1 Thread: id = 205 os_tid = 0x7d0